Cybersecurity Month is here again, and Heart Internet is joining organisations from more than 40 countries to raise awareness of the dangers of cybercrime and to offer tips and advice on how individuals and businesses can avoid falling victim to it.
Statistics show that cybercrime rocketed during the Covid-19 pandemic.
Cyber criminals posed as delivery companies, vaccine providers, the NHS, the police and the government and to extract both data and money from victims.
Attacks on businesses, meanwhile, targeted supply chains, courier companies, educational organisations, SMEs and more.
What’s more, the increased anxiety caused by the pandemic heightened the likelihood of cyber attacks succeeding.
In addition to the overriding message of #ThinkB4UClick, the 2021 Cybersecurity Month initiative has two main themes.
- First aid: highlighting what you should do if you fall victim to a cyber-attack
- Be cyber secure at home
Over the coming weeks, we’ll be looking into these topics in more detail on this blog.
However, to start the month off, we’ve rounded up a list of 20 startling facts and figures that show just how seriously individuals and businesses should take cybercrime.
- If it was measured as a country, cybercrime would be the world’s third largest economy after the USA and China, according to the editor in chief of Cybercrime Magazine.
- 40% of UK businesses experienced a cyberattack in 2020.
- 44% of retail and education firms worldwide were hit by ransomware in 2020.
- More than 700 councils in the UK reported data breaches in 2020.
- The average CEO will receive 57 targeted phishing attacks a year.
- In a single analysis of 1,500 corporate networks in June 2021, Zscaler cloud security found 200,000 unpatched common vulnerabilities and exposures.
- In June 2021, the CEO of the UK’s National Cyber Security Centre said ransomware was the key cybersecurity threat facing the country.
The shocking scale
- One of the largest Denial of Service (DDoS) attacks in the history of the internet took place in September 2021. The company, Yandex, was hit by 22 million requests per second.
- In April 2021, the Facebook data of 533 million people across 106 countries, including 11 million people from the UK, was posted online.
- In July 2021, data belonging to 700 million LinkedIn users was advertised for sale on the dark web.
- In August 2021, cyber security firm D3Lab discovered data belonging to one million credit card holders on an underground web forum.
- In 2020, email-based cyber security scams increased by 61%.
- 7.7 trillion pounds – this is how much Cybersecurity Ventures predicts cybercrime will cost the world every year by 2025.
- The average cost of a cyber-attack on a UK business is £8,460 according to the Department for Digital, Culture, Media & Sport.
- This figure rises to £13,400 for medium and large businesses.
- 5% of successful attacks cost businesses £730,000 or more.
- £1.5 million is the average cost – globally – of a ransomware attack on a financial services firm.
- 54% of 18 to 24-year-olds care more about their deadlines than causing a data breach.
- 36% of staff in the UK and USA feel forced into ‘bad security behaviours’ while working from home.
- 85% of successful data breaches involve defrauding humans, rather than exploiting flaws in computer code.
- Global take-up of cyber insurance rose from 26% to 47% between 2016 and 2020.
3 quick wins that individuals and businesses can make with cyber security
Don’t ignore updates
Yes, that little pop up telling you that you need to update an app or certain piece of software always appears at the wrong time.
However, ignoring it can leave your computer/s open to abuse.
If you’re an individual, update as soon as you can.
If you run a small business, explain the importance of prompt updates in your training sessions on cybersecurity.
Don’t be lazy when it comes to passwords
It’s easy to get frustrated when it comes to remembering passwords.
Cardinal sins of password use include:
- Using the same password for multiple accounts
- Using a password that only contains lower case letters and no symbols or numbers
- Using a password that’s easy to guess – for example it’s a birthday, your favourite sport, or your child’s name etc.
- Using a generic password like 1234567 or qwerty.
- Storing your passwords on post-it notes – discover the trouble Republican party representative Mo Brooks recently got into after he posted a photo on twitter that included the post-it note he stored his own password on.
If you run a small busines, you might want to consider using multi-factor authentication to protect your employees from credential theft. Prices start from less than £2 per employee a month.
Always take a proactive approach
It’s easier to protect against a cyberattack than it is to repair things afterwards.
Individuals can be proactive by carrying out updates, practicing password hygiene, and brushing up on how to spot scams and attacks.
Businesses with websites can also be proactive by investing in website security tools like Sucuri.
At Heart Internet, we’ve cut the price of our annual Sucuri packages by up to 25%.
So you can get all of the below for as little as £47.88 a year.
- Unlimited malware scans, detection and removal
- Google blacklist monitoring and removal
- 12-hour response time to any security issues
Further resources on cyber security can also be found in our white paper:
Dark web: The dark web is a ‘parallel’ part of the internet that can only be accessed through specific software and authorisations. It’s where cyber criminals carry out their business because they can stay anonymous and remain untraceable.
DDoS: Aka a Denial of Service attack. A cybercriminal will send multiple requests to a website or web resource. These requests will overwhelm the website and prevent it from functioning properly. In many cases, it will crash completely.
Phishing: In a phishing scam, an attacker sends a fraudulent message to a victim. This message is designed to trick the victim into revealing sensitive data or to allow the attacker to infect the victim’s tech with malicious software.
Ransomware: With ransomware, attackers threaten to publish a victim’s personal data or block access to the victim’s computer unless a ransom is paid.
Smishing: A form of phishing which utilises SMS text messages to trick the victim.