Cyber Security: Myths Vs. Reality

Estela Smith
Aug 14, 2019 · 8 min read

Is Your Business Secure? Eye-Opening Cyber Security Facts and Statistics

Eye-Opening Cyber Security Facts and Statistics

If you want to keep your business (and your customers) secure, you need to know the facts about what the biggest cyber risks are and how you can defend against them. Unfortunately, there are some pretty crazy myths regarding cybersecurity and a lot of people believe them. In this article, we’re going to use real statistical data to burst some bubbles and hopefully put a few misconceptions to bed.

Myth #1: Governments’ new stricter cybersecurity laws and policies are discouraging cybercriminals and reducing cyber-crime

This one sounds pretty believable. After all, governments around the world are enacting new, tougher laws against cyber crime. So, it would make sense that the cyber crime rate is going down, right? Well, not so much. Here are the facts:

  • As per Kaspersky Security Bulletin’s studies, in every 40 seconds, a business becomes a victim of a cybercrime — and that rate will rise to every 14 seconds by 2019!
  • The cybercrime economy earns an estimated profit of $1.5 trillion a year. (via Bromium’s report).
  • According to Cisco’s report, cyber-attacks have 350% yearly growth rate.
  • According to cybersecurity Ventures’ estimates, businesses will spend a total of $1 trillion on cyber security from the year 2017 to 2021.
  • U.S. Department of Justice estimates that per day 100,000 computers get infected by ransomware globally. Businesses and individuals ended up paying approx. $1 billion in ransom payment annually.
  • According to Varonis, mobile apps are highly dangerous too. Approx. 24,000 malicious mobile apps are blocked each day.
  • According to Varonis, IoT attacks has a sharp growth rate of 600 percent in 2017.
  • According to aicpa.org’s report, 60% of the U.S adult who participated in the survey reported that they or an immediate family member have been exposed a fraud scheme including phishing emails, credit card number theft, Ponzi schemes, fake calls from IRS and fraudulent charity and donation requests.
  • According to recent poll by Pewreseach, Americans find themselves highly vulnerable to cyber attacks. They considered cybercrime top security risk — ahead of the economic crisis, war with North Korea, nuclear attacks, and ISIS.
  • According to Cryptonite, ransomware attacks in healthcare industry grew by 89% in 2017.
  • According to the FBI, more than 4,000 ransomware attacks happen every day.
  • Cost associated with ransomware are estimated to hit $11.5 billion annually by 2019.
  • According to Cybersecurity Ventures’ latest estimate, by the year 2021 cybercrime damage costs will increase 100% in 6 years, with $6 trillion annually. It was $3 trillion in 2015.

Myth #2: My business is safe because it is just a small business/start-up. Hackers are only interested in big organizations.

It’s easy to see why people believe this: after all, most data breaches that make the news are big corporations like Home Depot, Equifax, and Marriott. But the reality is that there are thousands of small businesses getting breached every month — they just don’t make the news. Here are the cold, hard numbers:

  • Nearly half of all cyber attacks, costing approx. 3 trillion in damages, are estimated to get committed against small businesses by 2021.
  • 61% of breach victims in 2017 were small businesses with fewer than 1,000 employees.
  • Per day, about 4,000 small and mid-sized businesses become victim of cybercrime.
  • According to The U.S.’ National Cyber Security Alliance, 60% of small companies unable to survive a cyberattack and winds up within 6 months after becoming the victim of a cybercrime. (Denverpost)
  • If you are doing cost-benefit analysis of investing funds in cybersecurity, consider the Ponemon Institute, according to which it takes an average of $690,000 for a small-sized company to recover from a cyberattack; and, for mid-sized companies, the recovery cost is over $1 million.
  • According to SCORE infographic 43% of Cyberattacks Target Small Businesses.
  • The popular methods to attack a small to mid-size companies are stealing information to rob bank accounts via wire transfers; stealing customers’ personal identity information; filing for fraudulent tax refunds; and, committing health insurance or Medicare fraud. (Denverpost).
  • How confident are small businesses when it comes to cyber security risks? Not very. According to a poll by Keeper Security, only 14% of SMBs rated their security posture as “highly effective.
  • According to The Beazley Group, SMBs are not equip with latest cybersecurity products due to budgetary constraints and that’s why they are the soft targets for ransomware attacks.

Myth# 3: Users can trust my website because I have installed SSL/TLS certificate and enabled HTTPS.

Wait! How come that’s a myth? SSL certificate authorities claim to use strong encryption algorithm and confidently provide warranty on it! Well, the good news is, the encryption offered by SSL certificates is nearly impossible to break. The bad news is, SSL certificate’s job is to protect the data in transit between users and website. If the original website owner/authorized employee who received the data itself misuses it, SSL certificate can’t control it. So now, even cybercriminals are enabling HTTPS on their spammy sites, (all thanks to FREE DV SSL certificates!). Here are some real numbers to burst your myth about SSL certificates.

  • 58% of phishing websites are now using SSL/TLS certificate and have enabled HTTPS. (APWG.org)
  • According to FireEye’s report, HTTPS URL-based phishing attacks have growth rate of 26% over the first three months of 2019.
  • In June 2019, FBI warned the people with the message “Do not trust a website just because it has a lock icon or “https” in the browser address bar. Cybercriminals are banking on the public’s trust of “https” and the lock icon.”
HTTPS Phishing

Image courtesy: The SSL Store

In such a scenario, extended validated (E.V.) SSL can help website visitors to differentiate the original website from the fake one created for the phishing purpose. The certificate authorities verify all the business details before issuing an EV SSL. So only legit companies are eligible to get it. Plus, the organization’s legal name in the address bar, before the domain name gets displayed. This is a strong indication of authenticity.

