{"id":9049,"date":"2022-07-19T16:10:13","date_gmt":"2022-07-19T16:10:13","guid":{"rendered":"https:\/\/www.ecsoffice.com\/?p=9049"},"modified":"2022-09-13T01:12:46","modified_gmt":"2022-09-13T01:12:46","slug":"cybersecurity-statistics-and-trends","status":"publish","type":"post","link":"https:\/\/www.ecsoffice.com\/cybersecurity-statistics-and-trends\/","title":{"rendered":"Cybersecurity facts and figures for 2022, statistics and trends"},"content":{"rendered":"

Opinion poll:<\/strong> Cyber threats will not only continue to massively attack organizations after 2022, but they will also increase in strength.<\/p>\n

Solutions are open-and-shut: first, we need them to develop your systems\u2019 protections<\/strong> and to have to defend against them in the future. Second, comprehension should become more pervasive.<\/p>\n

Phishing, ransomware, GDPR threats – are the most popular security threats<\/strong> monitored by the universe. In 2022, cyber threats will not only continue to harass public and private organizations but will increase their power.<\/p>\n

Solutions are being developed to protect and defend against them, but awareness of the full severity of this problem must become more widespread and sped up.<\/p>\n

Cybersecurity trends in 2022<\/h2>\n

\"Cybersecurity<\/p>\n

These interesting facts about cybersecurity<\/strong> only confirm the power of cybercriminals, whose professional networks continue to grow and become more structured. To protect against this, private and public organizations must be more rigorous and focus on learning best practices.<\/p>\n

In 2022, the question is no longer whether it will attack us, but when?<\/strong><\/p>\n

Ransomware<\/h3>\n

Ransomware will continue to exist despite the vast availability of deterrent resources. Attacks could become more sophisticated, targeting companies of all sizes.<\/p>\n

Actual losses can be deplorable. Behind this type of attack is an organized and professional criminal network developer<\/strong>.<\/p>\n

Data Leaks<\/h3>\n

It also expected this sample of attacks to increase, and here again, leaks will be more costly for affected organizations. With this type of attack, it often attacked the human element even before the IT infrastructure.<\/p>\n

Indeed, it is much easier to get someone to install spyware without realizing their mistake than to look for technical vulnerabilities<\/strong>. Therefore, phishing campaigns will be quite common in 2022.<\/p>\n

Cryptocurrencies<\/h3>\n

Cybercriminals will target virtual currencies<\/strong> as they continue to grow in popularity and active demand around the world. With the increase in asset holders, cryptocurrency wallet management solutions and transactions, this is like a personal invitation for hackers.<\/p>\n

Mobile devices, apps<\/h3>\n

In 2022, mobile devices are still an easy target even for a green hand. Check Point, which showed that in 2020, 97% of companies face mobile threats<\/strong> using multiple attack vectors highlighted this trend. Not to mention, the remote operation has led to an increase in the attack surface. Every available device offers an entry point.<\/p>\n

Thanks to 5G and IoT, targeted applications and services will become (very) profitable. A trend confirmed by McAfee-Fireeye and Gartner. Overall, teleworking presents a major challenge for security companies<\/strong> and requires significant consolidation of existing security systems.<\/p>\n

Cloud<\/h3>\n

While the cloud has many benefits, it is also becoming increasingly standardized. This is a boon for cybercriminals<\/strong>, who can more easily test their attacks against precisely standardized solutions. In addition, vulnerabilities in the cloud make massive attacks possible.<\/p>\n

Deepfake<\/h3>\n

Deepfake technology is one of the top riskiness for 2022. It\u2019s about video or audio recordings made or altered by artificial intelligence<\/strong> that can create false content made of credible. Aimed at manipulating, misinforming and discrediting populations and organizations, Deepfake can lead to the worst fears of international destabilization.<\/p>\n

Supply Chain<\/h3>\n

Attacks on the supply chain are likely to continue. A sector undergoing a powerful digital transformation<\/strong> has become a target for hackers. Rather than confronting large security-equipped companies, they are targeting suppliers who are likely to have sensitive data (accountants, lawyers, etc.).<\/p>\n

Social media<\/h3>\n

Cybercriminals will continue to use them to infiltrate organizations through fake profiles. Misinformation and fake news campaigns will continue to be a source of mass phishing or fraud<\/strong>. We saw this in the example of fake vaccination certificates this year.<\/p>\n

10 cybersecurity statistics facts that show the importance of cyber risk to businesses<\/h2>\n

