With Security Serious just a week away, the organisations involved with the campaign – aimed at making UK Plc a safer place to trade online – have today offered some Hacking Horror Stories and Frightening Facts to help organisations unmask the virtual spooks this Halloween.
“2015 has seen an unprecedented number of hacking horror stories. Yet, while cyber-crime is on the increase, security awareness is still low on people’s list of priorities. We’re hoping our campaign will address this imbalance,” explains Yvonne Eskenzi, the driving force behind Security Serious – a week of workshops and webinars all given for FREE from some of the world’s top cyber-security experts (see below for more information.) She continues, “As our week culminates with ‘All Hallow’s Eve’, we thought we’d compile a list of shocking statistics and terrifying tales to make organisations sit up and take notice of the threats that are trick or treating at their door this October.”
Shocking Statistics:
- Are you being spammed? Apparently you’ll get 12 spam emails per day. That’s 4000 spam emails per person per year! In a small company of 20 people that’s 80,000 pieces of spam per year. Research suggests this will rise to 19 emails per person per day by 2019. It takes just one bad spam email to successfully infiltrate the network! Source: Radicati
- Being held to Ransom? Over a third of UK companies have either personally been held to ransom by hackers or know someone that has had their networks infected by ransomware. Source: ESET
- Do you know if your kid is being cyber-bullied? 54% of UK parents have no idea if their child is being cyber bullied. Source: ESET
- 40% of UK parents worry that their kids may be visiting terrorist sites. Source: ESET
- Lost your mobile phone in a cab? You’re not alone – 190,000 mobile phones are left in the back of London’s taxis every year, which equates to a scary 520 devices per day. Source: ESET
- UK is the top target for cyber criminals, with UK businesses targeted more frequently than US counterparts. Source: ThreatMetrix survey
- Snooping is rife! 71% of people have access to company data that they should not see! Source: Varonis
- 64 percent of organisations are a potential target for Nation-State Cyberattacks. Source: Tripwire
- 93 percent of IT security experts believe the hacking landscape is going to get worse. Source: Lieberman Software
- 12 percent of organisations have already had a virus enter their network via social media. Source: ESET
- DDOS attacks are increasing every day: Organisations are being bombarded with information to cripple the network. There has been a 32% increase in DDOS attacks in the last quarter, with an average of 4.5 attacks taking place every day. The majority of these attacks were less than 1Gbps and lasted for less than 30 minutes. These sub-saturating attacks are used as a camouflage to distract victims while other malware infiltrates networks and steals customer information and corporate data. Source: Corero
- 87 percent of IT security professionals believe large financial hacks are happening way more often than reported. Source: LiebermanSoftware
- Nearly 9 out of 10 large organisations surveyed now suffer some form of security breach and the scale and cost has nearly doubled with the average cost of the worst breaches at large UK organisations is between £1.4m and £3.14m. For smaller companies the cost of a breach will cost between £75,000 and £311,000. Source: PWCs 2015 information security breaches survey
- The average time to resolve a cyber attack was more than 4 weeks (31 days to be precise.) Source: HP Enterprise security
- Consumers in Britain are increasingly concerned there are many data breaches companies yet to be discovered and 81% of people worry that cyber criminals might already have stolen their personal data without anyone noticing. Source: Bit9 + Carbon Black survey
- Watch out for newsites! More than 58 percent of malvertisments (online advertisements with hidden malware) are delivered through news websites (32 percent) and entertainment websites (26 percent); notable websites unknowingly hosting malvertising included cbsnews.com, nbcsports.com, weather.com, boston.com and viralnova.com. Source: Bromium
- Beware of being held to ransom! Ransomware is on the rise as cybercriminals realize it is a lucrative form of attack. Source: Bromium
- Bad Passwords! More than 40% do not get changed in more than a year! Source: Lieberman Software
- Admin passwords – the keys to the kingdom – your IT guys rarely change them: 58% of admin passwords don’t get refreshed for at least 90 days – if a hacker gets these – then they can roam around the entire network! Source: Lieberman Software
- For 91% of organisations, VPNs are still the main form of security for controlling network access, despite the fact that VPN technology was created almost 20 years ago. Source: Cryptzone
- Majority of companies don’t know what happens to lost files! Three-quarters of employees claimed their organisations couldn’t tell them what happens to lost data, files or emails. Source: Varonis
- People sceptical about cloud Security. 85% of IT professionals are concerned about sensitive information being compromised in cloud-based applications. This shows a growing trend in the concern of lack of security in SaaS based applications. Source: HP Security Voltage
- 95% of all attacks on enterprise networks gained entry through a spear phishing attack. A spear phishing attack is an email targeted at specific individuals that is engineered to look legitimate and fool even tech-savvy users. The email either has a malware-laced attachment or a malicious link that when opened installs malware and tries to gain system access. Source: SANS Institute
- More than 80 percent of people have accessed public networks from a corporate laptop at a hotel or convention centre, and more than 60 percent have done the same at an airport, coffee shop or restaurant; however, these same respondents also selected hotels – all doing so without worrying about the security implications. If they’re not secure a hacker can watch everything you’re doing. Source: Bromium
Terrifying Tales
Did you know…
That an attacker that shares an unsecured wifi connection with their victims is not only able to read what they may type, but they are also just as easily able to recreate any files that they may transfer over the connection. This includes pictures they may be sharing with a friend, private documents, or even a VoIP telephone call? Source: Appriver
Did you know…
That an attacker can turn on and utilize a device’s webcam or microphone to eavesdrop on their victims while still making it appear as if the computer, smartphone or tablet is shutdown? Source: Appriver
Did you know…
That attackers can take advantage of an unsecured Bluetooth connection by utilizing default PIN numbers to pair with items such as smartphones? They are then able to do things such as append long distance calling codes to all contacts on that device. Victims will simply see the name of their contacts when making a call, hiding the updated numbers, and charging the victims an exorbitant amount of money without them realizing it until it’s too late. This attack can be performed simply by walking close enough to a victim in a crowd. Source: AppRiver
Did you know…
Just by watching an online video your browser can be hijacked! This may sound like a ghost story, but it is exactly what happened to visitors of an extremely popular website in China. By exploiting a cross-site-scripting vulnerability, a hacker was able to inject the pages of the site with malicious code, which secretly assumed control over viewers’ browsers. With thousands of viewers under his control, the hacker was able to launch massive distributed denial of service (DDoS) attacks. Source: Imperva
Security Serious, running from Monday 26 to Friday 30 October, will see 50 of the world’s most renowned experts in cyber-crime and security freely offer their time and expertise to companies who want to become more security savvy and cyber-aware.
If you would like to offer support during Security Serious Week, or attend one of the many events, please visit www.securityserious.com or contact [email protected]
To find out more about Security Serious, the organisations supporting the campaign and planned events, visit https://www.securityserious.com