Cyberattacks strike SMBs and large corporations alike, looting millions of dollars, and reselling confidential information on the dark web market. Even companies who spend millions on cybersecurity risk exposure to hackers and malicious actors taking advantage of loopholes to access valuable information and assets. Every company should be aware of these risks to protect their assets, staff, and reputation.
The statistics around cyberattacks and network vulnerabilities are alarming. Below are three cybersecurity statistics that are both shocking and frightening, along with ways to prevent your business from becoming part of these statistics.
1. 62 percent of businesses experience social engineering attacks
62 percent of businesses have faced at least one instance of social engineering attacks at some point in time. Social engineering is similar to phishing but is a longer, pre-planned process where the cybercriminal makes a personal connection with an employee or employees. They use that connection to gain their trust step by step. Eventually, the employee or employees may divulge sensitive company information to the cybercriminal.
Social engineering attacks cannot be stopped merely by installing security equipment and software, as it involves a human element. The process involves both internal and external actors, making cybersecurity precautions inside the company alone insufficient.
Fix: Train employees so they are educated about social engineering attacks and how to combat them. Regular testing processes and continuous awareness campaigns should be used to complement the training. Keep abreast of new attacks and apply this new knowledge to keep employees up to date with the latest threats.
2. 53 percent of companies have more than 1,000 sensitive files open to every employee
According to the 2019 Global Data Risk Report by Varonis, 53 percent of companies have over 1,000 files containing sensitive information accessible to their employees. This applies to all sorts of industries, including technology, healthcare, manufacturing, and government. This global access to all employees represents a massive risk of sensitive information becoming compromised by an employee either through carelessness or malicious intent.
Fix: Review your permission structure. For most organizations, global permission should be given only to the least sensitive data files. Access to sensitive data for the employees must be granted strictly on a need-to-know basis, i.e., each employee should only have as much access as needed to carry out their work and responsibilities.
The access and permission management process can be a hassle for many companies. Such responsibilities can be outsourced to a trusted cybersecurity partner that can exclusively handle permission and data management responsibilities.
3. Most companies take more than six months to detect data breaches
Most companies do not discover a cyber attack immediately after it occurs. It takes months in many cases – figures show that most companies take six months to detect a data breach. Businesses suffer from the initial loss resulting from the attack. Malicious actors have the opportunity to exploit the company’s valuable resources further until detected. Once cybercriminals have intruded into your information network, they can continue to steal sensitive data and spy on the company’s activities. This type of cybercrime is known as an advanced persistent threat (APT).
Fix: To control the risk of APTs, you must have a robust network and endpoint monitoring policy in place. A trusted cybersecurity provider can ensure 24/7 network and endpoint monitoring covering your valuable digital assets ranging from trade secrets to customers’ confidential data.
Working with a professional cybersecurity provider protects your company’s digital health, letting you focus more on what you do best – your core business.
To learn more about how we can help you strengthen your cybersecurity and protect your business from becoming part of these frightening statistics, get in touch!