Ten Scary CyberSecurity Facts

October is the time for all things scary, and it’s also CyberSecurity Awareness Month! In that spirit, here are ten of the most frightening cybersecurity facts giving us the chills:  

#1 “The average time it takes for ransomware to start encrypting the files in your PC or network is only 3 seconds.” – Comodo Security

Cyber attacks are difficult to detect until they’re not. Most hacking begins months in advance with the collection of data on targets, credentials, entry points, and even recruiting help on the dark web. Your best bet is to interrupt a hacker’s data supply by using Dark Web Monitoring or Account Takeover Prevention to identify threats early.   

#2 The average cost of a ransomware attack service is only $66. – Altas VPN

Ransomware as a Service has helped to increase cyberattacks globally. This “going retail” has allowed anyone to finance cyberattacks with monthly payments, upfront payment, or even a “no money down” option in return for a cut of the proceeds. This has helped increase the size and scope of ransomware attacks.   

#3 Another day, another fact! 66% of supply chain attacks focused on the suppliers’ code in order to further compromise targeted customers. – ENISA

Supply chain attacks are gaining popularity as global supply chains struggle and the COVID-19 pandemic eases. The Kaseya USA ransomware attack is a prime example. REvil successfully infected a large Managed Service Provider, spreading its malware internationally in a few hours. In total, 800 -1,500 businesses were affected.   

#4 It takes 3x longer to realize a system has been compromised than it does to re-secure it. – IBM Cost of a Data Breach 2021 

Data breaches are slow-moving disasters. Often, networks and data will be exposed for 200 days before someone notices. By then, data has been extracted, repurposed, or resold on the dark web. Data Breach Prevention can locate a company’s leaking data in days vs. the 200 needed to notice a data breach. Dark Web Monitoring can help find stolen company data by identifying it before a breach is recorded.   

#5 Microsoft observed the password “admin” used in an IoT device over 20 million times- Microsoft Digital Defense Report 2021

Default credentials constitute a significant threat to modern cybersecurity. Millions of connected devices are activated daily and used as light bulbs, wifi routers, thermostats, hazard scanners. Many of these devices never have their original credentials changed, leaving them easy prey for exploitation.  

#6 A cyberattack occurs every 39 seconds. – Clark School at the University of Maryland

Cyberattacks are shockingly common. One in five US companies has faced a ransomware attack, and nearly all have experienced some form of phishing or business email crime. Some enterprising hackers have automated using search engines to locate and automatically enter unsecured servers.   

#7 Human error is the primary cause of cybersecurity breaches, accounting for 95% of all data breaches. -Deloitte

“Human error” within cybersecurity breaches takes a lot of forms. Opening a phishing email, entering credentials to a spoofed domain, or forgetting the last privacy setting, all fall under human error. Hackers are still targeting people often to gain user credentials.   

#8 The U.S. has the highest percentage (18.2%) of ransomware attacks. – IBM Cost of a Data Breach

2021 saw several high-profile cyberattacks on the U.S., namely Colonial Pipeline, JBS Foods, and Kaseya USA. With a highly digitized economy, the U.S. makes for a target-rich environment. With the advent of Ransomware as a Service, the number of attacks has only increased, leading to international incidents.    

#9 The average cost of downtime is 24 times higher than the average ransom amount. – Retarus

If you’ve worked for any business, you know pricing can be a considerable part of your success. The same applies to ransomware. While prices for ‘enterprise’ customers and small to medium businesses vary, the average ransomware payment is about $571,000, with demands averaging $5.3 million. This would put the cost of downtime at $13 million.   

#10 You can purchase someone’s account credentials for $1 on the dark market. – RSA

Cybercrime exists in a strange paradoxical state. It costs companies and people billions of dollars per year but getting someone to commit cybercrime for you is very cheap. Anyone can purchase a person’s online identity for only a few dollars. A Twitter account can cost you $2. The cost of a Facebook account is $9. Items like bank accounts or credit cards might run you anywhere from $25 -$250. If spooky cyber threats are haunting you, the CybelAngel team is here to help. Learn more about our external threat protection services at www.cybelangel.com.