Cisco Security Report: 34% of Service Providers Lost Revenue from Attacks

“A new type of security threat — “destruction of service” (DeOS) attacks, which could eliminate companies’ backups and safety nets — could cause way more damage to businesses than ransomware.

This is according to Cisco’s 2017 Midyear Cybersecurity Report in which the company coined the term DeOS attack. The report says the Internet of Things (IoT) increases attack surfaces and the potential scale and impact of these threats.

Researchers sampled 300 companies over a four-month period and found that three prevalent spyware families (Hola, RelevantKnowledge, and DNSChanger/DNS Unlocker) infected 20 percent. On a monthly basis, these three infected more than 25 percent of all organizations.

Attacks on service providers may interrupt their core business and hurt the bottom line: 34 percent of the service providers said they’d lost revenue because of attacks in the past year. And 30 percent said they lost customers or business opportunities because of these attacks.”

Read more details here.

Author: Jessica Lyons Hardcastle

Humans have become the primary attack surface for cyber criminals

“As the world goes digital, humans have moved ahead of machines as the top target for hackers.

Ninety-one percent of attacks by cyber criminals start through email, according to email security provider Mimecast. These spear phishing attacks target humans, luring them to click on malicious URLs that place ransomware on their computers and phones.

The path of least resistance for black hats are non-technical hacks that rely on tricking humans into revealing their login credentials and passwords. With that in hand, cyber thieves proceed to steal personal identities and money.

How many humans are we talking about?

Microsoft estimates that by 2020 4 billion people will be online — twice the number that are online now. The 500 largest U.S. corporations by revenues which appear on the Fortune 500 employed 27 million people in total last year – about 17 percent of the nation’s workforce. The world’s 2,000 largest publicly traded companies which appear on the Forbes Global 2000 account for approximately 87 million employees.

Employees at large corporations are especially attractive to hackers who are after personal identities, which can be sold in black markets on the dark web. Privileged users who oversee and have access to hundreds or thousands of user credentials are big game.

MORE ON CSO: How to avoid phishing attacks
At the opposite end of the spectrum – it is estimated that by 2020 around 50 percent of the U.S. workforce will be self-employed, according to a article last year. These people are small business owners, independent contractors, and part-time freelancers.

Most small business employees do not receive any type of security awareness training by their employers. This makes them easy prey for hackers. Small businesses — who don’t train their employees on security risks — are susceptible to the Business Email Compromise Scam (BEC), which the FBI says has led to over $3 billion in losses.”

Read more details here.

Author: Steve Morgan

60% of small companies that suffer a cyber attack are out of business within six months

“It seemed like just another ordinary day for a small online retailer in the Midwest. Little did they know that the simple click of an e-mail link was about to threaten the entire business. One of the company’s employees received an e-mail with a link to a seemingly benign catalog. One click and the company’s system was infected with Cryptowall malware that affected accounting software, customer account files, including credit card numbers, social security numbers, customer names and addresses among other information.

The accounting software and customer files did not live on the employee’s computer; it lived on the company’s network drive, so the malware was able to encrypt 15,000 accounting and customer files. A ransom demand soon followed, demanding $50,000 in exchange for a decryption key. The company’s backup systems had not been working for months, and with the virus proving impossible to remove without the loss of crucial company data, the company had no choice but to pay up.

But the decryption key didn’t work. Business came to a standstill. The owner could not afford to pay to rebuild the network systems. Six months later the company closed its doors, strangled by lack of sales and cashflow.

The U.S’ National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber attack. According to the Ponemon Institute, the average price for small businesses to clean up after their businesses have been hacked stands at $690,000; and, for middle market companies, it’s over $1 million.

Recent events have proven that nobody is safe from the threat of cybercrime – not large corporations, small businesses, startups, government agencies or even presidential candidates.

Small and mid-sized businesses are hit by 62 percent of all cyber-attacks, about 4,000 per day, according to IBM. Cybercriminals target small businesses because they are an easy, soft target to penetrate. They steal information to rob bank accounts via wire transfers; steal customers’ personal identity information; file for fraudulent tax refunds; and, commit health insurance or Medicare fraud.

So what can you do besides pray and hope you’re not next?”

Read original article here.

