Nightmare on cyber street: stats that will send shivers down your spine
Cybercrime is a global threat that continues to rise in scale and complexity, any business regardless of size is at risk. It is a case of when, not if, a business will be attacked. The UK Government Cyber Security Breaches Survey 2023 reported that 59% of medium sized businesses1 logged a breach or attack in the last 12 months, and IBM Security today released its annual Cost of a Data Breach Report,2 which revealed that UK organisations pay an average of £3.4m for data breach incidents!
Data is the lifeblood of any organisation, and its importance has not gone unnoticed by cybercriminals who are keen to monetise this valuable commodity. Any business regardless of size or sector that stores financial or sensitive data is a potential target. According to recent research3, 34.5% of polled executives report that their organisations’ accounting and financial data was targeted by cyber adversaries. Within that group, 22% experienced at least one such cyber event and one in eight companies (12.5%) experienced more than one event.
In this blog we highlight some of the scariest security facts and suggest ways to help your customers mitigate threats, boost their resilience, and avoid becoming another statistic.
Endpoint Protection
The rise in hybrid working, with employees accessing corporate data from various devices and locations, has inevitably expanded the potential attack surface. Consequently, endpoint security has never been more vital.
According to a recent study by the Ponemon Institute, 63% of organisations surveyed4 said the most significant barrier to achieving a strong endpoint security posture is a lack of visibility of all end points. Whilst 44% cited the exploit of existing software vulnerability greater than 3 months old.
Software vulnerabilities posing the greatest concern was echoed in Bitdefender’s 2023 Cyber Security Assessment Report5, with 53% of respondents stating they are most concerned about software vulnerabilities and/or zero-days threats.
This finding also correlates with Bitdefender Labs’ research6 which has shown a marked increase in 2023 of cybercriminals exploiting known software vulnerabilities using proof of concept (PoC) attacks.
Endpoint protection ensures that all devices accessing a network are safeguarded against potential threats. There are different types of endpoint protection which in combination can be utilised to detect, block, and respond to malicious activities targeting corporate devices. If your customers do not have endpoint protection it is worth asking them, how do they:
- Prevent unauthorised access to their network?
- Secure sensitive data sufficiently to comply with the UK Data Protection Regulation?
- Detect and eliminate malware?
- Monitor their network and respond to incidents?
Email Protection
The ubiquitous use of email by organisations has not been overlooked by cybercriminals who continue to exploit it to distribute malware, phishing scams, and other malicious campaigns.
The volume of messages and the click-through rate on ‘suspicious messages’ is why email remains the number one threat vector. According to Barracuda, 90%7 of cyberattacks start with an email message that is usually designed to steal user credentials or infect the network with malware. Cybercriminals love email attacks because email attacks work.
The UK Government’s Cyber Security Breaches Survey 20238 revealed that 79% of organisations that suffered a breach or an attack in the past year said that it was caused by phishing.
Given the evolving threat landscape, email security, the umbrella term for the technologies used to secure the access and content of an email account or service, is crucial to prevent unauthorised access and data breaches. If your customer is wavering on whether they need email security find out how they:
Protect against unauthorised access, loss, or compromise of email systems?
Ensure the privacy and integrity of email messages?
Shielding both senders and receivers from malicious threats?
Backup and Disaster Recovery
Data underpins every decision, insight, and strategy that drives business opportunities and success. Given the critical role of data, it’s essential to protect it from the risks of accidental or malicious loss. However, that message doesn’t appear to be reaching all businesses.
Despite growing awareness and increasing threats, people’s backup habits remain a little lax. In a research survey conducted by Acronis9, only 10% of users back up daily, 15% of users back up once or twice a week, 34% of users back up monthly, while 41% of users rarely or never back up their data!
The same survey revealed that 72% of all users had to recover from backup at least once in the past year, and 33% more than once. This means that some of the users who choose not to back up have permanently lost their data.
In simple terms, backup is the process of creating a duplicate copy of your data to ensure that you have a reliable source for recovery in case of data loss or corruption. With backup protection, businesses can prepare for the unexpected and ensure they can recover quickly from any disruption to their operations. If your customer is doubting the benefits of backup, ask them:
What backup strategy do they have in place?
How often do they test their backups?
How long did it take to restore their test backup?
If your business critical data was unavailable how soon would your business operations be impacted?
Web and App Protection
Web protection plays a vital role in today’s interconnected landscape, serving as the first line of defence against a multitude of online threats. It acts as a digital barrier, ensuring that only safe and authorised content reaches the users on a company’s network.
The cyberthreat landscape is complex and cybercriminals continue to exploit any vulnerability to attack more organisations than ever before.
Is it any wonder that research by Acronis showed that malware (68%) and Ransomware (59%) are two of the top five cyberthreats10 keeping IT managers awake at night.
Should your customer be wondering about the importance of web protection find out:
How they protect against online threats, including malware, ransomware, and cryptojacking technologies?
Can they block access to malicious websites, inappropriate content and unproductive websites?
How do they currently identify, filter and block any malicious web traffic?
How do they protect their web apps and APIs?
Identity Management
Identity Management is the practice of making sure that only authenticated and authorised people can access specific resources such as applications, databases and networks. To achieve this requires the use of username-password combinations, biometric data, or other security measures.
A research paper from the SANS Software Security Institute11, showed that one of the most common vulnerabilities is password reuse.
Users are notorious for reusing passwords. Common passwords and credentials compromised by attackers in public breaches are used against corporate accounts to try to gain access. Considering findings from LastPass12 that 65% of people say they’ve had some cybersecurity education, yet 62% of people are still reusing passwords, this continues to be a successful strategy for many attackers.
A recent study revealed that 74%13 of all breaches include a human element, with people being involved either via error, privilege misuse, use of stolen credentials or social engineering. It’s clear that businesses who forsake strong password security are leaving themselves exposed and vulnerable to attack.
Weak identity management often leads to severe consequences for customers, yet it remains an ongoing problem. When speaking with customers ask how they are ensuring:
Only authenticated and authorised users can access sensitive business data.
The timely set up and removal of user access.
Protecting their financial and confidential data in compliance with the UK Data Protection Act.
Don’t Let Your Customers Become Just Another Scary Statistic
In the rapidly advancing digital age, cyber threats are more likely than ever. As incidents continue to increase in frequency, size and sophistication, it is vital that businesses get to grips with the cyber risks they are facing. The big questions they should be asking themselves is do we have the capability to detect and mitigate an attack, how costly will it be to remedy and is the business resilient enough to withstand the attack and resume operations.
If you’re not arming your customers with top-tier cyber security solutions, rest assured, your competitors are gearing up to.
But you don’t have to face this challenge alone. Partner with us, and we’ll equip you with the resources, unparalleled support, and expertise you need to enhance your security offerings.
Don’t wait for the inevitable. Contact us today and fast-track your business to success!