Today, human error contributes to more than 90% of data breaches. With hackers continuously adapting their methods to target consumers, businesses are at risk with both their finances and their reputations. Cybersecurity continues to be a pervasive and growing challenge globally.
In this article, we take a look at the most recent cybersecurity statistics, how to avoid data breaches, facts about cybersecurity, and current cybersecurity threats.
What is Cybersecurity?
Cybersecurity is the practice of protecting critical, internet-connected systems such as hardware, software, sensitive information and data from cyber threats and cyber attacks.
Cybersecurity, also known as IT security, is used by businesses worldwide to protect themselves against cybercrimes. This means the unauthorized access to data and IT systems as well as cyber threats to networked systems and data from outside or inside the company.
The State of Cybersecurity Today
In recent years, the world has seen an increase in cyber security attacks. According to Accenture research, the amount of attacks per company, ranging from unauthorized access to data to illegal access to entire networks, increased by 31% during the pandemic.
The result of a data breach or other cybercrime is more than just a direct monetary cost, but a chain reaction that extends to a company’s reputation which in turn has a negative impact on customer loyalty and trust.
Research suggests that due to the fear of reputational harm, only about 10% of cybercrimes per year are reported to law enforcement.
Data Breaches and Cybersecurity Facts
Regardless of whether you’re a cyber analyst or board director, elected official or small business owner, insurance provider or investor, you name it… we all need to play our part to drive down cyber risk.
Jamil Farshchi, Chief Information Security Officer (CISO) at Equifax
According to Forbes, 2021 saw a record rise in the number of data breaches and ransomware attacks. This is a trend that is likely to continue to grow in step with the Internet of Things. As technology permeates every aspect of our work, homes and lives, there will simply be more opportunities for data breaches and cyber crimes.
Over 27 billion devices are predicted by 2025, creating an unprecedented number of opportunities for cyber-criminals.
How does a data breach happen?
Data breaches can be placed in two large categories – intentional attacks, such as phishing and malware, and unintentional human error. For example, when an employee accidentally emails an attachment or forwards an email with sensitive data.
It’s important to note that even if you have the best security systems in place, you can still experience a data breach. This is because there is always an element of human error, but more importantly, sophisticated hackers are constantly finding new ways to get into your systems and extract information from them.
Cybersecurity Risk Management
Beyond the immense financial risk of a cyber attack, recently averaging $4 million in recovery cost for companies from a data breach, the impact of a cyber security attack and data breach goes far beyond this.
Cybersecurity Risks at a Glance
- Reputation damage
- Loss of customer trust
- Decline in brand loyalty
- Negative impact on customer acquisition
These facts are a lot more difficult to quantify but have an enormous impact on the success of any organization.
According to Farshchi, the CISO at Equifax, one of the world’s largest credit agencies holding data of over 800 million customers and 88 million companies, the job of a Chief Information Security Officer is crucial to reign in cybercrimes and the current cyber crisis.
[The cyber crisis is] going to hurt our ability to innovate … those roadblocks
and hurdles impact our ability to be successful and leverage
the latest technologies.
Jamil Farshchi, Chief Information Security Officer (CISO) at Equifax
It’s important for companies to ensure up-to-date cybersecurity standards across their organization. Even if your startup does not yet have a CISO, every employee can and must play their part in ensuring that data breaches and cybercrimes are prevented.
Checklist: Is Your Company Cyber-Secure?
Here are steps founders, managers and every employee can take to create awareness to prevent cybercrime and avoid data breaches:
1. Phishing Emails
The most common cybersecurity threat and cause of a data breach
While many are blocked by spam filters or easily identifiable, some phishing emails are so convincing that they make it into employee inboxes. Once there, a single phishing email is only an unsuspecting click away from providing cyber criminals access to company or customer data or the IT infrastructure.
Phishing has expanded beyond emails as cybercriminals have also successfully expanded to text messages, known as smishing, and direct messages on social media.
Ensuring cyber security starts with every employee. Take time to train employees in identifying these common signs of cyber threats through phishing:
Mismatched email domains: even if the email looks legitimate, including a familiar company logo, a logical topic, and correct spelling and grammar, be extra cautious and double-check the email’s domain carefully if you are asked to share sensitive data, click on links or open attachments.
Watch out for subtle misspellings, such as a replacement of the letter O with the number 0, or the replacement of an “m” with the letters “rn”. In addition, if the domain ends in an unexpected country domain or a general email provider’s domain such as gmail.com or live.com.
Urgent calls to action, suspicious links with shortened URLs, unrequested attachments, first time senders, generic greetings, and spelling or grammatical errors are all warning signs – if there is more than one of them in an email, SMS, direct message, take extra precautions before reacting or opening it.
2. Ransomware attacks
Malware, malicious software, designed to block an organization from accessing their critical data with a threat of publishing it.
Ransomware is tied to a threat to publish or delete sensitive data and a deadline to pay the cyber attackers a ransom fee. Ransomware attacks are all too common these days. Major companies in North America and Europe alike have fallen victim to it. Cybercriminals will attack any consumer or any business and victims come from all industries.
The top causes of ransomware threats:
- Lack of employee cybersecurity training.
- Opening or interacting with phishing emails, often the starting point of ransomware
- Weak passwords and lack of multifactor authentication measures
- Lack of secure email and web gateways
- Lack of server and network monitoring tools
With the cost for companies who suffered a ransomware attack soaring to high 6-figure amounts last year, it is essential to ensure your company has the specialists, tools and training in place to protect their data and IT infrastructure.
Every ransomware attack should be reported to your law enforcement who have specialists in place to help. Preventative measures are, of course, even better – the No More Ransom Project is a good starting point for startups and companies of all sizes to start or increase the security of their data in the event of a ransomware attack.
3. Take action
Hire an Expert: the Chief Information Security Officer (CISO)
Moving into an even more connected future, the role of the CISO is becoming crucial for all companies to hire as cybercriminals continue to develop better and sometimes custom tools and techniques to create data breaches or deliver malware or information stealers into a company’s IT network. Cybersecurity and the prevention that comes with it is a lot less costly than a data breach.
You may think you’re not a target, you don’t have sensitive data, think again – if there is a ransomware attack, you can get locked out of your own systems. If there is a data breach, it may not be customer data that gets stolen, but data around your innovation.
Few things are as important to today’s companies as their cyber-readiness.
Cyber-secure companies are more
competitive, resilient and sustainable than their unprepared counterparts. […]
Don’t assume that your organization’s status quo is good enough.
Why hire a CISO for your company?
CISOs are the data protection experts and lead a company’s precautionary efforts to avoid becoming cybercrime victims. With the fast-changing reality of cybersecurity in 2023 and beyond, it is an essential senior executive role that focuses on IT security including data and infrastructure. From assessment to solution, the CISO advises and executes all needed measures to prevent, protect against and detect cybercriminals and data breaches.
Constant evaluation of potential data security risks and the required preventive steps are part of the CISO’s cybersecurity roadmap for an organization, which will include proactive measures like employee training and selecting the best tools to safeguard a company’s assets, networks and data.
It's Time to Hire Your Chief Information Security Officer
Because Key Search helps some of the world’s most exciting and innovative startups, fast-growth companies, and established brands hire their leaders, we understand the need for companies to ensure their data, innovations and business models are safe.
Our team of leadership recruitment experts uses a unique combination of decades of expertise, in-house research and assessment tools to find the perfect candidate to join your company. Contact us and schedule an introductory call to find out how we can help you protect the business model and data of your growing organization.