In December 2021, cybercriminals stole over 35 million euros<\/strong> from a French real estate developer. This is just the latest in numerous cyberattacks around the world that are affecting a growing number of businesses and organizations. This has made it necessary for companies to realize the cyber threat<\/strong> and protect themselves from becoming victims of cybercrime.<\/p>\n

Below are facts about cybersecurity and cybersecurity statistics for 2020 and 2021 to better understand the growing importance of defending against cyberattacks in 2022.<\/p>\n

Top cybersecurity facts, figures and statistics for 2021-2022<\/h2>\n

\"Top<\/p>\n

Cybersecurity fact 1 of 10<\/h3>\n

54% of French companies will be attacked in 2021<\/em><\/strong><\/p>\n

Data on cybersecurity in France in 2021 is worrisome. According to the CESIN 2022 Corporate Cybersecurity Barometer, over one in two French companies will suffer at least one cyberattack<\/strong> in 2021.<\/p>\n

Cybersecurity fact 2 of 10<\/h3>\n

+255% of Ransomware attacks<\/em><\/strong><\/p>\n

The National Agency for Information Systems Security (ANSSI) found a 255% increase in ransomware attacks on organizations<\/strong> in 2020 compared to 2019.<\/p>\n

Ransomware is software designed to \u201chold hostage\u201d company or individual data that cyber criminals ask to pay a ransom for data recovery.<\/p>\n

Cybersecurity fact 3 of 10<\/h3>\n

$50,000 is the average cost of a cyberattack<\/em><\/strong><\/p>\n

When a company is attacked, it can cause:<\/p>\n

    \n
  • Business interruption<\/li>\n
  • Damage to computer equipment<\/li>\n
  • Leakage of data needed for operations<\/li>\n
  • Impact on brand recognition.<\/li>\n<\/ul>\n

    It is the sum of these events that can be very costly for the company under attack<\/strong>.<\/p>\n

    Cybersecurity fact 4 of 10<\/h3>\n

    On average in Europe, losses from cyberattacks account for 27% of turnover<\/em><\/strong><\/p>\n

    A business interruption after a cyberattack<\/strong> has a significant impact on a company\u2019s annual turnover. In the time to restore a computer system and restore backup data (if any), a company loses an average of 27% of its annual revenue. Also, 60% of SMBs attacked do not recover and file for bankruptcy within 18 months of the attack.<\/p>\n

    Cybersecurity fact 5 of 10<\/h3>\n

    Only 50% of U.S. companies have a cybersecurity plan<\/em><\/strong><\/p>\n

    Half of the U.S. companies affected by the cyberattack<\/strong> have refused to file a complaint. The other 50% are prepared for upcoming hacker attacks. This is an important fact to keep in mind because studies and statistics usually only count proven fraud (i.e., frauds that have been explicitly recognized as opposed to errors and abuses, and that have been reported).<\/p>\n

    This means that the actual number of cyberattacks in the U.S.<\/strong> is potentially even higher.<\/p>\n

    The COVID pandemic has exacerbated the threat of cyberattacks and the risks to businesses<\/strong><\/p>\n

    Cybersecurity fact 6 of 10<\/h3>\n

    47% of remote employees were defrauded by phishing<\/strong><\/em><\/p>\n

    \"47%<\/p>\n

    Nearly half of employees have been duped by phishing attempts<\/strong> while working from home. This figure underscores the need for organizations to run phishing campaigns to make employees aware of fraudulent emails, particularly to reduce the risk of ransomware attacks.<\/p>\n

    Phishing is a type of fraud in which cybercriminals try to trick<\/strong> an Internet user by posing as a trusted person or service to induce them to click on a fraudulent link, provide sensitive information, or transfer funds. The \u201chook\u201d usually takes the form of an e-mail, a text message (smishing), or a phone call (vishing).<\/p>\n

    Cybersecurity fact 7 of 10<\/h3>\n

    More than 30 percent of the attacks used new methods<\/strong><\/em><\/p>\n

    More cybersecurity statistics<\/strong>. About 35% of the cyberattacks during the Covid-19 pandemic involved previously unknown attack methods. Before the pandemic, this was 20% of attacks<\/strong>. In a concise period, cyberattack methods<\/strong> have developed and strengthened: attackers have found new vulnerabilities to exploit and new methods to trick people behind the screen.<\/p>\n

    Assessing cyber risk<\/strong> has become increasingly difficult as attack methods have grown faster and more difficult to defend against. This is one reason traditional cyber insurance companies have raised premiums and tighten exclusion criteria in 2022-2023. Meanwhile, small and medium-sized businesses<\/strong> are finding it increasingly difficult to protect themselves from a risk that increasingly affects them.<\/p>\n

    Cybersecurity fact 8 of 10<\/h3>\n

    82% of employers are concerned about their employees working remotely<\/strong><\/em><\/p>\n

    In this context, four in five companies said they were concerned about cybersecurity risks<\/strong> associated with remote work, according to a 2021 Thales study. There appears to be an urgent need to implement more cyber defenses and ensure good cyber hygiene in the office and remotely.<\/p>\n

    Companies and institutions recognize the threat and redouble their cybersecurity efforts<\/p>\n

    Cybersecurity fact 9 of 10<\/h3>\n

    40% of companies invest in their cybersecurity by 2023<\/em><\/strong><\/p>\n

    In the European Union, 2 in 5 companies have increased their cybersecurity budgets<\/strong> in 2021.<\/p>\n

    The amounts companies allocate to protecting their information systems are mostly invested in<\/strong>:<\/p>\n

      \n
    1. Subscriptions to special insurance contracts,<\/li>\n
    2. Risk audits,<\/li>\n
    3. Cybersecurity risk awareness operations for employees,<\/li>\n
    4. Creation of special management structures,<\/li>\n
    5. Strengthening the teams responsible for protecting information systems,<\/li>\n
    6. Acquiring new IT solutions and tools.<\/li>\n<\/ol>\n

      Cybersecurity fact 10 of 10<\/h3>\n

      55% of companies will strengthen their defenses by 2022<\/em><\/strong><\/p>\n

      The severity of the number of cyberattacks<\/strong> in both 2020 and 2021 has prompted many business leaders to strengthen protections in the future. For example, more than half of US companies said in 2021 that they intend to invest in IT cybersecurity in 2022-2023. The latest available data shows an increase in cyber threats to US and international organizations.<\/p>\n

      What will happen in 2022?<\/h2>\n

      All indications are that the upward trend seen over the past few years is likely to intensify. In particular, there are fears that ransomware attacks will intensify in the coming months.<\/p>\n

      Therefore, it is important for companies not to leave the protection of their sensitive data and information systems to chance.<\/p>\n

      7 major IT threats in 2022<\/h2>\n

      In 2021, more companies experienced at least one successful cyberattack. Increasingly, many sophisticated cyber threats are proving to be more and more effective at extorting organizations.<\/p>\n

      Today, more than ever, understanding the evolution of cyberattacks<\/strong> and how to defend against them is critical for businesses.<\/p>\n

      Here\u2019s an overview of major cyber threats and cybersecurity advances in 2022<\/strong> with cybersecurity quick facts. Not all cyber threats pose the same risk to businesses.<\/p>\n

      From the most common to the newest, we\u2019ll look at the top 7 cyber threats<\/strong>.<\/p>\n

      1. Ransomware is becoming increasingly dangerous<\/h3>\n

      \"Ransomware<\/p>\n

      Ransomware<\/strong> continues to grow at an alarming rate, accounting for at least 79% of all reported cyberattacks, according to Sophos. According to the latest ANSSI data, Ransomware attacks increased by 60% in the first six months of 2021, after 255% in 2020.<\/p>\n

      In 2022, this cyber threat<\/strong> is evolving and becoming more sophisticated. We are seeing an increase in double ransomware: a hacker demands the first ransom for decrypting data and then a second ransom to prevent the resale of data on the dark web.<\/p>\n

      Some analysts even mention the emergence of a triple extortion mechanism: besides encryption and the threat of data resale, cybercriminals<\/strong> conduct DDoS attacks to increase pressure on the victim. According to a study by the startup Anozr Way, this practice could cause the number of victims to double by 2022.<\/p>\n

      2. DDoS attacks are on the rise<\/h3>\n

      Like ransomware, distributed denial-of-service (DDoS) attacks aim to block<\/strong> a company\u2019s infrastructure. The cybercriminal sends millions of requests<\/strong> simultaneously to the target. The volume of connections is so large that the target server cannot respond and eventually becomes unavailable.<\/p>\n

      DDoS attacks as we know them today have been around for over 20 years. However, we are now witnessing a multiplication and complication of this type of threat.<\/p>\n

      It is important to note that as the attack surface of information systems has become more extensive and diversified<\/strong>; it is now logically easier to create distributed attacks from the many compromised devices available on the Internet.<\/p>\n

      Some numbers speak for themselves:<\/strong> AWS, Amazon\u2019s cloud division, had to fend off a DDoS attack of a record 2.3 Tbps. Some studies show that spare capacity usage for an attack per company increased by 49% and packet transmission rates increased by 91%.<\/p>\n

