Hacking is easy. And profitable. An average phishing attack could potentially cost a mid-sized organization $1.6 million. But, there are many other ways that organizations could be breached. Here are the top five ways that we see organizations could be breached:
- Social Engineering
- 1 in 131 emails contains malware.
- 4,000+ ransomware attacks occur daily.
- The number of Phishing Attacks increased 65% last year.
- Avg. phishing attack costs a mid-sized company $1.6 million.
- 47% of attacks in 2017 caused by phishing.
- More than 90% of exploited vulnerabilities in 2015 were more than one-year-old and nearly 20% were published more than 10 years ago.
- 8,000 vulnerabilities a year were disclosed over the past decade.
- 85% of successful hacks used the top 10 exploits.
- Poor Patch Management
- 45% of companies are not using a dedicated patch management solution to distribute and manage software updates.
- 72% of decision-makers do not deploy a patch within 24 hours after it is released to the public.
- Failure to patch caused the infamous Equifax breach, releasing the data of 143 million people.
- Mobile Cyber Attacks
- In Q1 of 2017 alone, mobile ransomware attacks increased by 253%.
- 66% of security professionals doubt their organizations can prevent a breach to employees’ devices.
- The most mobile attacks occur on businesses in the US. Businesses average 54 mobile malware infections.
- No Security Monitoring
- 81% of data breach victims do not have a system in place to self-detect data breaches.
- Many companies rely on notification from third parties to let them know about a data breach on their network, increasing the time to detection from 14.5 days to 154 days.
According to the FBI, business email compromise (BEC) alone cost businesses worldwide over $5 billion from 2013 to 2016. Here’s the disconnect: phishing skirts technology by targeting human beings. That’s why it’s critical to educate employees to recognize and report all manner of phishing attacks.
Gartner argues that the biggest threats are not the ones that risk causing the most damage to you, but simply the vulnerabilities in your organization’s environment that are being actively exploited “in the wild.”
According to its research, the primary method of compromise for most threats is the exploitation of known but unmitigated vulnerabilities, not zero-day threats or new exploits. This is largely a matter of cost: threat actors will continue to primarily use the most cost-effective and reliable exploits instead of new ones because they too have limited time and resources.
How to address these cyber threats
Cybriant PREtect integrates five essential security controls delivered as a single subscription service.
Here are a few things that PREtect can help with:
- Reducing your threat landscape: We targeted the top 5 common cyber breach vectors mentioned above and bundled services that will reduce your risk of loss due to breach.
- Building a solid security foundation: Our services are based on the NIST Cybersecurity Framework which consists of standards, guidelines, and best practices to manage cybersecurity-related risk.
- Simplify compliance: Each PREtect service will help you operationally comply with any cybersecurity regulatory requirements
- Speeding time to business value: We have the expertise, data, processes, etc. to make your security tools work at peak efficiency. More info at www.cybriant.com/pretect.
- Sources: https://www.recordedfuture.com/vulnerability-patch-management/