Cybersecurity isn’t just a hot topic of discussion within the IT channel; businesses and governments worldwide have too turned a sharp eye toward rising cyber threats.
The unfortunate thing is that many have learned the hard way that small businesses are frequent targets of cyberattacks – the idea of “targeting a victim” itself has come into question, and more realize that widespread, indiscriminate attacks are the status quo. This means that SMEs are more vulnerable to such approaches as they typically lack the awareness, internal IT staff, and cyber posture to resist them.
And yet, this is only one of many realizations that have emerged in the cybersecurity sector over the last year. Many new trends are on the rise, along with new threats, and SMBs need to be fully aware of them in order to protect their company’s network and data.
So what are the 5 cybersecurity statistics that every SMB needs to know in 2023?
#1: Hackers can penetrate at least 93% of a company’s network
According to a recent research, cybercriminals can reliably penetrate 93% of organizations’ networks! Insane, isn’t it?
A well-known IT research company recently conducted a series of pen tests across several large sectors, including finance, fuel and energy, government bodies, industrial businesses, and even IT companies. The results showed that in 93% of test cases, an attacker could breach an organization's network defenses and gain access to the local network.
A study by CISCO also reveals that 40% of the SMEs that faced a cyberattack experienced at least eight hours of downtime. Downtime accounts for much of the overall financial damages of a security breach.
On top of that, more attacks are being targeted at small and medium-sized businesses. While 43% of cyber-attacks are aimed at small businesses, only 14% are considered prepared, aware, and capable of defending their networks and data.
Additionally, as pointed out in a Cybersecurity Magazine:
30% of small businesses view phishing as their biggest cyber threat
83% of small and medium-sized businesses are not prepared to recover from the financial damages of a cyber attack
91% of small businesses haven’t purchased cyber liability insurance, despite awareness of risk and the likelihood that they would be unable to recover from an attack
Only 14% of small businesses consider their cybersecurity posture as highly effective
#2: Humans are still being exploited as the “weakest link” in a cybersecurity plan
Email phishing, spear-phishing, and social engineering continue to trend as the most common and reliable means of illegally accessing a network. Over 12 million phishing and social engineering emails landed in the mailboxes of more than 17,000 U.S. organizations in 2021 alone. In addition, 85% of breaches involved a human insider, and 61% of breaches involved weak passwords or compromised credentials.
Social engineering and phishing are the most frequently used methods. Even when the appropriate software, hardware, and patches are in place, the human element still provides a weak point for entry. As we all know, this attack vector-only became more viable after the pandemic, as many businesses turned to remote workplace modalities and rushed themselves through the digital transformation process as a matter of survival. Numerous studies have shown that cyber risk increased in line with increases in remote work.
In addition, these reports revealed:
70% of office workers use work devices for personal tasks
37% of office workers use their personal computers to access work applications
57% of data breaches could have been prevented by installing an available patch
#3: Vastly more breaches have been linked to account compromises and poor permissions control than viruses
One common thread in the modern cybersecurity narrative is a general shift away from the importance of AV and firewall and an increased focus on endpoint security. Despite this, 1 out of 5 small businesses don’t have any endpoint protection in place. This could be due to the fact that many small businesses lack any type of in-house IT support, much less cybersecurity expertise.
This means that the onus of SME endpoint security falls upon MSPs in most cases. Managed service providers must make small businesses aware of the need for password hygiene, permissions control, and other endpoint security measures like data encryption.
#4: The simplicity and efficacy of ransomware continue to make it a preferred choice for hackers
Worldwide ransomware damages and ransom payments added up to over $20 billion in 2021. This number is expected to rise to over $265 billion by 2031
37% of all businesses and organizations were hit by ransomware last year. This number is also expected to increase year over year
Recovering from a ransomware attack carries a high cost. Larger businesses lost an average of $1.85 million in 2021
Research on known ransomware victims shows that while 32% pay the ransom, they only get an average of 65% of their data back
Only 57% of ransomware attacks have been successfully mitigated by restoring backups
#5: Organizations of any size could experience an attack targeting their cloud data.
Trends toward the cloud have of course led to a trend in cloud-targeted cyberattacks. Since 2020, 79% of companies with data in the cloud have experienced at least one cloud breach. This is no small number, as reports show 92% of organizations are currently hosting at least some of their data or IT environment in the cloud.
This is, yet again, an issue that can be traced back to the COVID-19 pandemic. The unanticipated speed at which many organizations have adopted cloud technology has created many unique vulnerabilities.
Various studies on this growing threat have shown:
46% of organizations use cloud-based applications purpose-built for the cloud; 54% moved applications from an on-premises environment
47% of companies surveyed found that users had unnecessary privileged access, and 25% experienced problems with unauthorized users
Top cloud security concerns include data loss and data leaks (69%), data privacy (66%), and accidental exposure of credentials (44%)
The highest ranked cloud threats are misconfiguration (human error), unauthorized access, poorly secured interfaces, and account hijacking
End-user spending on public cloud services is expected to grow to $362.3 billion worldwide in 2022
These statistics may seem daunting, and many small businesses feel helpless in the face of these numbers. After all, sophisticated cybersecurity tools and qualified experts don’t come cheap and can be hard to justify, even when an SMB knows that a cyber-attack could put their company out of business.
However, just a word of advice – don’t go cheap on risk mitigation. It is always better to be safe than sorry! Remember that!