The Standout Cybersecurity Stats You Need to Know

Find Part 1 of this blog, "Trends in Cybersecurity Breaches," here. The complete blog was originally posted by Alert Logic on July 7, 2022.

Written by Antonio Sanchez.

How rampant is cybercrime today? The prevalence of cybercrime is enormous. More than one-third of organizations have experienced an uptick in cyberattacks over 2021. The retail sector loses $38,052 every minute from cybercrime, while healthcare organizations spend $13 a minute on data breaches.

What about patterns for attacks, sensitive data breaches, and information security concerns? They have a lot to teach us about the forces arrayed against you.

Phishing

• The number of phishing attacks has tripled compared to 2020 (APWG).
• The most common topics for a phishing attack are related to business, such as purchase orders, invoices, and shared files (KnowBe4).
• Attackers are most likely to phish for credentials – 57% compared to 12% for malware delivery (Cofense).

Remote Access

• 50% of breaches are due to insecure remote access and web applications (Verizon).
• Since the pandemic began, 20% of business leaders have borne the effects of a data breach caused by a remote worker (Malwarebytes Labs).
• 26% of security professionals don’t have an automated tool to spot and stop endpoint attacks (Check Point).

Ransomware

• Ransomware attacks increased by 13% this year, more than the last five years combined (Verizon).
• The average payment from significant ransomware attacks grew fivefold to over $812,000 from 2020 to 2021. Meanwhile, there was a threefold increase in organizations paying more than $1 million for a single ransom (Sophos).
• Global ransomware damage costs are predicted to grow to $256 billion annually by 2031, based on 30% yearly growth (Cybersecurity Ventures).

DDoS

• Q1 2022 witnessed more application-layer attacks than any other period in the preceding 12 months (Cloudflare).
• DDoS interruption costs U.S. companies $218,000 on average, before we factor ransomware demands (Corero).
• One of the longest DDoS attacks early in 2022 lasted for an incredible 549 hours (Kaspersky).

What’s Behind the Numbers?

Gathering these cybersecurity stats is one thing; digging past them is quite another. We must try to understand trends to stay a few steps ahead of anyone looking to harm you.

Ransomware: Payouts are getting more substantial

On April 29, 2021, cybercriminals pierced the network of the U.S.’ largest fuel pipeline. A single password leaked on the dark web; that’s all it took to bring down Colonial Pipeline, a company that had been on top of its sector for 57 years. A week later, a note appeared on a screen, demanding cryptocurrency. The hackers held the whole East Coast hostage. Colonial had no choice but to shut off the gas.

The eventual cost of the hack? $4.4 million. Not only was the gas supply plugged, but 100 gigabytes of sensitive data were on the line. Colonial couldn’t risk it all. And when we gaze from this case to other front-page cybersecurity breaches, there’s no wonder ransomware is on the rise. It’s effective. It inspires assaults on even grander scales.

IoT devices are spreading

Smartphones and laptops are merely the core of connectivity for a modern organization. Tablets, trackers, sensors, wearables, and autonomous equipment are broadening the reach and complexity of data transfer, helping the Internet of Things meet its potential. But just as the cloud itself carries more security pressures, so do IoT devices make the business of policing your network that much harder. You may not know how users interact with their devices, and how behaviors from one may impact another in myriad ways.

According to IoT Analytics’ Spring 2022 report, global IoT connections expanded by 8% in the last 12 months, totaling 12.2 billion active endpoints. Hackers are well aware of it. Anything that uses an app – from connected printers to coffee machines – is vulnerable to attack. When we consider the evolving insidiousness of cybercrime, we must think beyond common screens and smart devices.

Social media phishing is getting worse

While “spear phishing” and “whaling” are well-circulated terms in cybersecurity, scammers are more focused on using social media to collect sensitive data. They can set up a clone account for a real company and hide a malicious link on a webpage. Or imitate a recruiter on LinkedIn, tempting a victim with an unmissable role.

It’s easy to feel overwhelmed by the breadth of cybercrime. Yet with advanced threat detection and a white-glove MDR service, you’ll cut past the fear, straight to the best protection you can find.

About the Author

Antonio Sanchez serves on the Product Marketing team at Alert Logic by HelpSystems. He has over 20 years of experience in the IT industry focusing on cyber security, information management, and disaster recovery solutions to help organizations of all sizes manage threats and improve their security posture. Antonio is a Certified Information Systems Security Professional (CISSP) and has held various leadership roles at Symantec, Forcepoint, and Dell.