Author: Gary Miller

43 Percent of Cyber Attacks Target Small Business

“Cyber crime is on the rise and small businesses are increasingly becoming the target of hackers.

New data from Symantec’s 2016 Internet Security Threat Report shows that small businesses have become a big target for phishers. Last year, phishing campaigns targeted small businesses (PDF) 43 percent of the time. That’s up 9 percent over 2014 and a stark contrast to the mere 18 percent of attacks that focused on small businesses in 2011.”

Read original article here.

Author: Joshua Sophy

Cybercrime Costs to Reach $8 Trillion by 2022

“Some 2.8 billion data records expected to be breached in 2017, according to a report released today by Juniper Research.
Cybercrime costs are expected to saddle businesses with a whopping $8 trillion price tag over the next five years, as connectivity to the Internet rises but security system upgrades don’t keep pace, according to a Juniper Research report released today.

In this year alone, 2.8 billion data records held by business customers are expected to be breached, according to the report, The Future of Cybercrime & Security: Enterprise Threats & Mitigation 2017-2022. And in the next five years, that figure is anticipated to balloon to 5 billion breached records.

Small-and mid-size businesses (SMBs) are expected to face the brunt of the attacks, given these organizations shelled out an average of under $4,000 a year in 2017 on cybersecurity efforts. The amount they spend is not expected to substantially increase over the next five years, despite rising threats and the fact that a number of small businesses run older software.

Running older software that has not been patched is just one problem that SMBs face. Another growing problem is the greater availability of easy to use ransomware toolkits that requires little to no programming skills on part of the cyberattacker, according to the report.”

Read more article details here.

Author: Dark Reading Staff


“A new survey found 67 percent of medical device manufacturers and 56 percent of healthcare delivery organizations (HDOs) believe their devices are likely to be the target of a cyberattack within the next 12 months.

While many companies are concerned about the possibility of an imminent attack, most manufacturers remain unprepared. Just 17 percent of device makers and 15 percent of HDOs have taken steps to prevent cyber attacks, the survey found.

The findings are the result of a study conducted by the Ponemon Institute on behalf of Synposys, which surveyed more than 550 medical device manufacturers and healthcare delivery companies.”

Read more article details here.

Author: AJ Dellinger

Data Breach, Vulnerability Data on Track to Set New Records in 2017

“There are so far 1,254 publicly reported data breaches and 4,837 published vulnerabilities in the first quarter of this year.

Enterprise security executives looking for metrics to justify their budgets to top management should have plenty of material to choose from for the rest of year.

Two reports from Risk Based Security this week show that numbers related to data breaches and software vulnerabilities look set to break new records in 2017, if first quarter trends are any indication.

Risk Based Security’s analysis of Q1 data showed there were a total of 1,254 publicly reported data breaches worldwide, which together exposed a mind-boggling 3.4 billion records containing sensitive data.”

Read more article details here.

Author: Jai Vijayan


A new study on the topic of Cybersecurity and the proliferation of cyberattacks against Small and Medium-Sized Businesses (SMB) was released this last year. Historically, criminals would focus attacks on larger enterprise level organizations in an effort to reap a much larger reward. However, the level of technical expertise needed to infiltrate these companies’ security required significant time and investment in order to successfully, if ever, penetrate the network. Soon, attacks were redirected toward a much easier target, SMBs, who often lack the budget or in-house expertise to prevent the same potential attacks, resulting in a higher frequency in SMB breaches.

Rate of Attacks: In today’s environment, no business is too small to evade an attack or breach. For example, the study revealed of the more than 598 SMB respondents, nearly 55% said their companies experienced a cyber-attack, while 50 percent reported having a data breach involving customer and employee information, all within the past 12 months. What many SMBs don’t realize however, is that a breach often goes undetected for quite some time.

It is a staggering realization only compounded when you consider the average cost of the incidents being $879,582 in damages or the comparable theft of IT assets; this does not account for the disruption in operations which averaged $955,429, or the average company losing more than 5,000 individual records as a result of the breach.

Key Findings:

1. The most common attacks used against SMBs were Web-Based and Phishing/Social Engineering facilitated by negligent employees, contractors, and third parties sources.

