Contributed by George Mack, Content Marketing Manager, Check Point Software.

EXECUTIVE SUMMARY:

As we near the end of 2021, the threat landscape has changed greatly, but for the worse. Threat actors have become more sophisticated, resulting in an increase in data breaches, phishing attacks, and more. All of these contribute to new cyber security statistics, figures, and facts.

Do you find it difficult to keep up with the constant evolution of the threat landscape? Here are ten alarming facts to keep in mind as you plan your cyber security strategies for 2022.

  1. Data breach costs increased from $3.86 million to $4.24 million in 2021, the highest in the past 17 years. Although a popular notion is that data breaches are performed by hackers operating from outside the operation, insiders can be just as dangerous. Employees have considerable access to an organization’s IT network and sensitive data.
  2. The average cost of a data breach increased by $1.07 million due to remote work. Because of COVID-19, remote work has increased the average cost of a data breach. This should come as no surprise. When employees work from home, there are more attack vectors made available to hackers, such as phones, tablets, and PCs. Even more frightening is the fact that fewer than 3% of organizations protect their employees’ mobile devices.
  3. Connected IoT devices will reach 75 billion by 2025. This is a 3x increase from 2019. IoT is the future. Everything will continue to become more connected through technology. However, IoT devices are inherently vulnerable and poorly protected, making them attractive targets to threat actors. You need to understand the fundamentals of IoT security by gaining visibility into what devices are on your networks and to then take proper action accordingly.
  4. 95% of cyber security breaches result from human error. You must provide your employees with proper training, such as phishing awareness, to reduce the likelihood of a data breach affecting your organization. It’s often said that humans are the weakest link. Don’t forget to invest in your people as much as you invest in technology.
  1. 85% of breaches involved a human element, while only 3% involved vulnerability exploitation. Verizon’s Data Breach report emphasizes that humans continue to be the weakest link in cyber security. Organizations usually have their security tech in place while ignoring the human element. It would be wise to train your employees to recognize social engineering and phishing attacks.
  2. Stolen or misused credentials were responsible for 61% of data breaches. The passwords that are really dangerous to have stolen are the ones that provide privileged access to networks. These passwords are attractive targets since they provide hackers with access to treasure troves of sensitive data. Threat actors can also leverage these passwords for ransom payouts. This is why it’s so critical to use password security best practices.
  3. Twenty-percent of employees are likely to click on phishing email links. Of those, 5% enter their credentials on a phishing website. Phishing threats in the current cyber landscape are terrifying for organizations. From the upsurge in phishing e-mails to the increased use of fraudulent websites, organizations have seen an unprecedented increase in the volume of phishing exploits.
  4. A zero trust approach reduces the average cost of a breach by $1.76 million. As IT environments evolve, outdated security infrastructures are becoming ineffective. Because the security perimeter is no longer confined to physical office boundaries, the attack surface has expanded through mobile devices, cloud environments, IoT devices, data centers, IaaS, and more. That’s why the Zero Trust security approach should be the default – never trust any device, user, workload, or system. Always verify first.
  1. More than 93% of healthcare organizations experienced a data breach in the past few years. This is a frightening statistic. Hospitals and other healthcare entities are critical to the functioning of any developed society. Unfortunately, healthcare enterprises are often  targeted because they continue to use legacy software due to budget constraints. If hospital operations are rendered ineffective after a cyber attack, then lives are at stake, making this a highly critical industry to secure.
  2. Globally, the shortage of cyber security professionals is estimated to be 72 million. The cyber security worker shortage is getting worse. Those already working in cyber security are struggling to keep up with the demands of the job because of the increase in remote work. In addition, many executives see cyber security as a cost that doesn’t add to the bottom line. However, this is short-term thinking. Skimping on your cyber security is just asking for disastrous consequences.

With these statistics in mind, you should at the very minimum provide your employees with phishing awareness training, be sure to secure your IoT devices, and be sure to implement a zero trust framework as we move into 2022.

Get timely reports, analyses and excusive content when you sign up for the CyberTalk.org newsletter.

Further reading: Can iPhones get viruses from websites?