When it comes to performing day-to-day functions, serving customers, operating efficiently, and maintaining a high level of productivity, most small to midsize businesses (SMBs) are as reliant upon IT systems as large enterprises. If servers crash, applications stop working or slow down, or employees can’t access network resources, SMBs lose money and are forced to play catch-up.
In a previous post, we discussed not only the prevalence of phishing attacks, but the email subject lines and social media attack simulations that were most effective at getting users to click. No security solution or IT team can detect and block every phishing attack or manage shadow IT apps and services, which is why security awareness training is critical to helping users recognize and avoid these attacks.
According to the FBI’s Internet Crime Complaint Center (IC3), more than 26,000 users fell victim to phishing, vishing, smishing and pharming attacks in 2018, suffering more than $48 million in financial losses. All four types of attack use social engineering to trick users into giving up sensitive information, clicking on a malicious link or attachment, or visiting a malicious website.
K-12 schools are collecting and storing more and more information about students, including personally identifiable information, behavioral assessments and health data, as well as grades, test scores and attendance. This data is a critical resource for evaluating students and developing personalized learning programs.
According to a recent report on data breaches in the U.S., the personally identifiable information (PII) of consumers remains the top target of cybercriminals. A whopping 97 percent of all breaches in 2018 involved the exposure of PII. Almost half (48 percent) of breaches affected the healthcare sector, while the cost of breaches in the financial sector jumped from $8 million in Q1 2018 to $6.2 billion in Q1 2019.
The increased exposure of PII comes despite a 12.4 percent increasein spending on security products and services.
According to a recent report from Internet Trends, 87 percent of all global web traffic in the first quarter of 2019 was encrypted. That’s a significant increase from 53 percent just three years earlier. Some industry analysts believe the entire Internet will be encrypted within five to 10 years.
Shadow IT is a growing threat, largely because organizations vastly underestimate the size and scope of the issue. According to one Cisco study, large organizations use an average of more than 1,200 different cloud-based applications and services — more than 13 times the number recognized by their IT departments.
According to the FBI’s 2018 Internet Crime Report, the financial losses associated with Internet crime increased by 90.8 percent from 2017 to 2018. The highest losses came from business email compromise (BEC) and email account compromise scams, with 20,373 victims losing a total of $1.3 billion.
Although it was written more than 2,000 years ago, Aesop’s fable of the boy who cried wolf serves as a cautionary tale for the modern information security professional. When security alerts become too frequent, people will eventually stop paying attention.
Even the smallest of small-to-midsize businesses (SMBs) have finally let go of their old-fashioned paper filing systems, and now store most of their data electronically. Many have become more advanced, using sophisticated applications and leveraging data in new ways to support business strategy.