The data breach report is based on a survey conducted by Kaspersky and B2B International on September 30, 2020. Researchers interviewed 4,179 businesses globally, with 50 and up to 4,999 employees. Surveyed companies are from the following 5 industries: financial services, government, manufacturing, IT and telecommunications, retail and wholesale.
Analysis reveals that out of the 4,179 businesses, 45% lost data to hackers in the past 12 months. IT and telecommunication companies saw breaches most often, with 53% of companies losing data. IT and telecommunication businesses often have customers’ financial information, in addition to other sensitive data, such as private conversations, social security numbers, and addresses.
Next up is the retail and wholesale industry, in which 52% of businesses experienced a data breach in the last year. Such cybersecurity incidents in retail businesses can damage the brand’s reputation, which leads to losing numerous customers, especially those who are privacy-conscious.
Third on the list is financial services, where exactly half of the respondents stated that their business lost sensitive data to fraudsters. Breaches in the financial industry are a huge concern since an unnoticed leak allows cybercriminals to drain the victims’ bank accounts.
Companies in the government sector are not an exception to the rule, as 46% of them had a data leak in the last 12 months. Attacks aimed at the government are more often than not supported by foreign authorities, whose aim is to obtain political and military information.
Finally, manufacturing and industrial companies experienced data breaches least often, but still a significant amount, at 43%. The danger is mostly to the businesses themselves, as competitors hire hackers to steal inside data which would destroy the competitive advantage the victim company had.
Most common threats overall
Shockingly, as many as 78% of surveyed businesses reported some kind of a cyber threat in their systems last year. On average, a cyber incident caused $312,117 in damages.
Besides data breaches, viruses and malware are the most common threats detected. Over 43% of companies experienced viruses and malware in their internal network in the last 12 months.
There is a wide variety of viruses and malware created by hackers. Nonetheless, the overwhelming majority of them are created to make money illegally.
Also, 39% of companies reported that bring-your-own-devices (BYOD) had been infected by malware as well. Some companies provide all the needed equipment for work, while others require employees to bring their own computers and mobile devices. Company-owned equipment usually has at-least some security measures in place as soon as the employee gets the device. However, that is not the case with BYOD equipment. There is no guarantee that employees update their computer software, which leaves vulnerabilities that hackers can abuse.
The fourth most common cyber threat in businesses globally is crypto-malware and ransomware. Crypto-malware is a type of ransomware that encrypts a user’s files and demands a ransom. Fraudsters can also steal the data, delete it from the company’s database, and request a ransom (usually in Bitcoin) to get back the data. Unfortunately, companies often choose to pay the ransom to avoid damaging their public reputation, hence further encouraging such attacks.
DDoS attacks are one of the most known types of cyberattacks, which affected 34% of companies globally in the last 12 months. DDoS is short for Distributed Denial of Service, and it is an attack used to crash a service or a website, making it temporarily inaccessible to its users. Although individuals suffering from DDoS attacks, typically, cybercriminals target services instead. They often attack services hosted on high-profile web servers, like banks or credit card payment gateways. Revenge, blackmail, and activism are the most common reasons behind the performed attacks.
Photo by Kevin Ku on Unsplash