For example,

EV SSL
EV SSL

Myth #4: Large Organizations that spend millions of dollars on cybersecurity are truly protected against cyber-attacks.

You would feel way more confident and secure in handling over your credit card number (or any other personal details) to a well-known organization than a new-small sized company. It is obvious because large organizations are considering cyber security as their top priority, paying jaw dropping salaries to their cybersecurity staff and investing millions in R&D to find out the best way to protect themselves. What if we tell you, your information is as insecure with a large organization as it is with a small one, would you believe us? Well, check out the real statistical data and cybercrime facts; and decide yourself!

  • In March 2019, Citrix, the cloud computing giant that provides cloud services to the U.S. military too through its shared services center, became the victim of a cyber attack, compromising six to ten terabytes of confidential internal information.
  • Marriott announced a data-leak, compromising the data of as 500 million guests with its Starwood Hotel brands in November 2018.
  • Equifax revealed a data theft of 145 million users’ personal information, including Social Security numbers, birth dates, addresses, and drivers’ license numbers in September 2017.
  • In Sept 2016, Yahoo revealed that it had become the victim of data theft, compromising the real names, email addresses, dates of birth, and telephone numbers of 1 billion users.
  • In Feb 2015, Anthem reported a massive data theft of 80 million patient and employee records, including names, date of birth, Social Security numbers, healthcare I.D. numbers, home addresses, email addresses, employment information, income data and more.
  • In August 2014, Hold Security company revealed that Russian hackers used programmed botnets to exploit SQL injection vulnerabilities and had stolen 1.2 billion logins and passwords on 420,000 websites around the world, enabling the group of hackers “CyberVor” to access 500 million email accounts.
  • In 2013, Hackers stole approx. 110 million customers’ private and payment data from Target’s third-party HVAC vendor.
  • According to data from Cisco’s Annual Cybersecurity Report, email hackers target Microsoft Office extensions to steal the data, and insert and distribute malicious codes.
  • Do you think companies are serious about protecting their data? Well, not all! According to Varonis’s report, 41% of companies leave an average of 1,000 sensitive files open that anybody can access without any restrictions. Plus, companies don’t take any measures at all to protect 21% of all general files.
  • A study reports that attackers get enough time to misuse the stolen data because it takes approx. 206 days for U.S companies to detect a cybercrime after the incident takes place.

These are just some famous data breaches of large organizations. Of course, there are other big companies such as Facebook, eBay, MyFitnessPal, British Airways, TicketFly, Google, Uber, T-Mobile, GitHub, Tesco Bank and many more became the victim of cybercrimes.

The takeaway from here is that no business is secured, whether a multibillionaire empire or a small blog. All it takes is just one employee clicking on a wrong link or opening a wrong webpage, or negligence while using public Wi-Fi or lack of updating software or something similar insignificant acts. All you can do is to provide cybersecurity related training to all level of employees and always be alert when surfing on the internet. Don’t click on something (email, link, video, image) if it looks too good to be true.

Myth #5: With the help of FBI, local law enforcement and cybersecurity experts, Government can deal with ransomware quite efficiently.

Ransomware is a type of malicious script that locks down users’ data -files, software, system, etc. with encryption and demand ransom money to give back the access. It is exactly like the kidnapping of the online world. When government has super smart FBI, efficient police force and entire judicial system in its pocket, who dares to mess up with it? Hacking a government website and asking ransom is like kidnapping the president for a ransom! Isn’t is freakishly risky and rather, suicidal? Well, check out some latest news and see the heights of “bravery”!

  • In May 2019, Baltimore City government was hit with a ransomware infection called Robbin Hood reportedly impacted vaccine production, ATMs, airports, and hospitals and prevented the city’s government from accessing hard drive data for a month. Estimated recovery cost is over 18 million dollars.
  • In May 2019, City of Riviera Beach, Florida paid 65 bitcoins (approx. $600,000) ransom to regain access to their computers.
  • In March 2019, Jackson County, Georgia ended up paying $400,000 to get rid of Ryuk ransomware infection.
  • March 2019, North Carolina’s Orange County hit by a third ransomware attack in six years, disrupting over 100 computers at the local library, tax department, Country Register of Deeds and Sheriff’s department.

These are just recent (2019) news. Each year, government websites are becoming victim of numerous ransomware attacks. According to the 2019 President’s Budget, the U.S. government has allocated $15 billion in cybersecurity funding this year.

Of course, millions of dollars have been already spent by the government to prevent cybercrime, but it’s not enough. Unfortunately, you can’t do anything about it. All you can do is take a lesson from such incidences and be very careful while surfing online and sharing your personal details on any places. Another takeaway is that cybersecurity is one of the best career paths one can choose in this era because it is the topmost priority for both government and Private Sector.

Estela Smith

Written by

I am a Tech Enthusiast who loves to write about Technology, WordPress Security, Cryptography, Cyber Security, Data Protection, Digital Marketing and SEO.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade