Data breaches have become so common that organizations have begun ramping up protective measures and hiring entire teams dedicated to cybersecurity. As of 2017, in the U.S. alone, the cybersecurity statistics showed there were a total of 130 reported data breaches against organizations. Those incidents were both targeted and conducted on a large scale and have been growing at a rate of 27 percent since 2017.
The statistics on malicious incidents for 2020 have only reinforced the urgent need to budget for cybersecurity. A comprehensive budget includes planning for prevention, detection, and mitigation. Given the following trends and upticks in targeting companies and entities with personal information, a cybersecurity incident is no longer a question of if, but when.
Some of the gathered data on data breaches and intrusion for 2020 have been sounding the alarm on the need for organizations to adequately prepare. For instance, $17,700 in revenue and personal assets are lost every single minute due to phishing attacks. These types of attacks occur when hackers masquerade or appear to take on the identity of legitimate organizations in an attempt to steal personal information. An example is an email that uses the logos of actual companies and appears to be from those companies requesting that customers provide account login details or other sensitive information.
Despite the growing need for skilled cybersecurity professionals, organizations are having difficulty filling open positions. Approximately 40 percent of IT leaders and managers have indicated they are having problems finding suitable candidates. Although these types of jobs pay well, they also require advanced training and experience. Some of the potential positions include information security consultants, security engineers, and incident managers.
The statistics on cybersecurity incidents reveal that phishing and social engineering attempts make up 80 percent of the number of incidents. Network and software vulnerabilities that require security patches are secondary to phishing, but still remain a large part of the problem. Since phishing and social engineering involve deceiving users within an organization or clients of an organization, user education is an extremely critical part of any prevention and mitigation plan.
User education can involve educating individuals on what phishing and social engineering attempts look like, checking email senders for authenticity, and avoiding clicking on links or providing account login details without verifying who is requesting the information. Some IT departments block the sending and receipt of files over a certain size to combat the distribution of malware. However, even the most comprehensive prevention and user education plan is not 100-percent guaranteed.
As the world becomes more connected and more personal, sensitive, and proprietary data is stored on networked devices, cybersecurity incidents will continue to increase. Often dubbed as white-collar crime, data breaches and intrusions are designed to obtain information for financial or personal gain. These incidents can be carried out by individuals or criminal networks. The problem is the damage is not only to the people whose data is stolen but also to the organizations that must rebuild the public's trust.