Archive

April 2019

Browsing

Cybersecurity issues are becoming a day-to-day struggle for businesses. Trends show a huge increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT devices.

Additionally, recent research suggests that most companies have unprotected data and poor cybersecurity practices in place, making them vulnerable to data loss.

We’ve compiled 60 cybersecurity statistics to give you a better idea of the current state of overall security, and paint a picture of how potentially dire leaving your company unsecure can be.

Data Breaches by the Numbers

The increasing amount of large-scale, well-publicized breaches suggests that not only are the number of security breaches going up — they’re increasing in severity, as well.

  1. In 2016, 3 billion Yahoo accounts were hacked in one of the biggest breaches of all time. (Oath.com)
  2. In 2016, Uber reported that hackers stole the information of over 57 million riders and drivers. (Uber)
  3. In 2017, 412 million user accounts were stolen from Friendfinder’s sites. (LeakedSource)
  4. In 2017, 147.9 million consumers were affected by the Equifax Breach. (Equifax)
  5. According to 2017 statistics, there are over 130 large-scale, targeted breaches in the U.S. per year, and that number is growing by 27 percent per year. (Accenture)
  6. Thirty-one percent of organizations have experienced cyber attacks on operational technology infrastructure. (Cisco)
  7. 100,000 groups in at least 150 countries and more than 400,000 machines were infected by the Wannacry virus in 2017, at a total cost of around $4 billion. (Malware Tech Blog)
  8. Attacks involving cryptojacking increased by 8,500 percent in 2017. (Symantec)
  9. In 2017, 5.4 billion attacks by the WannaCry virus were blocked. (Symantec)
  10. There are around 24,000 malicious mobile apps blocked every day. (Symantec)
  11. In 2017, the average number of breached records by country was 24,089. The nation with the most breaches annually was India with over 33k files; the US had 28.5k. (Ponemon Institute’s 2017 Cost of Data Breach Study)
  12. In 2018, Under Armor reported that its “My Fitness Pal” was hacked, affecting 150 million users. (Under Armor)
  13. Between January 1, 2005 and April 18, 2018 there have been 8,854 recorded breaches. (ID Theft Resource Center)

Cybersecurity Costs

Average expenditures on cybercrime are increasing dramatically, and costs associated with these crimes can be crippling to companies who have not made cybersecurity part of their regular budget.

  1. In 2017, cyber crime costs accelerated with organizations spending nearly 23 percent more than 2016 — on average about $11.7 million. (Accenture)
  2. The average cost of a malware attack on a company is $2.4 million. (Accenture)
  3. The average cost in time of a malware attack is 50 days. (Accenture)
  4. From 2016 to 2017 there was an 22.7 percentage increase in cybersecurity costs. (Accenture)
  5. The average global cost of cyber crime increased by over 27 percent in 2017. (Accenture)
  6. The most expensive component of a cyber attack is information loss, which represents 43 percent of costs. (Accenture)
  7. Ransomware damage costs exceed $5 billion in 2017, 15 times the cost in 2015. (CSO Online)
  8. The Equifax breach cost the company over $4 billion in total. (Time Magazine)
  9. The average cost per lost or stolen records per individual is $141 — but that cost varies per country. Breaches are most expensive in the United States ($225) and Canada ($190). (Ponemon Institute’s 2017 Cost of Data Breach Study)
  10. In companies with over 50k compromised records, the average cost of a data breach is $6.3 million. (Ponemon Institute’s 2017 Cost of Data Breach Study)
  11. Including turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill the cost of lost business globally was highest for U.S. companies at $4.13 million per company. (Ponemon Institute’s 2017 Cost of Data Breach Study)
  12. Damage related to cybercrime is projected to hit $6 trillion annually by 2021. (Cybersecurity Ventures)

Cybersecurity Facts and Figures

It’s crucial to have a grasp on the general landscape of metrics surrounding cybersecurity issues, including what the most common types of attacks are and where they come from.

