In this blog
- Up to 40% of cyber threats occur indirectly through the supply chain
- 83% of cyber attacks are phishing attacks
- Today, bot traffic accounts for up to 70% of all website traffic on the Internet
- LinkedIn-related social media phishing emails are clicked the most
- The top vulnerabilities seen last year were SSL misconfiguration, missing HTTP security headers and outdated website components
- Complacency can be fatal
09 May 2022
Every business needs to know how to protect themselves from cyber attacks in today’s online threat landscape. With the level of threats constantly on the rise, keeping yourself updated with the latest information is the first step to understanding where you can increase your security defences. Cyber security statistics and trends allow organisations to understand the challenges they face, as well as being aware of common security mistakes which could leave them vulnerable.
From our own independent research and hands-on experience delivering security solutions within a variety of industries, we have identified some key cyber security statistics to be aware of so you can start to think about how best to protect your business, using the following insights from Defense.com's Annual Cyber security Industry Report.
This research is based on data from real businesses of varied sizes and from different sectors, giving you a holistic overview into what your business should be focusing on for the year ahead.
Up to 40% of cyber threats occur indirectly through the supply chain
Many businesses fail to prioritise and invest properly in cyber security. It is hardly surprising then, that up to 40% of threats happen indirectly through the supply chain. Low-effort attacks continue to be successful against businesses of all sizes, from start-ups to global enterprises. These supply chain weaknesses vary across businesses, however a lack of employee education around internet security is one reoccurring factor.
83% of cyber attacks are phishing attacks
Phishing attacks made up 83% of all cyber attacks last year. For the low effort and high reward, it is easy for hackers to adopt a scattergun approach by targeting organisations through their least cyber-aware employees. Success relies on various social engineering techniques, such as mimicking authority and creating a sense of urgency. Once an employee clicks on a malicious link, your system could be open to a virus or ransomware attack – resulting in anything from company downtime to a loss of customer trust.
Today, bot traffic accounts for up to 70% of all website traffic on the Internet
We’ve all encountered bots – or autonomous internet programmes – at some point. We can say that with confidence because, in 2022, bot traffic accounts for up to 70% of all website traffic. This means you certainly would have encountered one: a chatbot on a website is an example of a ‘friendly’ bot. Unfortunately, not all bots were created equal – there are plenty of malicious ones out there.
For example, DDoS (Distributed Denial of Service) bots target websites indiscriminately to overwhelm a server and disrupt business operations. Other malicious bots include credential stuffers, brute force password crackers, and hackers distributing malware and infecting websites. Businesses should be vigilant against them all as they can be a nuisance at best, but at worst they can be a point of entry for several types of malware which can severely disrupt day-to-day business operations.
LinkedIn-related social media phishing emails are clicked the most
What could be alarming for most readers is how easily they can become victims of social engineering on LinkedIn. As a social media platform with over 750 million users worldwide, it is the largest professional networking website of its kind. Known as a reliable source for networking and information, it is also the ideal environment to target businesses with phishing attacks. Due to its status as a reputable source for professionals and businesses, phishing emails seemingly from LinkedIn can appear legitimate to employees with low cyber awareness. In Q1 of 2021, LinkedIn-related phishing emails remained the top clicked-on social media mail (42%), ahead of the likes of Facebook (20%) and Twitter (9%).
The top vulnerabilities seen last year were SSL misconfiguration, missing HTTP security headers and outdated website components
A secure website is a solid foundation for any cyber security defence line - but this is often where businesses fall short. Defense.com’s data illustrates this, with SSL and certificate management comprising the largest share of vulnerabilities discovered in 2021.
SSL, otherwise known as Secure Sockets Layer, is an encryption-based internet security protocol designed for privacy, authentication, and data integrity in online communications. You may recognise it as the modernised TLS, the evolved successor of SSL, which stands for Transport Layer Security. Like SSL, TLS encrypts data sent over the Internet to secure sensitive communications from the prying eyes of hackers, such as banking information and passwords. When organisations misconfigure their SSL or TLS certificates, all shared information is unencrypted and is much easier for hackers to harvest and exploit.
Complacency can be fatal
We know that attackers are only growing more sophisticated in their strategies when attacking businesses. With so many organisations failing to prioritise cyber security, hackers have more than enough opportunities to target and exploit weak points. That’s why it is imperative to ensure you have a solid line of defence when it comes to your cyber security.
Need help keeping your organisation protected?
Get in touch today to start your free trial of Defense.com™ or request a demo to discover how we can help you take the stress out of your cyber security.