      3. Identity theft: a cybersecurity classic<\/h3>\n

      The art of impersonation is not new to the Internet. But with the global network, this manipulation has taken on a whole extra dimension. First, a company has its data stolen<\/strong> (e.g., through phishing) to recover the identities of employees.<\/p>\n

      Then a hacker who may be on the other side of the world impersonates an employee to demand an urgent payment<\/strong>. Believing they are dealing with a legitimate request, the person they are addressing obeys.<\/p>\n

      Undoubtedly, identity theft remains a serious problem in 2022.<\/p>\n

      4. More and more vulnerabilities<\/h3>\n

      Unpatched computer flaws, immediately exploited by hackers, affect many applications used in the enterprise. These flaws are difficult to counteract<\/strong> because they are not well known. Once they are discovered, security patches published by the vendor must be applied. The year 2021 broke the record for the number of vulnerabilities discovered<\/strong>, and 2022 is expected to break it again.<\/p>\n

      5. Supply chain attacks are up to 300%<\/h3>\n

      Supply chain attacks are a new type of cyber threat targeting corporate logistics<\/strong> that was previously ignored by cybercriminals. Tensions related to shortages of electronic components and raw materials, exacerbated by the geopolitical context, are putting even more strain on companies that already operate on a just-in-time basis.<\/p>\n

      Cybercriminals have realized this and are seeking to disrupt the already weakened supply chain to paralyze company production and thus put themselves in a position to demand ransom. Between 2020 and 2021, the number of such attacks increased by 300%<\/strong>. All indications are that this type of attack will continue to grow in 2022.<\/p>\n

      6. The rise of the IoT: an area of high impact<\/h3>\n

      IoT is a growing sector and its potential is significant, especially in the industrial sector. By 2022, it will connect more than 12 billion objects to the Internet, according to IoT Analytics. However, many of them do not have security built-in<\/strong>, especially in the industrial and healthcare sectors.<\/p>\n

      Unprotected connected objects are just like gateways to companies\u2019 IS: a find for hackers! According to a Zscaler report, IoT malware attacks increased 700% in volume and reach 2021. This trend is expected to speed up in 2022<\/strong>.<\/p>\n

      7. Attacks amplified by artificial intelligence<\/h3>\n

      Hackers increasingly use artificial intelligence (AI) to identify targets and automate attacks<\/strong> on an even larger scale. It\u2019s real-time and money is saved for them! AI helps them develop malware and intelligent infection and phishing scenarios, bypass security filters, and manage and expand botnets (zombie machines).<\/p>\n

      It is estimated that by 2021, bots were involved in over 2.8 million DDoS attacks. As cyber threats grow<\/strong> in number and sophistication and their footprint constantly increases, new technologies are emerging to meet the cybersecurity needs of enterprises: As cyber threats grow, so do defenses!<\/p>\n

      New Defenses in Cybersecurity<\/h2>\n

      \"New<\/p>\n

      New defenses enhance IS monitoring. The SASE architecture and next-generation SOC represent two important advances in cybersecurity<\/strong>. Offering better protection for terminals, physical networks and remote servers, these solutions adapt to the evolution of the company\u2019s IS.<\/p>\n

      SASE: centralized cybersecurity management in the cloud<\/h3>\n

      In cybersecurity, the risk factor<\/strong> remains one of the many tough problems in taking countermeasures. While the digital transformation of companies is changing, the IS of companies is increasingly using the services of many cloud providers to store their data and business applications. As a result, the footprint is increasing and the complexity of cybersecurity management<\/strong> is increasing: cyber risk is growing.<\/p>\n

      Considering this evolution, secure access<\/strong> edge service becomes the top cybersecurity trend of 2022. SASE\u2019s promise is simple: manage your company\u2019s entire cybersecurity from a single cloud platform.<\/p>\n

      SASE brings together a set of innovative cybersecurity and networking technologies<\/strong> managed from a centralized management interface. These technologies include the following 3 network security tools:<\/p>\n

        \n
      • Next-Gen Secure Web Gateway (NG SWG) is designed to protect web and cloud traffic (web filtering, anti-virus, DLP, firewall);<\/li>\n
      • CASB (Cloud Access Security Broker) provides security for the company\u2019s SaaS and IaaS applications;<\/li>\n
      • ZTNA (Zero Trust Network Access) technology handles connections between employees allowed to access certain applications.<\/li>\n<\/ul>\n

        In short, SASE is ideal for successfully migrating your company to the cloud or for managing a very heterogeneous fleet of home workers or international nomads, while ensuring data and application security from a single management console. By simplifying your infrastructure organization<\/strong>, you can effectively define security policies for all your users and reduce your exposure to risk.<\/p>\n

