Ransomware attacks on the rise in 2022
Ransomware strains, much like those of the COVID-19 virus, don’t stop evolving and often become more pernicious over time.
The global volume of ransomware increased 105% year over year in 2021 and a whopping 232% since 2019, with attacks in the U.S. last year alone increasing by 98%.
Researchers recorded over 623 million ransomware attacks worldwide.
An estimate by Cybersecurity Ventures puts the damages from ransomware attacks in 2021 at around $20B, and the firm predicts that the economic costs of ransomware will reach $265B by 2031.
Almost half of all data breaches in 2022 began with stolen credentials. Six hundred malicious email campaigns were launched in the first half of 2022, 58% of which were phishing emails and 28% contained malware, per acronis report. Cybercriminals have shifted toward attacking key entry points on networks that rely on cloud services or seek unpatched or software vulnerabilities to launch attacks.
Ransomware attacks are going nowhere and you or your business could be the next victim.
Ransomware Protection is the need of the hour, no matter where you are located and what the nature of your business might be. Nobody is safe.
Every organisation must invest in ransomware readiness and mitigation if it wants to protect itself from the heavy costs a ransomware attack comes with – both monetary and reputational.
source: embroker, iapp, cm-alliance
WHO FALLS FOR PHISHING?
Average Failure Rate, By Department
RANSOM RESPONSE BY SECTOR
23% of Response Work is Insurance
RATES OF PASSWORD REUSE
Reported Password Reuse of Employees Per Sector
CYBER INSURANCE PAYMENTS
Insurance Typically Covers 59% of Ransom, If Paid
WHO WAS BREACHED IN 2021?
Top 6 Sectors Breached so far in 2021
AVERAGE RANSOM PAYMENTS
82% Growth in 2021 in Typical Amount Actually Paid
73% of Firms are Very to Extremely Concerned
DISTRIBUTED Denial-of-service (DDoS)
Distributed Denial-of-service (DDoS) is an attack which targets the resources of a server, network, website, or computer to take it down or disrupt services. DDoS attacks generally have a host system that infects other computers or servers connected to the network.
DDoS attacks overload a system with constant flooding of connection requests, notifications and traffic. As a result, the system denies service requests by legitimate users.
DDoS attacks don’t benefit the attacker directly as they don’t steal any information, it just compromises the systems so they can’t function properly. Nonetheless, DDoS attacks can be damaging for businesses as it can halt operations and result in damages often as high as 100’s of thousands of dollars via things like lost revenue, lost productivity and reputational damage.
Average cost of DDOS attack is $20-40K
Drive-by attacks use various online resources to compromise a user’s system. The malicious code can be inserted in internet ads, HTTP or PHP codes on websites, or even applications. Contrary to other forms of Cyber-Attacks, a user doesn’t have to do anything to initialize the malicious software or virus.
92 percent of Malware is Delivered by Email.
A single click on a pop-up window or website link can do the job!
Drive-by attacks are increasingly used to spread viruses and malware.
The attacks take advantage of security vulnerabilities in apps or websites to exploit victim systems. These include not updating the app, flaws in security patches, bugs, and more.
The attacks also run in the background and are not visible to the user. As a result, you can’t take any concrete steps to identify incorrect codes. Only being proactive can help businesses protect themselves from drive-by attacks.
Did you know?
Nearly 66% of IT Managers have an incomplete record of their IT assets. Knowing what IT Equipment you have and where is a critical function. We can help with an initial Asset Audit and ongoing Asset List Management.
56% verify asset location only once a year, while 10-15% verify only every five years. Regular asset & inventory maintenance is crucial to keeping accurate records. We can help you with your Software Inventory and Control Management.
78 Percent of Small Businesses that store valuable or sensitive data do not encrypt their data making it easy for hackers to gain access. There are tools and systems available now that can cost-effectively manage data protection and encryption across organizations.
Only 14% of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective. Setting up and managing appropriate security and configuration policies and procedures doesn’t have to take a lot of effort if you work with a professional.
98% of Microsoft Windows critical vulnerabilities could be mitigated by removing administrative rights from end-user systems. There’s amazing Zero Trust tools available to help make ongoing management of this much easier.