  1. Ransomware detections have been more dominant in countries with higher numbers of internet-connected populations. The United States ranks highest with 18.2 percent of all ransomware attacks. (Symantec)
  2. Trojan horse virus Ramnit largely affected the financial sector in 2017, accounting for 53 percent of attacks. (Cisco)
  3. Most malicious domains, about 60 percent, are associated with spam campaigns. (Cisco)
  4. Seventy-four percent of companies have over 1,000 stale sensitive files. (Varonis)
  5. Malware and web-based attacks are the two most costly attack types — companies spent an average of US $2.4 million in defense. (Accenture)
  6. The financial services industry takes in the highest cost from cyber crime at an average of $18.3m per company surveyed. (Accenture)
  7. Microsoft Office formats such as Word, PowerPoint and Excel make up the most prevalent group of malicious file extensions at 38 percent of the total. (Cisco)
  8. About 20 percent of malicious domains are very new and used around 1 week after they are registered. (Cisco)
  9. Over 20 percent of cyber attacks in 2017 came from China, 11 percent from the US and 6 percent from the Russian Federation. (Symantec)
  10. The app categories with most cybersecurity issues are lifestyle apps, which account for 27 percent of malicious apps. Music and audio apps account for 20 percent. (Symantec)
  11. The information that apps most often leak are phone numbers (63 percent) and device location (37 percent). (Symantec)
  12. In 2017, spear-phishing emails were the most widely used infection vector, employed by 71 percent of those groups that staged cyber attacks. (Symantec)
  13. Between 2015 and 2017, the U.S. was the country most affected by targeted cyber attacks with 303 known large-scale attacks. (Symantec)
  14. In 2017, overall malware variants were up by 88 percent. (Symantec)
  15. Among the top 10 malware detections were Heur.AdvML.C 23,335,068 27.5 2 Heur.AdvML.B 10,408,782 12.3 3 and JS.Downloader 2,645,965 3.1 (Symantec)
  16. By 2020, the estimated number of passwords used by humans and machines worldwide will grow to 300 billion. (Cybersecurity Media)

Cybersecurity Risks

With new threats emerging every day, the risks of not securing files is more dangerous than ever, especially for companies.

  1. 21 percent of all files are not protected in any way. (Varonis)
  2. 41 percent of companies have over 1,000 sensitive files including credit card numbers and health records left unprotected. (Varonis)
  3. 70 percent of organizations say that they believe their security risk increased significantly in 2017. (Ponemon Institute’s 2017 Cost of Data Breach Study)
  4. 69 percent of organizations don’t believe the threats they’re seeing can be blocked by their anti-virus software. (Ponemon Institute’s 2017 Cost of Data Breach Study)
  5. Nearly half of the security risk that organizations face stems from having multiple security vendors and products. (Cisco)
  6. 7 out of 10 organizations say their security risk increased significantly in 2017. (Ponemon Institute’s 2017 Cost of Data Breach Study)
  7. 65 percent of companies have over 500 users who never are never prompted to change their passwords. (Varonis)
  8. Ransomware attacks are growing more than 350 percent annually. (Cisco)
  9. IoT attacks were up 600 percent in 2017. (Symantec)
  10. The industry with the highest number of attacks by ransomware is the healthcare industry. Attacks will quadruple by 2020. (CSO Online)
  11. 61 percent of breach victims in 2017 were businesses with under 1,000 employees. (Verizon)
  12. Ransomware damage costs will rise to $11.5 billion in 2019 and a business will fall victim to a ransomware attack every 14 seconds at that time. (Cybersecurity Ventures)
  13. Variants of mobile malware increased by 54 percent in 2017. (Symantec)
  14. Today, 1 in 13 web requests lead to malware (Up 3 percent from 2016). (Symantec)
  15. 2017 represented an 80 percent increase in new malware on Mac computers. (Symantec)
  16. In 2017 there was a 13 percent overall increase in reported system vulnerabilities. (Symantec)
  17. 2017 brought a 29 percent Increase in industrial control system–related vulnerabilities. (Symantec)
  18. By 2020, we expect IT analysts covering cybersecurity will be predicting five-year spending forecasts (to 2025) at well over $1 trillion. (Cybersecurity Ventures)
  19. The United States and the Middle East spend the most on post-data breach response. Costs in the U.S. were $1.56 million and $1.43 million in the Middle East. (Ponemon Institute’s 2017 Cost of Data Breach Study)

There’s no question that the situation with cybercrime is dire. Luckily, by assessing your business’s cybersecurity risk, making with company-wide changes and improving overall security behavior, it’s possible to protect your business from most data breaches.