        EDR\/XDR and Next Gen SOC: strengthening tools to combat new threats<\/h3>\n

        EDR and XDR: Endpoint Protection and Beyond<\/strong><\/h4>\n

        As cyberthreats evolve<\/strong>, Endpoint Protection Platform (EPP) solutions – often referred to as \u201cnext-generation antivirus\u201d – are showing their shortcomings. Although they block phishing attacks and most malware, hackers can now bypass them.<\/p>\n

        EDR (Endpoint Protection & Response) offers advanced endpoint protection (PCs, servers, tablets, smartphones). Indeed, in its \u201cdetection\u201d component, it constantly monitors and collects data from devices to detect attack attempts<\/strong> and exploitation of vulnerabilities. Then, in its \u201cinvestigate\u201d part, EDR analyzes the collected data to detect breaches. Finally, EDR sends the information to stop the threat and prevent any attempted infection.<\/p>\n

        XDR (Extended Detection Response) is a natural evolution of EDR. Besides all enterprise endpoints, XDR extends its monitoring to access points<\/strong> such as the cloud, networks, email, etc. In 2022, this type of global protection will win over more and more companies.<\/p>\n

        \"Phishing\"<\/p>\n

        Next-Generation SOC<\/strong><\/h4>\n

        The SOC (Security Operation Center) has historically been the control tower of a company\u2019s IS. Its role is to detect, alert and provide a detailed report of any security incident. To respond to the incident, it must then pass it on to another team, which can add to the delay in treatment. Allowing for a completely personalized approach to IT security, SOC is quite complex to install and maintain over time and represents a significant cost, even for large entities.<\/p>\n

        In 2022, SOC will develop to become more flexible and reactive. From then on, the next generation of SOC will be available to more midsize companies (500 workstations and more), starting with the PC base and servers controlled by EDR, and then expanding to other key IS components (XDR, Firewall, Mails, Proxy, IPS). In addition to the monitoring\/detection aspect, the new generation SOC also can react in an automated and immediate way to more effectively counter the spread of malware in the information system. A must for companies that want to benefit from optimal cybersecurity in 2022.<\/p>\n

        SFR Business delivers the highest level of security<\/strong><\/h4>\n

        To ensure your companies IS secure, SFR Business protects the end-to-end chain of information from a user to the application. This convergence approach allows us to achieve simplicity.<\/p>\n

        By surrounding ourselves with the biggest global and innovative cybersecurity players – Fortinet, Palo Alto Networks, Check Point, Cisco, Cylance, Trend Micro, Cybereason or Netskope – SFR Business integrates models that deliver the highest level of IT security in your company today.<\/p>\n

        Cybersecurity statistics by area<\/h2>\n

        \"Cybersecurity<\/p>\n

        Cybersecurity in the Energy Industry<\/h3>\n
          \n
        • In Europe, 29% of respondents believe that defense investments are only undertaken after a cyber incident, meaning that these organizations would only react rather than prepare.<\/li>\n
        • The Colonial Pipeline ransomware cyberattack in the U.S. showed just how disruptive these cyberattacks can be. A leaked password caused a state of emergency in 17 U.S. states and led to massive fuel shortages.<\/li>\n
        • Protecting customers’ personal data is also crucial for energy companies, as a potential breach can have serious reputational and financial repercussions for the company. Trellix research recently found that 52% of companies using cloud services have had user data stolen in an attack. Organizations need to hold themselves accountable when protecting customer data and ensure that they comply with all required regulations and standards.<\/li>\n<\/ul>\n

          \u0421ybersecurity attacks statistics<\/h3>\n
            \n
          • It takes a company approximately 6 months to detect a security breach.<\/li>\n
          • Windows is the operating system most attacked by hackers, Android comes in second.<\/li>\n
          • 78% of IT security leaders believe their organizations do not have sufficient protection against cyberattacks despite cybersecurity investments made in 2020.<\/li>\n<\/ul>\n

            SMB cybersecurity statistics<\/h3>\n
              \n
            • More than half of SMBs (53%) suffered a cyberattack in 2017, according to the SMB Cybersecurity Report conducted by Cisco.<\/li>\n
            • \u0421yberattack entails a significant financial outlay. Specifically, the average cost ranges between 20,000 and 50,000 euros, according to a study conducted by the National Institute of Cybersecurity.<\/li>\n
            • SMBs take an average of 212 days to identify an attack and 75 days longer to contain it.<\/li>\n
            • 60% of SMBs that are victims of severe cyber-attacks disappear within 6 months of the incident.<\/li>\n<\/ul>\n

              Cybersecurity education statistics<\/h3>\n