(702) 252-HERO (4376)

According to government and industry sources, malicious cyber activity is a growing concern for both the public and private sectors. Between 2013 and 2015, according to the U.S. Office of the Director of National Intelligence (DNI), cyber threats were the most important strategic threat facing the United States. And, according to Ponemon, the average cost due to damage or theft of IT assets and infrastructure was $1,027,053 in 2017. The average cost due to disruption to normal operations was $1,207,965. If you run any type or size of organization or business, these are statistics that you can’t afford to ignore.

Facts About Cybercrime Today

According to government and industry sources, malicious cyber activity is a growing concern for both the public and private sectors. Between 2013 and 2015, according to the U.S. Office of the Director of National Intelligence (DNI), cyber threats were the most important strategic threat facing the United States. And, according to Ponemon, the average cost due to damage or theft of IT assets and infrastructure was $1,027,053 in 2017. The average cost due to disruption to normal operations was $1,207,965. If you run any type or size of organization or business, these are statistics that you can’t afford to ignore.

The 6 Criminal Groups That Drive Cyber Attacks

1. Nation States. The main group of cybercriminals come from nation states like Russia, China, Iran, and North Korea. They are well funded and use sophisticated, targeted attacks. These nation-states are motivated by political, economic, technical, or military agendas. They often engage in industrial espionage. And to raise funds for their activities, they conduct ransomware attacks and electronic thefts of funds.

Nation states frequently target Personally Identifiable Information (PII) to spy on certain people. They also engage in destroying businesses to retaliate against sanctions or other actions taken by governments. According to Verizon’s Data Breach Investigations Report (2017), 18 percent of threat actors were state-affiliated groups. The most recent publicly confirmed attack by a nation-state was a destructive WannaCry malware attack initiated by North Korea that is estimated to have cost the world economy.

2. Corporate Competitors: These are companies seeking unauthorized access to proprietary intellectual property (IP). This may include financial, strategic, and workforce-related information on their competitors. Nation states also back some of these corporate cybercriminals.

3. Hacktivists: These can be individuals or groups anywhere around the world who have a political agenda. They work to carry out high-profile attacks to spread their propaganda or to cause damage to a business or organizations that they oppose.

4. Organized Crime: These are groups engage in targeted attacks motivated purely for profit. They steal PII and sell it on the Dark Web. They also distribute ransomware and collect ransom payment from victims both public and private. 51 % of cyber attacks involved organized criminal groups (Verizon 2017).

5. Opportunists: These hackers are typically amateurs looking for notoriety. They usually attack organizations using widely available codes and techniques. These are the least sophisticated form of attacks.

6. Company Insiders: These tend to be disgruntled employees or ex-employees who want revenge or seek financial gain. They can be very dangerous to your business, especially when they work with external cybercriminal who can bypass your defenses. Verizon’s Data Breach Investigations Report (2017) notes that 75 percent of recent cyber incidents and breaches were caused by outsiders, while 25 percent were performed by internal actors.

10 Trends In Cybersecurity For SMBs

The 2017 Ponemon Report revealed that a typical business experiences 130 security breaches each year. And if these aren’t addressed properly, they will likely cause material damage such as loss of data, property or disruption of operations. Cyber attacks against small and midsized businesses (SMBs) increased from 55 % to 61 %. Most were a result of

phishing/social engineering and web-based attacks. Cyber attacks are becoming more targeted, severe and sophisticated.

Ponemon’s Top 10 Trends In Cybersecurity:

1. Cyber attacks affected more SMBs in 2017(an increase from 55 percent to 61 percent of respondents polled). The most prevalent attacks against SMBs were phishing/social engineering and web-based (48 percent and 43 percent of respondents, respectively). Respondents said cyber attacks are more targeted, severe and sophisticated.

2. The rise of ransomware is affecting SMBs. In 2016 only 2% of respondents said they experienced ransomware. In 2017, 52% said that they suffered a ransomware attack and 53% of these had more than two ransomware incidents in the past year. 79% said the ransomware infection was released via phishing/social engineering attack.

3. SMBs are having slightly more data breaches involving personal information, and the size of data breaches is larger. In 2016, 54 percent had breaches involving sensitive information about customers, target customers or employees. This is an increase from 50 percent in 2016. The average size of the breach involved 9,350 individual records. This is an increase from an average of 5,079 records.

4. 54 percent say negligent employees were the root cause of data, (an increase from 48 percent of respondents in 2016). 1/3 couldn’t determine the cause.

5. 23 % had a data breach or security incident due to the use of the Internet of Things (IoT). 56 % of respondents say IoT and mobile devices are the most vulnerable endpoint their organization’s networks and enterprise systems.

6. More SMBs say that malware evaded their intrusion detection system (an increase from 57% to 66 %). And that anti-virus solutions increased from 76 % of respondents to 81 %).

7. 59% of SMBs say they don’t have visibility into employees’ password practices. Although strong passwords and biometrics continue to be an essential part of the security defense.

8. Password policies are still not strictly enforced. If a company has a password policy (43% of respondents), 68 % say they don’t strictly enforce it or are unsure. However, more are requiring their employees to use passwords or biometrics to secure access to mobile devices(an increase of 42 % to 51%).

9. Unfortunately, personnel, budgets and technologies continue to be insufficient to have a strong security posture. As a result, some engage managed security service providers to support an average of 36 percent of their IT security operations. The services most often used are monitored or managed firewalls or intrusion prevention systems and intrusion detection systems and security gateways for messaging or Web traffic.

10. Cyber attacks are more costly today. The average cost due to damage or theft of IT assets and infrastructure increased from $879,582 to $1,027,053. The average cost due to disruption to normal operations increased from $955,429 to $1,207,965.

These are not only alarming statistics; it doesn’t look like your risks will be lessening anytime soon. The good news is that many SMBs now realize that they need an IT Managed Service Provider to bolster their security posture and reduce their risk.

For more information, or a complimentary IT Security Assessment for your business in Las Vegas, contact Network Heroes.