Key cybersecurity statistics for 2022

Up to 40% of cyber threats occur indirectly through the supply chain

Many businesses fail to prioritize and invest properly in cybersecurity. It is hardly surprising then, that up to 40% of threats^[1] happen indirectly through the supply chain. Low-effort attacks continue to be successful against businesses of all sizes, from start-ups to global enterprises. These supply chain weaknesses vary across businesses, however a lack of employee education around internet security is one reoccurring factor.

83% of cyberattacks are phishing attacks

Phishing attacks made up 83% of all cyberattacks^[2] last year. For the low effort and high reward, it is easy for hackers to adopt a scattergun approach by targeting organizations through their least cyber-aware employees. Success relies on various social engineering techniques, such as mimicking authority and creating a sense of urgency. Once an employee clicks on a malicious link, your system could be open to a virus or ransomware attack – resulting in anything from company downtime to a loss of customer trust.

Today, bot traffic accounts for up to 70%^[3] of all website traffic on the Internet

We’ve all encountered bots – or autonomous internet programs – at some point. We can say that with confidence because, in 2022, bot traffic accounts for up to 70% of all website traffic. This means you certainly would have encountered one: a chatbot on a website is an example of a ‘friendly’ bot. Unfortunately, not all bots were created equal – there are plenty of malicious ones out there.

For example, DDoS (Distributed Denial of Service) bots target websites indiscriminately to overwhelm a server and disrupt business operations. Other malicious bots include credential stuffers, brute force password crackers, and hackers distributing malware and infecting websites. Businesses should be vigilant against them all as they can be a nuisance at best, but at worst they can be a point of entry for several types of malware which can severely disrupt day-to-day business operations.

LinkedIn-related social media phishing emails are clicked the most

What could be alarming for most readers is how easily they can become victims of social engineering on LinkedIn. As a social media platform with over 750 million users worldwide, it is the largest professional networking website of its kind. Known as a reliable source for networking and information, it is also the ideal environment to target businesses with phishing attacks. Due to its status as a reputable source for professionals and businesses, phishing emails seemingly from LinkedIn can appear legitimate to employees with low cyber awareness. In Q1 of 2021, LinkedIn-related phishing emails remained the top clicked-on social media mail (42%), ahead of the likes of Facebook (20%) and Twitter (9%)^[4].

The top vulnerabilities seen last year were SSL misconfiguration, missing HTTP security headers and outdated website components

A secure website is a solid foundation for any cybersecurity defense line - but this is often where businesses fall short. Defense.com’s data illustrates this, with SSL and certificate management comprising the largest share of vulnerabilities discovered in 2021.

SSL, otherwise known as Secure Sockets Layer, is an encryption-based internet security protocol designed for privacy, authentication, and data integrity in online communications. You may recognize it as the modernised TLS, the evolved successor of SSL, which stands for Transport Layer Security. Like SSL, TLS encrypts data sent over the Internet to secure sensitive communications from the prying eyes of hackers, such as banking information and passwords. When organizations misconfigure their SSL or TLS certificates, all shared information is unencrypted and is much easier for hackers to harvest and exploit.