There is a famous quote that simply states that “numbers don’t lie”. On the surface, the statement rings true, especially regarding cybersecurity. Our industry is driven by data, and our analysis of the data determines if a client has been breached, or if operational behaviors have triggered a false positive or not.
The numbers drive our responses to incidents with our clients, and the numbers determine our level of response as well. Some numbers can be used to gauge the overall climate and trends in cybersecurity, such as these ten figures:
- 46% of hackers disseminating malware deliver it almost exclusively through email. (Verizon)
- There are now more than 1.2 billion malware programs that have been registered and identified (AV-Test)
- Android devices are 50x more likely to have malware than iOS devices. (Panda Security)
- Every minute there are Four companies hit by a ransomware attack. (Cybercrime magazine)
- The city of Atlanta after having a ransomware event has spent more than $5 million on rebuilding its computer infrastructure. (Wikipedia)
- Since the beginning of the Global COVID-19 pandemic, malicious emails regarding scams related to COVID-19 have increased by 600% (ABC News)
- After suffering a ransomware event, a company can expect to have an average of 21 days of downtime. (Coveware)
- Since 2009 there have been around 2,100 data breaches related to the healthcare industry. Resulting in inpatient records, identification, and payment information is obtained. (Techjury)
- In the month of September 2020 hackers stole 9.7 million healthcare records. (HIPAA Journal)
- The three most common tactics that are used by hackers to carry out ransomware attacks are email phishing campaigns, RDP vulnerabilities, and software vulnerabilities. (CISA)
The numbers presented above are staggering, but what is important is how we understand those numbers. Remember, numbers don’t lie but they are very easy to misinterpret. Most small businesses and operations see these numbers and think, “This can’t happen to me, I’m too small! Look at the numbers!” The era of security through obfuscation is over as every productive business utilizes the internet in some way. Everyone uses email or the web to conduct business and the statistics don’t lie: if your business hasn’t been affected by a cybersecurity event, you will be.
The best way to avoid becoming one of the statistics above is to select a managed threat response organization such as SOClogix. With the organizational power of a trained Security Operations Center at your side, you have a dedicated group assisting in optimizing your IT operations, meeting your regulatory mandates, and protecting your valuable assets.