Make sure you’ve done everything you can do to avoid your company becoming a victim to an attack. The time to change the culture toward improved cybersecurity is now.

Source: Varonis

Just as 4G networks led to the ubiquity of the smartphone and other smart devices, 5G networks will lead to the rise of billions of new devices connected to the Internet, all talking with one another at incredibly fast speeds with remarkably low latency. This will open up vast new possibilities for consumers, businesses and society as a whole – everything from self-driving cars on the road to the ability for doctors to conduct remote surgery from anyplace in the world.

Verizon 5G keynote at CES

At the 2019 CES in Las Vegas, for example, Verizon CEO Hans Vestberg laid out a compelling vision for 5G, noting that it would help to bring about “the Fourth Industrial Revolution.” There are many technologies today powering this Fourth Industrial Revolution – everything from artificial intelligence and robotics to the Internet of Things (IoT) and virtual reality – and all of them are being given a push forward by 5G. AI, for example, is making it possible to create self-driving cars, while the IoT is making it possible for smart devices to become ubiquitous, both in the home and within the enterprise.

To highlight the various ways that Verizon is already starting to make this 5G future a reality, Vestberg invited a number of key technology partners on stage with himself, including top executives from the New York Times, Walt Disney Studios, and drone company Skyward to showcase some of their best 5G projects. The New York Times, for example, is the middle of creating a new 5G journalism lab to support data-intensive technologies such as VR and AR, while Skyward is making it possible to control as many as one million drones from anywhere in the world. (And, indeed, during his CES keynote, Vestberg piloted a drone based in Los Angeles while on stage in Las Vegas)

Cybersecurity concerns in the 5G world

And, yet, this exciting new 5G world will encounter its own share of cybersecurity challenges. Hackers and cybercriminals in the world will still look for ways to access user data and profit from it. With billions of devices connected to the Internet, they will have an incredibly large attack surface in which it will be much easier to find the proverbial “weakest link” in the security chain. Geoffrey R. Morgan, Founding Partner at Fairchild Morgan Law, suggests that, “The exponential increase in speed, density and efficiency afforded by 5G technology will cause a dramatic rise in cybersecurity concerns, particularly by those industries that are among the first to utilize it.”

Moreover, the ability of hackers to cause harm and destruction will also mount exponentially. In today’s 4G world, a huge botnet formed by hacking into user devices in the home could be used to mount large-scale DDOS attacks on websites; in tomorrow’s 5G world, that same botnet could be used to take out an entire network of self-driving cars in a single city, leading to mayhem on the roads.

Obviously, then, cybersecurity is just as much a concern in the 5G world as it is in the 4G world – and perhaps more so. Vast amounts of remote sensors and smart devices hooked up to global supply chains, for example, will radically increase the complexity of securing corporate networks from intruders and cyber criminals. And the sheer amount of data being created by 5G networks will make it much more difficult to spot anomalies in user behavior resulting from hackers. According to one estimate, for example, the data output of a single autonomous vehicle in one day will equal the daily output of 3,000 people.

The 8 currencies of 5G

The good news is that 5G is still so new that there is time to make security a priority. That, says Verizon CEO Hans Vestberg, is one reason why the company has come up with the idea of 8 “currencies” for 5G. These currencies – peak data rate, mobile data volume, mobility, connected devices, energy efficiency, service deployment, reliability and latency – all represent key features of the Verizon 5G network that make it completely unlike anything we’ve seen before. For example, “peak data rate” refers to the ability to generate speeds of up to 10 Gbps, while “mobility” refers to the ability to stay connected while moving at speeds of up to 500 km/hour.

In the 3G and 4G world, the way that companies thought about their networks was in terms of two simple currencies: speed and throughput. In other words, how fast can you make uploads and downloads, and how much volume can your network handle at any point in time? But in a 5G world, companies need to expand their thinking from two currencies to eight currencies. Doctors and healthcare professionals, for example, place a tremendous value on “latency”: when they are doing remote surgeries, it is absolutely critical that end-to-end latency is as close to zero as possible. And, given the challenges posed by climate change, enterprises are much more aware of the value of the “energy efficiency” currency when it comes to 5G networks.

