According to Symantec’s 2017 Annual Internet Security Threat Report:

  • Malware-laden email increased significantly, from 1 in 220 emails in 2015, to 1 in 131 emails in 2016 – the highest rate in five years. With the exception of retail, every industry saw an increase in email malware in 2016; small to medium-sized businesses (1 to 500 employees) were the most affected.
  • Average ransom demands in 2016 rose to $1,077, up from $294 in 2015.
  • There was a two-fold increase in attempted attacks against IoT devices (webcams, wifi thermostats, etc.) in 2016, and, at times of peak activity, the average IoT device was attacked once every two minutes.
  • The average organization was using 928 cloud apps in 2016, up from 841 in 2015. However, most CIOs think their organizations only use around 30 or 40 cloud apps.
  • 357M new malware variants were discovered in 2016, up slightly from 355M in 2015.
  • 76% of scanned websites had outstanding vulnerabilities.
  • 3,986 zero-day exploits were identified in 2016.
  • Fileless/”living off the land” tactics—the use of legitimate tools for malicious activity—poses a significant threat to all businesses. Additionally, Symantec’s analysis in late 2016 showed that 95.4% of inspected PowerShell scripts were malicious.
  • Symantec blocked an averaged of 229,000 unique web attacks per day in 2016.
  • On average, 2.4 browser vulnerabilities discovered per day in 2016.
  • In 2016, there were 15 mega breaches (more than 10 million identities were stolen), an increase from 11 in 2014 and 13 in 2015 – 90% of identities stolen in the US were exposed in just eight mega-breaches.

Full report can be downloaded here: ISTR22_Main-FINAL-APR24

Phishing and Ransomware have become part of a billion-dollar industry. If not handled correctly, protecting your business from attackers/hackers will not only become a full-time job, but it will be a losing battle that could end up costing your business (and potentially your customers) thousands of dollars or more. We can ease this burden by conducting a comprehensive security audit and ensuring compliance with relevant industry standards and best practices as well as with any applicable federal and state laws.

We will:

  • Examine your current network design, hardware and software to identify potential vulnerabilities and make any recommendations.
  • Develop, revise and/or update maintenance, security and disaster recovery policies
  • Provide end-user training

Comments

comments

Categories General
Tags , , , , , , ,