10 Facts About Cybersecurity That’ll Keep You Up at Night

Read on, if you dare, but these truths about cyberattacks and cyber security will keep you up at night.

1.  Mobile cyberattacks have increased 40% in the past year

One example of mobile cyberattacks?  Malware found in mobile apps.  While physical mobile devices, like the iPhone or Android, have been secured, apps are vulnerable.  When 68% of those who work in an office space bring their own mobile devices, this could cause company-wide problems if employees aren’t safe.  Mobile apps can be infected with malware or ransomware.  One kind of malware steals your Apple ID and password when downloaded.  Another locks your device until you pay a specific ransom demand.

There are three mobile threats to be aware of: rooters, downloaders, and fake apps.  Rooters request root access to a smartphone to gain control of the device.  They can then spy on users and steal their private information.  Downloaders use social engineering tactics.  This is essentially hacking without the use of code.  Downloaders will show full screen pop-up ads that are often linked to malicious sites.  This video demonstrates the use of social engineering tactics hackers use to access personal information.  With a phone call and an internet connection, the social engineering hacker uses vishing – or voice solicitation – to access someone’s personal email.  Fake apps are self-explanatory: fake apps in real-app costumes that expose the user to advertisements or other pop-ups.

2.  65% of the top 100 U.S. banks fail web security tests

The non-profit, Online Trust Alliance (OTA), conducted anonymous audits on banking websites and the findings weren’t pretty.  In order to “pass,” the sites had to score above an 80% or higher across consumer protection, security, and privacy.  Only 27% of the country’s 100 largest banks made the cut.  Most large banks had solid website security – but not email security or privacy.

3.  Globally, cyber attacks cost $400 billion per year

Ransomware attacks cost $1 billion, alone, in 2016…before the WannaCry and Petya/NotPetya ransomware attacks of 2017.  These ransomware attacks of 2017 cost $5 billion.  WannaCry infected 200,000 computer systems in 150 countries in one weekend.  The hackers demanded $300-$600 in Bitcoin, or cryptocurrency, from the victims for the return of their personal data.  The WannaCry attack used a Windows exploit to infect systems.  One of the biggest victims of the attack was Britain’s National Health System, which uses Windows.

In June, the NotPetya ransomware attack hit companies and government agencies across the US and Europe.  This ransomware exploits the MS17-010 vulnerability known as EternalBlue.  This exploit not only encrypts files, but also overwrites and encrypts the master boot record.  The master boot record (MBR) contains the executable code to function as a loader for the installed OS.  2,000 computers were affected in several countries.

4.  43% of cyberattacks target small business

And that percentage is growing.  The small business mindset is that of being “the little guy.”  Who would need anything from the little guy?  What could a hacker possibly need or use from a small business?  Frankly, anything; employee records, employee personal information, customer credit card or bank account information, company data…all of it is useful.  With the “the little guy” mindset, small businesses are not taking the proper precautions to secure their sensitive data.

5.  A hacker attacks every 39 seconds

This doesn’t include the amount of automatic, botnet malware attacks that occur around the world.  Botnets are robotic networks hackers use to control the malware-infected computers.  These hackers are often the authors and operators of this malware.  Botnets allow hackers to control a collection of infected computers rather than one at a time.  While hackers write malware to target specific audiences or businesses, botnet malware can affect home users just as well.  It’s important to stay protected at the office and at home for the sake of your personal information.

6.  The healthcare and financial industries have the most expensive data breaches

Healthcare has been the most expensive industry for data breaches as each stolen record costs $380, on average.  In the financial industry, each stolen record costs $141.  The top contributing factor to the high prices of data breaches is the involvement of third-party providers.

7.  Cybercrime will cost $2 trillion by 2019

Cybercriminals operate, relatively, the same way no matter where you are, regardless of this worldwide estimate.  Also, your business and your personal information are vulnerable no matter where you are…yikes!  Some cybercriminals work as lone-wolves, but this is less common today.  Most cybercriminals work within a group of other hackers.  The more people in the group, the more damage they can do as a team.  More damage done usually means more money made.  The more hackers out there means the number of cybercriminals is likely to increase.  They do their research and bide their time for a perfect strike – though, of course there are failures.

For instance, one hacker found the “self-destruct button” within the WannaCry ransomware.  He was able to return affected systems back to normal.  Even so, cybercrime will cost $2 trillion worldwide in 2019, making it still highly profitable for criminals and harder to prevent for users.

8.  60% of small business employees use the same password for every accessible account

All small business owners and employees should prepare when 43% of cyberattacks are directed at small businesses.  If you use the same password for all of your accounts, one cyberattack could take down almost all of your accounts.  We suggest using a password of 12-15 characters, complexity of alphabetical letters and symbols, and encourage the mixing of numbers, capital letters, and lowercase letters.

For example: “pAssW0rD15” is not a very secure password, though it looks complex.  Try creating a passphrase that only YOU would know.

Better example: “I’m from Kansas and I like chocolate pie” could turn into “-4mks&-LYKch0C0P1” – looks complex, but only YOU can translate it.

9.  59% of ex-employees admit to stealing confidential, company information

Insider threat is the leading attack against businesses, and one of the links to insider threat is that of ex-employees.  Out of this 59%, 53% downloaded information onto a CD or DVD, 42% onto a USB, and 38% sent attachments to a personal email.  Don’t worry – there are ways to prevent this kind of breach!  You can set administrative privileges to certain files to restrict them from some users.  Or you can create BYOD (Bring Your Own Device) regulations for all employees.  You can also conduct cyber security educations so that everyone is aware of the regulations in place.

10.  The Equifax breach affected 145 million people

The popular credit reporting agency, Equifax, experienced one of the largest data breaches in history.  The breach occurred earlier than September 7, 2017 – the date it was disclosed to the public.  Between mid-May and July, the security breach occurred.  However, Equifax didn’t find the breach until July 29, 2017.  This breach exposed the personal information of over 145 million Equifax customers.  Their social security numbers, credit card numbers, addresses, and birth dates were all made public.  Oftentimes, hackers work to steal this information and sell it on the Dark Web…Equifax did all the hard work for them.

 

If any of these facts freaked you out, contact us to protect your business and your customers!