Using the 8 currencies of 5G to power future cybersecurity innovations

By taking this big picture view, it is possible to consider how the 8 currencies of 5G will have a positive impact on how we address cybersecurity issues in the future. Since 5G is not simply a faster version of 4G, but rather, an entirely new network architecture, it opens the door to entirely new security models for user privacy, identity management, and threat detection. For example, Hed Kovetz, CEO & Co-founder at Silverfort, notes that, “The 5G system incorporates secure identity management for identifying and authenticating users to ensure that only the genuine user can access services. Its new authentication framework enables mobile operators to choose authentication credentials, identifier formats and authentication methods for users and IoT devices.”

Moreover, the “mobility” currency, or the ability to stay connected while traveling at very fast speeds, means that it might be possible to create virtual security environments that travel with us as we move from point to point, regardless of which device we use, through the use of virtualization and cloud technologies. In fact, Robert Arandjelovic, Director of Product Marketing (Americas) at Symantec, suggests that, “A transition to 5G could lead to the complete obsolescence of the network perimeter. With the growth in cloud services and applications, the erosion of that perimeter has already begun… In a hyper-connected, non-perimeter world, the cloud and the endpoint become the new place where security technologies can be deployed to keep people safe.”

The “mobile data volume” currency means that emerging technologies that rely on vast amounts of data – such as machine learning and artificial intelligence – can now be deployed to create new AI-powered cybersecurity solutions. One idea that is gaining traction, for example, is using AI to spot anomalies in user and system behavior. This acts as a form of automated threat detection and mitigation, and helps to reduce the current dependence of 4G networks on user names and passwords as a way to keep users safe.

In many ways, AI cybersecurity solutions would benefit greatly from 5G. Aaron Bugal, Global Solutions Engineer at Sophos, notes that, “5G connectivity could help the way in which information integral to making a security decision is transported to the automated processes and people who need it. An example of this would be the ongoing benefit to artificial intelligence platforms that will only work best when they have as much information as possible to digest and learn from. Especially when they’re tasked with identifying unusual behavior across an organization, most of these platforms feed off data local to them, with devices that are remote or mobile unable to properly feed (upload) to these systems and typically exposing a short fall in awareness. 5G could unlock more data to get to an AI security platform in a shorter time and allow for best understanding of the organization and faster and accurate prediction of a security event.”

Cybersecurity and Verizon’s “Built on 5G” challenge

To help innovators come up with new 5G cybersecurity solutions, Verizon has launched a “Built on 5G Challenge” that offers a $1 million prize for a truly unique idea that builds on top of the 8 currencies of 5G. The “Built on 5G Challenge” will begin accepting submissions in April, with the winning team announced during Mobile World Congress Americas in October. For security researchers around the world, this could become a unique opportunity to make cybersecurity an enabling technology, rather than simply a “tax” on innovation. If the New York Times and Walt Disney Studios are creating their own showcase 5G labs, why can’t cybersecurity researchers also create their own 5G labs and launch innovative new products that use 5G?

Clearly, there is enormous potential for 5G to change how we address cybersecurity issues in the future. Many of the best technologies today – especially artificial intelligence – can be fully leveraged on these super-fast, low-latency 5G networks. As Verizon CEO Hans Vestberg noted at CES, “5G will change everything.” And that, of course, includes cybersecurity.

Thank you to Verizon Wireless for sponsoring this post

Sign up to see when 5G is coming to you!
Source: CPO Magazine

There’s a new compiler at the helm of our monthly list of data breaches, following the departure of IT Governance stalwart Lewis Morgan, who leaves me with some mighty big shoes to fill.

Fortunately – or, rather, unfortunately ­– the new regime has a familiar ring to it, with another mammoth list of data breaches. By our count, there were at least 2,100,480,045 records compromised in March.

That brings the 2019 running total to 4.53 billion, and raises the monthly average to 1.52 billion.

Here’s the list in full:

Cyber attacks

Ransomware

*Not included in the total number of records, as they are part of the 1.2 million records affected in the already-reported Wolverine Solutions incident.

Data breaches

Financial information

Malicious insiders and miscellaneous incidents

In other news…

Source: IT Governance