As per a recent survey conducted by SANS Institute; it has been revealed that 40% of ethical hackers said that they can break most of the environments they test to date. That report also revealed that nearly 60% of ethical hackers can easily break into the corporate environment. In an attack chain, they need five years to execute each step that includes ‘reconnaissance, exploitation, privilege escalation and data exfiltration, with an end-to-end attack taking less than 24 hours.”
Though the statistics are on ethical hackers who are top of their skills; the threat is still there. For that reason, every digital asset must have a few cyber hygiene features that include multifactor authentication, strong password, exceptionally good anti-malware, and regular patching.
Another stat reveals that phishing attacks are driven by mobile phones. In one quarter, more than 1 million phishing numbers have been reported by ‘vishing, smishing, and other lures that target mobile devices.
APWG (Anti-Phishing Working Group) has published the “Phishing Activity Trends Report” that said that the second quarter of 2022 has seen around 1,097,811 phishing attacks; the maximum number in history.
The financial sector is the most targeted industry for phishing. Other industries like webmail, social media service, software-as-a-service provider, and cryptocurrency. Though fraud is coming through via different OTT apps and instant messaging apps like Whatsapp, WeChat, or Messenger; SMS is still the leading threat to date.
Phishing is one of the favorite tools of hackers. Generally, it comes as an email attachment from some bank or authentic organization or some personal email but sometimes phishing attacks can be web-based too.
Webroot has recently published another report and according to that, every day around 46,000 new websites for phishing are created globally and which means 1.385 million new phishing websites are developed every month.
Wandera has added more scary information because at a granular level, a new phishing website is launching every 20 seconds. Just like any other technology, phishing technology is also improved with time. There are many tools and graphics on the Dark Web that replicate the email template from a bank, company, or any friend with a slightly misspelled representation. With the help of machine learning; they shoot thousands of emails per second. So, every web user should be very alert before clicking on any link.
With the increasing threat; cloud-based digital assets are also facing challenges in security. In a new statistic published by Venafi, in the last 12 months, more than 80% of organizations reported cloud-related security threats. Surprisingly half of those organizations have reported at least 4 incidents in the same time frame.
On the other hand, more and more companies are going through the phase of digital transformation, and 2 out of 5 applications are hosted on the cloud despite the risk of security incidents in the cloud environment.
As per a new finding of Venafi, 64% of worldwide businesses suspect that they are impacted or targeted by Nation-State attacks. Global political unrest is a major issue from which many organizations are suffering. 82% of organizations believe that there is a strong connection between cybersecurity and global geopolitics. 77% of enterprises believe that we are on the verge of cyber war and there is a huge scope of hacking as a result of the unrest in the nation-state.
Cyber attacks are not restricted to the IT industry anymore; industrial control systems are also the target area of hackers. In fact, the latter sector is much more vulnerable than the IT industry.
The reason is that the industrial control systems that are currently in use are designed and developed at least two decades ago. Those systems are not upgraded to prevent cyberattacks. On the other hand, the IT systems are managed and updated actively with frequent firmware and patches.
A survey conducted by SpyCloud revealed that in 2022, around 90% of organizations are affected by ransomware which is an alarming 72.5% increase from last year. Though many organizations are investing in cybersecurity services; a continuous attack of ransomware put the data of the organization at stake. It has been seen that educational institutes are more badly suffering from ransomware. Apart from them, it is the global supply chain that has been hugely affected by the ransomware attack.
Conclusion:
Surprisingly, knowing all the threats and the potential consequences; many organizations still don’t pay much attention to cyber security testing services. It can cost the organizations not only millions but also their reputation will be at stack.
It is very important to safeguard digital assets to avoid issues like data breaches or ransomware attacks. So, it is high time for every organization to put cybersecurity in the top three tech budget priorities for every financial year.