One of the best ways to find your starting point with cybersecurity in 2017, what role business executives play, and identifying any repetitive patterns in the way cybercriminals target and attempt to take data from a business is by reviewing what has happened. So, even though a new year is ahead of us, let’s take a look at some important information from 2016 that can help you take action starting now.
- The ITRC’s Data Breach Report for 2016 shows a total of 980 breaches with a total of 35,233,317 records exposed. The two industries that suffered the largest record exposure included the Government and Healthcare.
- Ransomware is growing, Trend Micro saw a 400% increase in ransomware variants in 2016.
- 59% of ransomware infections, according to Barkly, came from emails with malicious links and attachments.
- 43% of spear-phishing attacks were made on small businesses according to Symantec.
- 97% of Java applications had at least one component with a known vulnerability (Veracode).
- Ransomware cybercriminals took in about $1 billion in 2016.
- When you look at post-breach costs for companies, you see organizations like Anthem (breached in 2015, exposing more than 78 million customer records) spending more than $260 million dollars for security improvements and remedial actions in response to breach incidents.
- Service interruptions from DDoS attacks rose 162% in 2016 (SurfWatch Labs).
Even though this information doesn’t include everything that happened in 2016, it’s enough to show the consistent presence of cyber threats for businesses nowadays. It is also enough to make it clear that even though some industries are bigger targets, like the healthcare industry, cybercriminals are interested in any business that has data they can take and leverage to make money.
In short, the starting point for any business is to stop seeing cybersecurity as an option in 2017. It has never been an option and becomes less and less so with every year that goes by, with every breach that takes place and every new cyber threat that comes to life.
Breach headlines and informative articles with cybersecurity stats tend to create a numbness of sorts amongst business executives or get a minimal reaction that includes investing in security tools and technology in the hopes of solving the problem. This is understandable since business executives may think those numbers are exaggerated, but if year after year breaches are happening that tells you something too. Business executives can no longer tune out breach, especially when they could very well be the cause of one by clicking a malicious link.
From the increase in spear-phishing attacks and ransomware incidents in 2016, it is clear that cybercriminals are finding easier ways to get company data. They’re targeting people; and through the lack of cybersecurity knowledge and training employees have, cybercriminals are succeeding in their attempts. Patching vulnerabilities, adopting anti-virus software and focusing on automated cybersecurity systems can’t teach people what to look for, what not to do, and how to secure their devices.
If you want to learn from 2016 and have a good 2017, get started on a holistic cybersecurity posture. The only way to minimize damage and costs is if you stop treating it as an option and stop implementing partial solutions.
Photo courtesy of Rafal Olechowski