Organizational cybersecurity has to be a priority for every business. These days, companies are getting hacked left and right and being exposed to some of the very worst malware ever created. Today, we will be taking a look at the current cybercrime statistics that will put in perspective just how damaging cybercrime is. Many companies have been easing up their cybersecurity spending, we hope this article shows why that may be a bad idea.
Current Cybercrime Statistics – Ransomware Attacks
The current cybercrime statistics are daunting, and we will start with a look at ransomware. Ransomware is the kind of malware attack where the malware locks down files or whole computing systems while the perpetrators demand payment to unencrypt them. Victims are given a deadline to pay the ransom by. If no payment is made, ransomware-encrypted files will be destroyed. Some of the worst ones include Cryptolocker, WannaCry, and Petya.
In 2019, we saw businesses fall victim to ransomware once every 15 seconds, to the tune of $11.5 billion in losses. 66 percent of companies that were affected by ransomware cited spam and phishing as the predominant manners of deployment. What’s remarkable is that nearly half of surveyed companies (48 percent) had been affected by ransomware in some way in 2017. If your data isn’t backed up, not only can you lose lots of money, but all of your important information.
Denial of Service Attacks
Denial of Service (DoS) attacks and their more popular cousin, the Distributed Denial of Service (DDoS) attacks are extremely common. In fact, they are the most common type of cyberattack. To carry out a DDoS attack hackers will use automated resources to flood a target with the aim to take them down. Today, with the amount of Internet of Things devices that are present, the DDoS attacker can gain access to these devices and have them all access the same webpage at once. The amount of traffic takes down the website.
March 5, 2018 saw the biggest DDoS attack in history, which was clocked at a whopping 1.7 TB/s; and, fortunately for the ISP that was being hacked, wasn’t successful at taking the company offline. The average cost of a DDoS attack averages between $20K-to-$40K per hour, or slightly less than what the average American worker makes per year. More than that, DDoS attacks cost UK businesses over £1 billion in 2019.
When you are a victim of a Man-in-the-Middle, the integrity of any communications you are having with another entity has been compromised. This means that any personal data, financial information, or business correspondence can be intercepted, redirected, or changed and sent through. The negative situations of this type of hack are about limitless; and, since the man-in-the-middle attacks are comparatively simple to conduct, more and more are taking place each day.
Most servers are still vulnerable to this kind of hack. In fact, as of 2016, 95 percent of HTTPS servers were still under threat from MitM attacks. The main reason they are deployed is to get personal or business information that isn’t readily available. This includes login credentials, bank transfer information, or payment card information.
Email Spam (Phishing)
Today, the biggest threat to any company is the phishing attack. A phishing attack is a form of social engineering where hackers create correspondence of some sort (email, instant messages, social media posts, etc.) with the aim of gaining access to secure computing systems through user manipulation. The phishing email has been around a long time, but today’s phishing methods are more thorough and targeted than ever before.
The current cybercrime statistics of phishing emails are eye-opening. 70 percent of governmental network breaches are the result of phishing. 93 percent of all social engineering attacks were phishing. 64 percent of all organizations have experienced some form of phishing attack in the past 12 months, including 82 percent of manufacturers. 21 percent of ransomware comes via phishing. What’s worse, 30 percent of phishing messages were opened in 2016.
SQL Injection Attack
A structured query language injection is an attack where malicious code is inserted into your SQL servers and gives the hacker the information hosted on your databases. This hack has been around for a long time, but now with new web-based applications that require database access, hackers have been reaching into their little bag of tricks and turning up valuable information.
Today, SQL injection accounts for 65 percent of all web application attacks.That means that if your business has a website (or an app) that draws information from a database (most do), a SQL injection hack can be devastating for you. Even gamers have to be careful as 12 billion of the 55 billion SQL injection hacks found by the security experts at Akamai targeted the gaming community.
After all these other attacks, you wouldn’t think that there would be time for these hackers to perpetrate more damage. You’re wrong. One of the worst, and most prevalent, attacks against businesses are malware attacks. Malware comes in many forms. Some include:
- Trojan horses – Code that hides inside other applications and gives hackers an “in” to a computing network
- Worms – Individual applications that propagate across computers and networks.
- Viruses – Infects applications with malicious code, stealing data, computing resources, and more.
- Spyware – A seemingly benign code, often attached to software to collect information about the user behavior on a machine or network.
This code gets onto your systems several ways. Malware can be deployed in a phishing message, but most times it is delivered through what are called droppers. Droppers are programs specifically designed to install viruses on computers. Since most droppers aren’t malicious themselves, cyber security protections don’t flag them as malicious.
Would you like to know more about current cybercrime statistics and how to protect your network and infrastructure from the millions of threats that are actively targeting your business? Call the IT professionals at Symmetric IT Group today at (813) 749-0895 and check out our information security page for more information.