Securing privileged accounts and credentials must be at the top of the enterprise security agenda, and we’ve previously highlighted five top reasons why on CyberArk’s blog. With the launch of a new year, it’s a good time to be mindful of the lessons learned in 2016. The cyber security industry is chock-full of reports and surveys that continually provide new insights and stats. Privilege is the road most traveled in advanced attacks – that remains a constant. The sophistication of breaches, the amount of data stolen or compromised, the cost of remediation etc. continues to evolve and advance. Here is a sampling of stats to consider:
- In 2016, the average annual loss per company worldwide was $9.5 million.
- In the U.S., the average annual loss per company was $17 million.
- In the first half of 2016, 3,046,456 data records were stolen or lost every day; 126,936 data records were stolen or lost every hour; 2,116 were stolen or lost every minute and 35 were stolen or lost every second.
- Cyber crime will cost businesses over $2 trillion by 2019.
- The average cost of a data breach will exceed $150 million by 2020.
Attackers Will Get In, and They Will Take the Easiest Route
- Attackers sending as few as 10 phishing emails have a 90% success rate.
- Thirty percent of phishing emails get opened, and the #1 delivery vehicle for malware is email attachments.
- In 93% of cases, it took attackers minutes or less to compromise systems.
Ransomware Is On the Rise
- $209 million = FBI’s estimate of dollars lost to ransomware attacks in Q1’16.
- $1 billion = Estimated total cost of damages related to ransomware attacks using cryptographic file-locking software in 2016.
- Nearly 50% of organizations have been targeted with ransomware.
- The average ransom demand is $679.
Beware the Insider Threat
- By 2017, 41% of workers will be temps, contractors or consultants.
- Sixty-nine percent of organizations have experienced attempted or successful data theft or corruption by corporate insiders during the last 12 months.
- Organizations face four major insider threats: The Exploited Insider, the External “Insider,” the Malicious Insider and the Unintentional Insider.
What does your organization have in place to mitigate the risks of a cyber attack? Have you tested your incident response plan? How’s your cyber hygiene – patching, rotating and isolating sessions? How many privileged accounts does your organization have? This is a figure you should know. Now is the time to find out. Use CyberArk’s free discovery and audit tool to discover privileged accounts on-premises and in the cloud. Learn more.