Cybercrime is the greatest threat to every company in the world. And Most companies take nearly 6 months to detect a data breach, even major ones.
Businesses of all sizes, locations, and industries globally have been tormented by the financial, reputational, and regulatory consequences of cybercrime. We see a rise in organized cybercrime each year, such as the theft of intellectual property by nation-states.
Supply chain threats are also challenging organizations’ business networks, such as the SolarWinds breach in December 2020. Cyberattackers have shifted their attack tactics to exploit third and fourth-party supply chain environments to gain entry to organizations’ systems. Even large corporations with mature cybersecurity standards, frameworks, and regulations aren’t safe.
Attacks nowadays are more elaborate, targeted, advanced, and of a larger scale. Consequently, the impact is also more detrimental. Furthermore, cybercriminals are gaining so much control that they can sway organizations of all sizes and industries to give in to their financial demands. Here are some pretty scary cybersecurity statistics to chew on…
1. 95% of cybersecurity breaches are caused by human error. (Cybint)
Cyber-criminals and hackers will infiltrate your company through your weakest link, employees.
2. The worldwide information security market is forecast to reach 170.4 billion in 2022. (Gartner)
The global information security market is forecast to grow at a five-year CAGR (compound annual growth rate) of 8.5% to reach $170.4 billion in 2022. Technology product managers will see new spending driven by regulations and increased awareness as organizations’ needs evolve to address more complex threats.
3. Since COVID-19, the US FBI reported a 300% increase in reported cybercrimes. (Cybint)
As if a pandemic wasn’t scary enough, hackers leveraged the opportunity to attack vulnerable networks as office work moved to personal homes. As of last summer, they recorded 12,377 COVID related scams.
4. Data breaches exposed 36 billion records by the end of September 2020. (RiskBased)
2020 was already the “worst year on record” by the end of Q2 in terms of the total number of records exposed. The three months of Q3 added an additional 8.3 billion records to the count, bringing the number of records exposed through the end of September to a staggering 36 billion.
5. 64% of Americans don’t know what to do after a data breach. (Varonis)
The majority of Americans don’t know what to do if they are affected by a breach. Even worse, most have never checked to see if their data was compromised during one of the many major data breaches in recent years. Steps to take post- breach.
6. The average cost of a ransomware attack on businesses is $233,217. (Coveware)
Malware statistics from the third quarter of 2020 show that the average ransom payment was $233,817. This marks a 31% increase from the second quarter and a 47.8% increase from the first quarter of 2020.
For comparison, the average payment in the third quarter of 2019 was $41,198, which means that its value has gone up 467.5% year-over-year!
7. The average downtime due to a ransomware attack is 19 days. (Coveware)
It’s not just the average ransom payment that increased over the past year, the average downtime caused by ransomware attacks also saw a significant rise. In the third quarter of 2020, the downtime was 19 days, up 19.2% from 16 days in the second quarter.
In the third quarter of 2019, the average downtime was 12.1 days, which is an annual increase of 57%.
8. Cybersecurity insurance pays the ransom 94% of the time. (Sophos)
Cybersecurity insurance is now the norm, with 84% of organizations reporting that they have it. However, only 64% of organizations have policies that cover ransomware incidents, meaning that the other 20%, or 1 in 5 businesses, aren’t protected in a ransomware attack. 94% of organizations that paid the ransomware state that cybersecurity insurance covered the cost.
9. The average time to identify a breach in 2020 was 207 days. (IBM)
The average time to identify and contain a breach varied depending on industry, geography, and security maturity. While the lifecycle of a breach averaged 329 days in the healthcare sector, the average lifecycle was 233 days in the financial sector.
10. 94% of malware is delivered by email. (CSO Online)
Almost all malware arrived on computers via email with phishing being the number one type of social engineering attack, accounting for more than 80 percent of reported incidents.
Data breaches affecting millions of users are far too common. Here are some of the biggest, baddest breaches in recent memory.
1. Colonial Pipeline Hack, May 2020 (Colonial Pipeline)
On Friday, May 7th, 2020 in an effort to contain the breach, Colonial Pipeline system shut down 5,500 miles of pipeline on the East Coast, which it says carries 45% of the East Coast’s fuel supplies and carries more than 100 million gallons of fuel per day from Texas up the East Coast to New York.
