Here at OnSIP we write about cybersecurity quite a bit. And here we are again, midway through the year, scanning the latest updates now that the full 2020 stats are in and analyzed, with early 2021 changes rolling out.
Between the abundance of stats out there and the protean nature of cyberthreats, it’s practically impossible to stay on top of every bit of information. But for the layperson (and by that we mean non-security professional, your average business owner or employee), it’s good enough for now to stay abreast of the general situation and adapt your practices and security measures accordingly.
So we gathered a sampling of the most recent SMB and enterprise-related information to help you protect yourselves. And hopefully it’s less overwhelming than the average Google result for “cybersecurity stats right now.”
Types of Attacks
Cybersecurity needs change faster than the biggest Apple geek you know upgrades their devices. So it’s imperative to stay on top of stats, trends, and the biggest threats at any given point.
- Phishing is still the #1 player, responsible for more than 80% of reported attacks. (Forbes)
- Malware and ransomware attacks went up by 358% and 435%, respectively, compared to 2019. (Forbes)
- To make it more interesting, nearly all malware is polymorphic, aka able to evade detection by changing its code. (Comparitech)
It’s a rare OnSIP security-related blog that doesn’t have some mention of best practices and the necessity of continuous training. Employee security training deters attack attempts and saves you from crippling downtime.
- SMBs are particularly vulnerable to ransomware attacks (Datto) and Managed Service Providers (MSPs) see a distinct disconnect between their level of concern and SMBs’ level of concern:
- The 40% of SMBs that suffered ransomware attacks can pinpoint human error as the top cause. Namely: phishing, bad passwords, and no training.
- The good: Most MSPs surveyed said their clients with continuity and recovery plans recovered within a day. Which is great, because downtime is on average 24x more costly than the actual ransom requested.
- The bad: Downtime costs from ransomware attacks went up a whopping 75% year over year.
- There was a new ransomware victim every 10 seconds in 2020. (InfoSecurity Magazine)
Covid forced most if not all businesses to scale back their budgets. Unfortunately, security funding got caught up in the cutbacks as well. However, investing in security at both the technical and personnel levels greatly reduces the financial impact of breaches and downtime.
- Small businesses in North America, particularly the United States, still have the highest cost associated with data breaches. (Upguard)
- The average time taken for critical security fixes continues to rise. Just from April to May 2021, the timeline jumped from 197 to 205 days. (ZDNet)
- By 2025, cybercrime’s global price tag will reach $10.5 trillion. (Cybersecurity Ventures)
- The good: The average cost for SMB data breaches decreased in 2020, albeit by very little. However small, a decrease is good! And it’s because of better detection skills.
- The bad: 9% of SMBs and 11% of enterprises plan to decrease cybersecurity budgets over the next few years, either because they feel it’s good enough as it is or because of general budget cuts. (Kaspersky)
With this current roundup there’s good news and there’s bad news, and they go hand in hand. The bad is that cyberattacks continued to skyrocket throughout 2020 after that first massive surge against healthcare and a newly remote workforce. The good news is that this time when we started mid-year research there were more results than we could possibly dig through in a timely manner. Okay, we get it, that sounds pretty scary. And it is! But it’s a shiny silver lining: more people are paying attention to cyber threats and reporting on it. Which means more people outside of the cybersecurity sphere will see those posts and continue learning and adapting. As we continue to repeat, like any cybersecurity publication worth its VPN, education and vigilance are the best tools in your utility belt. After that of course is a solid technical defense and detection system, followed by a disaster recovery plan.
For a more complete collection, we recommend checking Comparitech’s extremely detailed post of 300+ stats for 2021. For continued analysis keep an eye on Hackmageddon’s monthly updates. Because as more than a few headlines state, Covid isn’t the only pandemic we’re in right now.
And just in case you think the small percentage of SMBs decreasing their security budgets have the right idea, we’ll leave you with Bitdefender’s real-time cyberthreat map. Here’s a sample: