At the beginning of the week I blogged about why SMEs are an attractive target for cyber criminals and what they can do about it. CYREN’s newly released 2015 Cyberthreat Yearbook adds even more weight to this assertion with some shocking statistics:
“Enterprises of all sizes are now besieged by cybercrime at an alarming rate. In fact, during the four-year period between 2010 and 2014:
- The number of successful cyberattacks on businesses of all sizes increased by 144%.
- The cost of cybercrime per company increased by 95%.
- The average time to resolve incidents increased by 221%.
“The problem with making companies like Home Depot and Sony the poster-children for cybercrime is that it gives the vast majority of businesses in the world the false impression that they won’t be targeted. But this perception couldn’t be further from the truth. When it comes to cybercrime, businesses regularly misjudge their risk profile because they misunderstand what is valuable to the cybercriminal… stealing personally identifiable information (PII) – such as email addresses and social security numbers – is actually more lucrative than credit card number theft.”
Malware up 159% in 2014
One of the most common ways of stealing PII is via malware. CYREN detected a 159% increase in malware URLs in 2014.
Android malware up 61%
Reflecting the increased use of mobiles for business as well as leisure, the number of malware attacks aimed specifically at smartphones rose significantly too. There was a 61% increase in the amount of mobile malware targeting Android devices – the most common platform – in 2014. If your organisation supports BYOD (bring your own device), then your employees will access corporate sites and email, and will share sensitive information via their mobile devices. All of this information is vulnerable.
Malware emails up 50%
There was a 50% increase in the average daily number of emails containing malware – from 1.69 to 2.5 billion. The “largest email attached email outbreak” came in December, when 21.4 billion malicious emails were sent.
Phishing emails up 233%
Malicious emails don’t just spread malware; they often contain links to phishing URLs masquerading as legitimate sites. Unsuspecting users are tricked into revealing their login information or other details, giving attackers “entry to corporate systems [and] complete and total access to all information and data owned and/or managed by the enterprise.” In 2014, the number of phishing URLs increased to 2,500,000 compared to 765,000 in 2013 – an increase of 233%. Most phishing attacks used common brand names to fool users into handing over their details. The top three were PayPal, Apple and Google.
With malware such a huge threat, and the increase in phishing emails so dramatic, it is essential that your staff are properly trained. Good information security isn’t just a matter for the IT department – it depends on every single employee recognising the information security responsibilities they bear.
An information security management system (ISMS), as set out in the international standard ISO 27001, provides a framework for best-practice information security addressing people, processes and technology. All organisations can implement an ISMS suitable to their needs, and can achieve certification to the Standard through an independent accredited certification body, providing reassurance to stakeholders, partners and customers that international best practice is being followed.
IT Governance’s fixed-priced ISO 27001 Packaged Solutions provide implementation resources and support for organisations of all sizes, making it easy for them to achieve a level of cyber security appropriate to the risks they face. Click here for more information >>