16 Mar Cyber Risk Statistics and the Need to Secure Sensitive Information
Hackers continue a relentless barrage
Last December, the U.S. government announced a major cyber breach by Russian hackers. Before we had understood fully the impact of that attack on 18,000 organizations and government agencies, we learned “holes” in Microsoft’s email software led to another compromise of 30,000 U.S. organizations. That attack was by Hafnium, a group operating from China.
But cyberattacks are not all by foreign actors, nor about espionage. Financial gain is the motive in 86 percent of breaches, according to the 2020 Data Breach Investigations Report by Verizon1. And in the majority of cybercrime, the perpetrator and victim are located in the same country.
Further, due to error and “privilege misuse,” 30 percent of cyber breaches in North America stemmed from people inside an organization. That 30 percent includes inadvertently “leaving the door open” as well as malicious intent.
Hackers of all kinds continue a relentless barrage of attacks on everyone. According to a University of Maryland study2, hackers attack computers connected to the internet every 39 seconds. On average, your computers are under attack 2,244 times a day. In the first half of 2020, data breaches exposed 36 billion records.
It seems there’s nowhere to hide. Do you doubt a hacker could get into your organization’s emails or data files?
Cybersecurity firm Varonis has aggregated 134 statistics and trends3 from multiple sources, including from the Verizon and University of Maryland studies, to paint a picture of the cybersecurity landscape. If security practices are on your list of things to get to, get to it!
Several of the identified activities can affect the procure-to-pay area. Email is very often an entry point. System and file username/password weaknesses continue to leave companies vulnerable, and too many files are accessible by too many people.
Here are just a few of the statistics:
- Email is the delivery route for ninety-four percent of malware.
- The top malicious email attachment types are .doc and .dot, which make up 37 percent, the next highest is .exe at 19.5 percent.
- Phishing attacks account for more than 80 percent of incidents.
- Email phishing attacks increased in 2020 to account for one in every 4,200 emails
- Data breaches exposed 36 billion records in the first six months of 2020.
- Fifteen percent of cyber breaches involved healthcare organizations, 10 percent the financial industry and 16 percent the public sector.
- Human error is behind 94 percent of cybersecurity breaches.
- In 20 percent of organizations, remote workers have caused a security breach.
- Forty-seven percent of remote employees that fell for a phishing email cite distraction as the cause.
Cybersecurity firm Cybint quotes IBM’s CEO Ginni Rometti saying, “Cybercrime is the greatest threat to every company in the world.” Get informed and stay informed. Cybint offers this: “Understanding cyber terminology, threats and opportunities are critical for every person in every business across all industries.”
The constant threats and attacks are why your I.T. department personnel’s hair is turning grey. And why they are issuing guidance to the company. I.T.’s requirements may seem inconvenient or irritating. Meet them anyway. Train your staff. Staff training must be well designed, and your team must take it seriously for it to be effective.
The internal controls in your policy and procedures can only protect the organization if your team follows them. Remember, human error is behind 94 percent of security breaches. You cannot eliminate human error. But you can reduce it.
That old annoyance of good password creation, protection and periodic change is critical to all applications, from email accounts to system and file access. And we can’t say it enough: email is not secure. Vendors should not transmit sensitive data via email. Find alternatives to it.
A correctly designed vendor portal provides a secure way for vendors to transmit their sensitive information to you. To learn more, contact us.