In early November 2020, Microsoft urged users to stop using phone-based MFA and instead recommend using app-based authenticators and security keys. We can assist you to implement an organization wide Enterprise Multi-Factor and Identity Management system.
One of the main points of entry used by threat actors is to exploit unpatched vulnerabilities within systems. According to one survey from the Ponemon Institute, 60% of breaches in 2019 involved unpatched vulnerabilities.
Most businesses are legally obligated to have a data audit trail. Multiple government-mandated standards and regulations, including ISO 27001, PCI-DSS, HIPAA, PNR Directive, and more, require some form of audit trail. Talk to us today to help configure your Auditing.
The top malicious email attachment types are Office documents which make up 38%, the next highest is Archive (.zip etc.) at 37%. A multi-layered approach to web and email protection is vital.
Cyber-Attacks and threats are constantly evolving, with 350,000 new malware signatures detected every day. We can help you implenent advanced enterprise level threat protection and detection tools that use technologies such as A.I. and Machine Learning to help protect.
75% of small business owners don’t have a Disaster Recovery plan in place. A basic Disaster Recovery plan can start off small and grow over time. Something is better than nothing. We can help you build a Disaster Recovery plan so you are ready for when something happens.
Research from Gartner suggests that, through 2022, 99% of firewall breaches will be caused by simple firewall misconfigurations. Regular and ongoing Network Configuration Monitoring and Audits can help pick up any weak points. We can work with you to develop a plan.
In the first half of 2019, 4.1 billion data records were compromised from 3,800 publicly disclosed data breaches. The reputational damage from a data leak can often be the most costly part of all, greatly increasing the risk of a business shutting down after a breach.
90% of U.S. organizations required or requested most of their users to work from home in 2020, however only 29% train their employees about best practices for working remotely. We can get your team access to some of the best End-User Cybersecurity training available.
Many Cyber-Attacks originate through 3rd-party Vendors and Software so it’s important to make sure you do Due Diligence whenever you pick a new vendor to work with. We can help you through the vetting process when selecting new Vendors so you know what security questions to ask.
Small businesses are not investing enough in cyber security, 62% don’t regularly upgrade or update their software solutions. We can work with you to develop an IT Budget and Plan that fits your business and requirements so there are no hidden surprises.
65% of small businesses have failed to act following a cyber security incident. 23% of small businesses have a leadership role dedicated to Cyber, whereas 46% have no defined role at all. We have a Security Incident Response process in place to assist you if ever needed.
As sophisticated as security devices are today, almost 90% of Cyber-Attacks are Caused by Human Error or Behavior. Penetration Testing can help improve the overall security posture of an organization. We can simulate common attacks to help you find potential weak points.
Cybercrime and Cyber-Attacks
Cybercrime and Cyber-Attacks are becoming more prevalent with each passing day. Over half of small and medium businesses (SMB) have reported being the victims of cybercrimes.
Every day, there are new headlines about data breaches, hackings, Cyber-Attacks, and various forms of crimes against businesses. In a survey, over two-thirds of the participating businesses had suffered at least one cyber attack, while one-third had experienced the same in the last 12-months.
66% of small businesses are very concerned about cyber security risk.
In 2020, phishing was responsible for more than 80% of reported security incidents.
Between January 2020 and March 2021, DDoS attacks increased by 55%
More than one in four small businesses have no security plan at all.
600% Increase in Cyber Crime DueTo COVID-19 Pandemic
66 Days – The number of days to discover a Cyber-Attack
95% of HTTP servers are vulunerable to MitM attacks.
92 percent of Malware is Delivered by Email
ONE HALF of all Cyber-Attacks Specifically Target Small Businesses.
In 2018 hackers stole 160 000 000 personal records.
73 percent of Passwords are duplicates.
98 PERCENT of Cyber-Attacks rely on Social Engineering.
The average cost of a ransomware attack on businesses was $133,000.
WE CAN HELP!
We can help you navigate the complicated world of IT & Cybersecurity so you can better protect your Data and your Business.