2. Microsoft Exchange 2020, 4 ‘zero-day’ vulnerabilities compromised hundreds of thousands of servers globally. (Microsoft)
A sophisticated attack on Microsoft’s Exchange Server, an enterprise email server built by the software giant, has become a worldwide cybersecurity crisis, as hackers race to infect as many victims as possible before companies can patch and secure their computer systems.
2. In 2017, 147.9 million consumers were affected by the Equifax Breach. (Equifax)
Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017. The information accessed primarily includes names, Social Security numbers, birth dates, addresses, and in some instances, driver's license numbers.
In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.
The Equifax breach cost the company over $4 billion in total.
3. SUNBURST Malware and SolarWinds Supply Chain Breach in 2020. (SolarWinds)
The US Government and thousands of public and private sector organizations around the world had their networks and data systems breached in a massive attack believed to be conducted by a Russian intelligence group calling itself Cozy Bear.
SolarWinds said that of its 300,000 customers, 33,000 use Orion. Of these, around 18,000 government and private users downloaded compromised versions.
4. In 2020, Marriott disclosed a security breach impacted data of more than 5.2 million hotel guests. (Marriott)
Hotels operated and franchised under Marriott’s brands use an application to help provide services to guests at hotels. At the end of February 2020, the company identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. The company believes that this activity started in mid-January 2020.
5. In 2016, Uber reported that hackers stole the information of over 57 million riders and drivers. (Uber)
The company concealed the breach for over a year. Uber tried to pay off hackers in the amount of $100,000 to delete the stolen data and keep the breach quiet.
6. In 2013, the Adobe breach impacted at least 38 million users. (KrebsonSecurity)
The company said hackers accessed 38 million customer credit card records and stole login data for an undetermined number of Adobe user accounts.
7. In one of the biggest breaches of all time, 3 billion Yahoo accounts were hacked in 2013. (New York Times)
The hackers obtained the names, birthdates, phone numbers, and passwords of users. Also obtained were the security questions and backup email addresses used to reset lost passwords.
8. In 2018, Under Armour reported that its “My Fitness Pal” was hacked, affecting 150 million users. (Under Armour)
On March 25, the MyFitnessPal team became aware that an unauthorized party acquired data associated with MyFitnessPal user accounts in late February 2018. The company quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the incident.
The investigation indicates that the affected information included usernames, email addresses, and passwords. The affected data did not include government-issued identifiers (such as Social Security numbers and driver's license numbers). Payment card data was also not affected because it is collected and processed separately.
9. In 2013, up to 40 million consumers were affected by the Target hack. (Target)
Retail giant Target experienced unauthorized access to payment card data in U.S. Target stores between Nov. 27 and Dec. 15, 2013. It was also determined that certain guest information, including names, mailing addresses, phone numbers, and email addresses were also taken.
Target paid $18.5 million to settle claims by 47 states and the District of Columbia and resolve the multi-state investigation.
10. The 2012 LinkedIn Breach released more than 100 Million emails and passwords for sale on the Dark Web. (LinkedIn)
The original number released was around 6.5 million account credentials, however, in May of 2016, it was discovered to be far higher at 117 million LinkedIn members' credentials for sale on the Dark Web.
Organizations that handle valuable customer data need to secure their networks and update their systems regularly.
Recent ransomware attacks and data breaches show us that hackers aren’t going anywhere. What’s more, they won’t hesitate to take advantage of any difficult situation, even if it’s a global pandemic that affects us all. Organizations must arm their systems with the right tools to counter any possible attacks.
Teknologize is a SOC 2 certified, Professional Technology Services company with clients throughout the Pacific Northwest. We have offices located in:
Questions about your IT or Cybersecurity? Give us a call today!
Byron Martin: Apr 9, 2024
At Teknologize, we continually invest in security best practices to ensure that our client’s data stays safe and secure. As a part of an ongoing...
Byron Martin: Apr 3, 2024
If you’re hoping to cut costs and boost profitability without compromising productivity or efficiency, assessing the technology you use in day-to-day...
Byron Martin: Mar 18, 2024
Tax season is around the corner, which means so are tax scams. Without fail, every year, individuals and business owners alike fall victim to tax...
Byron Martin