We all hear about Cyber Security and the many times businesses have been hit. Of course, the problem lies in the technology. We need to beef up our security! We must improve our firewalls! Get a SOC/SIEM to actively watch our networks. Roll out EDR (Endpoint Detection and Response) systems across the board. Implement Multi Factor Authentication (MFA) on ALL systems. Implement Geo-fencing in our applications. When we do all of the above we can take a deep breath and say “we’ve got this!”.
WRONG! The single biggest problem in today’s computer system are the people! The statistic run as high as 97% (based upon who did the report) but all of them agree that human failed response is at the top of the problem. Here are some interesting statistics from 2022:
- For Ransomware email phishing accounts for 90% of all attacks.
- Of all phishing attacks, 96% arrive by email. 3% are carried out through malicious websites and 1% via phone.
- Roughly 15 billion spam emails make their way across the internet everyday, which means that spam filters are “working overtime” and are liable to permit malicious phishing attack emails to slip through.
- 33% of phishing emails are opened! What do think the odds are of clicking on a link then?
- Well, 42% of workers have reported clicking on an unknown link at some time.
- Only 1 in 99 emails are phishing, however of that 1%, 25% of them make their way through Office 365 (which most of us run nowdays).
- 65% of the attackers use spear phishing as the primary method of attack. Spear phishing is the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information. Basically the email address is right BUT the link data goes to the attacker.
- The average cost of a ransomware attack is $4.65 Million according to IBM.
- According to the Swiss Cyber Institute, LinkedIn phishing messages represent 47% of all social media phishing attempts.
These simple statistics alone should scare you so if you are NOT providing your end users with Cyber Education then be prepared to pay the dues. And even if you are providing Cyber Education are you 100% SURE they are taking it? What steps have you implemented to make sure that your employees are actually watching and participating in the training?
Maybe it’s time to find out what options are out there that can help you not only educate your staff but make sure that they are actually doing the training! Give one of our staff a call to come an discuss the low cost options of proper Cyber Education (trust us, it’s cheaper than Ransomware).