No matter how you look at it, the current cybercrime numbers are scary. Just consider these facts, which we’ve gathered from a variety of sources:
- Cybercrime has risen 600% since the COVID-19 pandemic began
- 43% of breach victims were small and medium businesses
- The chance of experiencing a data breach is more than 30%
- Only 10% of cyberattacks in the US get reported
- More than 77% of organizations don’t have a cybersecurity incident response plan
- The average cost of a data breach at an SMB is $2.65 million
- The United States ranks highest for ransomware attacks with 18.2% of all ransomware
Here’s another one – cybercriminals can penetrate 93% of all company networks.
That statistic comes from a study of pentesting projects from Positive Technologies, conducted among financial organizations, fuel and energy organizations, government bodies, industrial businesses, IT companies and other sectors.
Notice the number of industries mentioned, because no industry is safe these days. Here are the scary numbers for the agriculture, education, engineering, financial, and healthcare industries.
Agriculture
Cyberattacks against the food and agriculture sector increased 607% in 2020, according to Malwarebytes. Attacks continued to increase, rising another 36 percent during just the first quarter of 2021. The specific risks include:
- Data Integrity Attacks
- Sensor Hacks
- IoT
- Ransomware
- Supply Chain Attacks
Education
Education ranked third for data breaches and fourth in number of records stolen. The average cost of a data breach in the education sector was $3.9 million in 2020 and $4.7 million in 2022. Research of online material found 356,000 malicious files in essays and textbooks.
The worst statistic? The education sector ranks last in cyber preparedness. The specific risks include:
- Cloud vendor management
- Endpoint Detection and Response (EDR)
- IAM – (MFA, SSO, Governance & Lifecycle)
- Protecting data authenticity and integrity
- Insufficient security of research data
- Student data privacy and governance.
- Phishing
- Limited IT/Security Staffing
- Security Awareness
Engineering
The construction and engineering industry’s involvement in multiple sectors, including manufacturing, energy, transportation, aerospace, and defense, will likely continue to make the sector a high-profile target for state-sponsored threat actors engaged in cyber espionage.
At least 25 advanced threat groups have been observed compromising organizations across 16 construction/engineering subsectors. The specific threats include:
- Social engineering/wire fraud
- Phishing
- Malware/Ransomware
- Hacking
- Credential stuffing
- DDOS attacks
Financial
The cybersecurity risks in the financial industry fall into three categories: data, dollars, and dilemmas.
Data: Cyberattacks on financial institutions exposed an average of 352,771 sensitive files. The average financial services employee has 11 million files available to them, and 30% of all cyberattacks involve insider threats.
Dollars: Financial institution cyberattacks in 2020 cost organizations an average of $3.86 million and the cost of cyberattacks is highest in the banking industry, reaching $18.3 million annually per company. Cybercriminals launch attacks every 39 seconds, resulting in a $2.9 million loss every minute.
Dilemmas: Financial services are 300 times more likely to be attacked than other sectors; 70% of financial companies have experienced a cyber security incident in the past year with 26% of financial institutions suffering a destructive cyberattack.
Healthcare
Hospitals account for 30% of all large data breaches, with 34% of healthcare data breaches coming from unauthorized access or disclosure. In 2020, healthcare suffered close to 240 million hacking attempts.
A healthcare data breach has the highest cost of any industry at $408 per record. Because of that, security breaches had cost $6 trillion by the end of 2021.
The specific Healthcare cybersecurity risks include:
- Phishing
- Ransomware
- Vulnerabilities
- Supply chain
- Remote access
- Mobile devices
- Data breach
- DDoS attack
What can you do?
It’s understandable if your reaction to all these statistics is to hide in bed under the covers, but that’s not really a cybersecurity plan. Our recommendations include these steps:
- Assess your environment
- Understand your risks, vulnerabilities, and threats
- Maximize capabilities of existing security tools
- Continuously improve security controls
- Reduce complexity
- Evangelize Security
- Partner with a security services provider
- Most important: Plan for the worst
You can also contact us for a free consultation about your cybersecurity posture. Our experts have been where you are and can help you defend your network. Sure beats hiding under the covers.