Is it a coincidence that Halloween and Cybersecurity Awareness Month are both in October? We don’t think so. Just like with Halloween, the realm of cybersecurity is filled with people masquerading as someone or something they’re not. You can tell when someone’s wearing a Halloween costume, but can you or your clients tell when a bad actor or ransomware has breached your systems? You may think yes, but we’ve found evidence that’ll give you nightmares. Here are several frightening and enlightening cybersecurity stats.
In 2021, it took an average of 212 days to detect a breach and 75 days to contain it.
According to their Cost of a Data Breach Report, IBM found that the total lifecycle of a breach is 287 days. That’s a whole week longer than in 2020, with an average lifecycle of 280 days (207 to detect and 73 to contain). In other words, if a business was breached on January 1, 2021, they would STILL be trying to contain it right now — finally containing it on October 15, 2021.
In the first 6 months of 2021, ransomware attacks in the US increased 185% and increased 144% in the UK.
Yes, you read that right — a triple-digit percentage increase in just 6 months! This Mid-Year Threat Report also found that ransomware volume rose 180% across all of North America and jumped 234% across all of Europe.
50% of MSPs reported that ransomware attacks averted antivirus/anti-malware solutions.
In the Datto State of the Channel Ransomware Report, MSPs stated that ransomware averted cybersecurity efforts including employee training, antivirus, email filtering, pop-up blockers, and endpoint detection. Drilling down further into which antivirus/anti-malware solutions that didn’t catch the attacks, MSPs said anti-malware filtering (59%), legacy signature-based antivirus (42%), endpoint detection and response (24%), and NextGen antivirus (12%).
The average cost of ransomware remediation increased 143% from 2020 to 2021.
Sophos found that the average cost to rectify the impacts of a ransomware attack jumped from $0.76 million USD in 2020 to $1.85 million USD in 2021. This cost takes into consideration downtime, people time, device cost, network cost, lost opportunity, and ransom paid.
Only 65% of data was restored after companies paid the ransom.
To rub salt in the wound, Sophos also found that after paying the ransom, over one-third of the organizations’ data was still inaccessible. Additionally, of those that paid the ransom, 29% reported that 50% or less of their files were restored and only 8% got all their data back.
67% of end users don’t know what ransomware is.
Sure, “ransomware” is an everyday term for IT professionals, but when it comes to end users…let’s just say there are a few things they still need to learn before they’re not a risk to an organization’s network. To give you a little glimmer of hope that not all is lost, in their State of the Phish Report, Proofpoint did find that 63% know what phishing is and 65% know what malware is. But remember, there’s a BIG difference between knowing what something is and knowing how to avoid it.
70% of organizations don’t include best practices for remote working in their security awareness training.
Proofpoint also found that when the whole world shifted to remote work in 2020, 82% of global businesses required or requested more than half of their employees switch to remote work, and yet only 30% of them trained employees on remote work security best practices. More specifically, 90% of US (and 92% of UK) businesses had more than half their employees switch to remote work with only 29% of US (and 36% of UK) businesses actually providing relevant security training.
45% of end users say they did not change their passwords in the past year, even after a breach.
While scary, it shouldn’t be that surprising that end users are rather careless with their passwords. As LastPass has looked at the Psychology of Passwords, and what’s truly scary is they proved that most end users know password security is important but don’t seem to actually care enough to do it. After all, 92% say they know that using the same password or a variation is a risk, but 65% still do. Additionally, 68% of those who reuse passwords are afraid of forgetting them, and 52% want to be in control of all their passwords.
Don’t be Scared. Be Prepared.
When you see stats like these, it’s easy to see why there’s a whole month dedicated to cybersecurity and awareness. Make sure your clients are well-protected and properly trained so a weak security strategy and bad habits don’t come back to haunt them. With no tricks and all treats, our security vendors have the solutions you need, and Pax8 is always here to help shine a light on any uncertainties or questions you have.