2. When companies where asked what information they were most concerned over losing from a cyberattack, the vast majority cited the potential loss or theft of customers’ information and intellectual property.

3. Strong passwords and biometrics were recognized by the respondents as an essential part of their security defense strategies. Yet, despite being acknowledged and incorporated as a part of their security practices, few organizations had visibility into their employees’ password practices, and/or rarely enforce their own written security policies.

4. To make matters worse, many current technologies are unsuccessful in detecting or blocking many of today’s targeted attacks. Most exploits have been engineered to evade detection systems or anti-virus solutions and rely on fooling end users to infiltrate otherwise secure networks and data.

5. Some other factors contributing to the influx of intrusions are attributed to a lack of personnel, limited budgets, and insufficient or inappropriate technologies used to prevent these intrusions. The exhibit below outlines the prevalence of shortcomings throughout SMBs.

6. Determination of IT security priorities is not centralized. Some of the positions responsible are the Chief Executive and Chief Information Officer. However, thirty-five percent of respondents stated that no one position consistently determines the IT policies. This is a key role that requires expertise and knowledge of cyber security in order to make sound decisions that protects your business. Without clear guidance, the risks are often left unchecked.

7. Web and intranet servers are the most vulnerable endpoints or entry points to network and enterprise systems, with fifty-two percent of respondents stating their companies’ Web Servers and forty-six percent of respondents saying their intranet servers are most vulnerable to attack. Yet despite this, many do not feel the threat of an attack is important enough to include in the current security strategy.

8. Despite the influx of cyber-attacks toward SMBs, unsecured cloud usage and mobile device access to business applications/infrastructure continue to become the industry standard, further weakening the network for future exploitation if the security of the information being transmitted is not also being taken into consideration. Nearly 29% believe the use of cloud services inherently improves their security posture, however, it is not enough to ensure protection against an attack, in fact, without proper network protection and end user education, you could open your entire cloud storage for anyone to grab.

Final Thoughts: While the continued advancement in technology has increased our mobility, access, and productivity, it has also made companies which were previously thought too small to be concerned with the potential risk of a cyberattack extremely susceptible to infiltration.

Many SMBs with budgetary constraints and limited expertise are now subject to the same security responsibilities of a company competing on the global scale. It is why having a trusted IT MSP is so vital to ensuring the safety and security of your company’s future.

Contact Pro-Active IT to find out more.

Find original tables and images here.

Cybersecurity spending outlook: $1 trillion from 2017 to 2021

“Worldwide spending on cybersecurity is predicted to top $1 trillion for the five-year period from 2017 to 2021, according to the
Cybersecurity Market Report, published by Cybersecurity Ventures.

“IT analyst forecasts are unable to keep pace with the dramatic rise in cybercrime, the ransomware epidemic, the refocusing of malware from PCs and laptops to smartphones and mobile devices, the deployment of billions of under-protected Internet of Things (IoT) devices, the legions of hackers-for-hire, and the more sophisticated cyber-attacks launching at businesses, governments, educational institutions, and consumers globally” according to the new report.”

Read more article details here.

Author: Steve Morgan

‘Cyber Crime Is The Greatest Threat To Every Company In The World’

“The British insurance company Lloyd’s estimates that cyber attacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business. Some vendor and media forecasts put the cybercrime figure as high as $500 billion and more.

Then there’s the hacks and breaches which go unreported by privately held and unregulated companies who are fearful of how cyber incidents will damage their reputations — which can have a negative impact on revenues, company valuation when raising capital, customer acquisition and retention, and their ability to recruit top talent.

According to KPMG, the majority of consumers (58%) that have been surveyed have said that a cyberattack or data breach would discourage them from using a business in the future. According to a similar survey by KPMG, research shows that a whopping 86% of procurement departments would consider removing a supplier from their roster due to a cyber breach!

A typical data breach can take an average of 26 hours to resolve for small businesses, which is a large chunk of time to stop running a company to deal with an issue – not to mention the costs incurred and it being all too obvious to their customers.

Pro-Active IT’s services are designed to work together to quickly revive an IT environment following any unplanned downtime and to ensure the business retains access to data, systems and services it needs to function. Contact us today to learn more.

Read more article details here.

Read more research details here.