As we are getting used to, cybersecurity threats are becoming a daily conflict for personal and business environments. If the statistics are analysed, the amount of breached systems and data related to businesses escalated dramatically over last years. This situation is directly related to the poor cybersecurity plans and measures undertaken by most of the companies. The first and one of the main topics to be taken care of, if the fight against this modern hazard is wanted to be won, is company culture. Nowadays, cybersecurity awareness and best practices need to be part of the corporate DNA. The best way to present this scenario is by displaying the recent Cybersecurity Indicators so that companies can take them into consideration when designing and implementing the upcoming year’s IT security plan.
Security breaches and GDPR
- Security breaches increased by 11% since 2018 and 67% since 2014.
- Registered data breaches made 4.1 billion records public by mid-2019.
- Over 1,000 sensitive files are accessible by every employee within 53% of companies.
- On average, just about 5% of enterprises’ folders are adequately protected.
- Finance (71%) and espionage (25%) are the main motivation for the breaches.
- 52% of the breaches involved hacking, 28% were related to malware and 32–33% used phishing and/or social engineering.
- 206 days has been the average time to identify a breach in 2019.
- More than $1 million has been spent by the 88% of companies on preparing for the GDPR.
- In the first year, GDPR fines went up to $63 million.
- The average cost of a data breach is $3.9 million as of 2019.
Business and social engineering
- Phishing and social engineering attacks impacted 62% of businesses during 2018.
- Cybersecurity culture is growing. 68% of business leaders perceive cybersecurity risks related to their companies are growing.
- Email is the main source of malware delivery (94%).
- Most of the malicious email attachments are Microsoft office files (48%).
- Principal malicious email attachment types are .doc and .dot which are around 37% followed by .exe by 19.5%.
- More than 400.000 machines in 150 countries were infected by the Wannacry ransomware in 2017, which cost over $4 billion.
- $133.000 is the average cost of a ransomware virus infection for impacted businesses.
- Cryptomining is the main motivation for remote code execution attacks (90%).
- Around 8% of web requests lead to malware.
- Around 60% of the malicious domains are related with spam campaigns.
- Malicious domains are usually of recent creation (detected around a week after its creation)
Here is a set of resources related to the topics exposed above. Those may be used to broaden the knowledge and develop a deeper understanding on the cyberthreats that society is currently facing: Accenture, Cisco, CSO Online, Cybint Solutions, GDPR.eu, IBM, RiskBased, SafeAtLast, Security Intelligence, Symantec, Technology Inquirer, Varonis, Verizon
Author: Ferran Cabré