fbpx Skip to main content
search

2019 State of the IT Industry Landscape, Part 3: Cybersecurity

2019 State of the IT Industry Landscape by OXEN Technology

In this portion of our 2019 update on the state of the IT industry, we review many of the pertinent and pressing statistics of the need for cybersecurity. It’s easy to paint an overwhelmingly complex and urgent picture of cybersecurity. However, we aim to balance the flood of data with digestible overview of the situation.

Industry Trends: Cybersecurity

Bottomline: Our cybersecurity risks and cost associated with them will never be lower than they are today.

OXEN’s 2017 summary of cybersecurity for small businesses concluded that SMB IT security is viewed as a necessary but unwelcome cost, rather than as an enabler of business solutions.

And now, in 2019, businesses are only beginning to realize the necessity of security awareness training programs. These training programs are important to educate employees on how to spot and avoid phishing emails and other risks.

Threat actors are more sophisticated and organized than ever; this includes nation states and well-funded organizations. These attackers will continue to adopt new techniques to stay one step ahead of defenders. Targets will expand as cybercriminals aim at new geographies around the world.

Security isn’t perfect, and threat actors don’t stand still. It’s worth their time and effort to continuously seek new, innovative ways to gain wealth and achieve notoriety.

Cybersecurity Statistics tell an overwhelming story

  • 43% of cyberattacks are aimed at SMB companies (another study said 61%).
  • The likelihood of a recurring material breach in the next two years for a single SMB is 27.9%.
  • Spam makes up 53.5% of all email traffic.
  • 91% of cyberattacks begin with a spear phishing email.
  • 92% of malware is delivered by email.
  • 22% of employees have clicked at least one phishing link in the last year.
  • Over 60% of ransomware and malware is delivered through “secure” traffic (https vs http).
  • Every 14 seconds someone will fall victim to ransomware in 2019.
    • Average ransom settlement in 2019 has been >$12,000.
  • Ransomware attacks increased 300% in 2018.
  • It took companies an average of 191 days to identify data breaches.
  • Only 25% of companies have a dedicated security department.
  • As many as 60% of hacked SMBs go out of business after six months. (And downtime is 10 times more expensive than average ransom demand of $4,300).
  • 90% of data losses are caused by human error.
  • Cyberattacks are getting more sophisticated and complex.
  • IOT devices expose new attack vectors inside SMB networks.
  • The high cost of in-house cybersecurity expertise is driving proactive SMBs to seek out managed security service providers.
  • Cybersecurity regulations by state and federal governments are expected to increase.

There’s more:

  • Ransomware attacks moved beyond brute force spam and phishing attacks. They now take advantage of system vulnerabilities to conduct reconnaissance and find the most valuable target.
  • There has been a massive move to crypto-mining and crypto-jacking to line the pockets of criminals at the expense of end users and organizations. This model takes over the processing power of infected machines to use for the benefit of the hacking organization.
  • DDoS (Distributed Denial of Service) attacks are increasing quickly as unprotected home and IOT devices increase.
  • Phishing attacks are accelerating and becoming more sophisticated:
    • 100% of phishing attacks were “zero-day attacks”.
    • 84% of phishing attacks have life cycle of less than 24 hours.
    • Phishing sites are online for average of less than 15 hours.
    • 100% of phishing attacks point to malicious pages on benign websites. (Benign websites are taken over and compromised temporarily while the website owner remains unaware.)
  • Mobile devices and tablets are increasingly targeted by attackers.
    • 50% of new and updated apps are categorized as “suspicious” or “malicious”.
    • The most targeted apps are arcade games, entertainment, productivity, personalization (e.g. ringtones), and tools.
    • Android is a primary target, but Apple is beginning to be attacked.

Cybersecurity from the IT Provider Perspective

What does cybersecurity look like from the IT service provider perspective? A study of shows:

Ransomware remains a massive threat to small-to-mid-sized businesses (SMBs).

  • From Q2 2016 to Q2 2018, 79% of Managed IT Service Providers report ransomware attacks against customers.
  • In the first 6 months of 2018, 55% reported ransomware attacks against clients.
  • 92% of Managed IT Service Providers predict the number of ransomware attacks will continue at current, or worse, rates.
  • The average managed service provider reports 5 of these attacks within their client base per year.
  • In the first half of 2018, an alarming 35% of Managed IT Service Providers report clients suffered multiple attacks in a single day (up from 26%, year-over-year). Fortunately, we have never seen this case with an OXEN client.
  • Ransomware infections in the cloud continue to increase. IT providers that report that of cloud-based malware infections, nearly 50% called out Office 365 as the target.

The problem is bigger than we know, as a startling number of attacks go unreported.

  • IT providers report that fewer than 1 in 4 ransomware attacks are reported to the authorities.
  • SMBs are largely in the dark about the frequency and severity of ransomware attacks. Nearly 90% of Managed IT Service Providers are “highly concerned” about the ransomware threat. 36% report their SMB clients feel the same.
  • Managed IT Service Providers rank phishing emails as the top ransomware delivery method followed by malicious websites, web ads, and clickbait.

The aftermath of a ransomware attack can be crippling for a business.

  • 67% of Managed IT Service Providers report victimized clients experienced a loss of business productivity
  • More than half report clients experienced business-threatening downtime
  • The cost of business downtime is 10x greater than the cost of the ransom requested. Managed IT Service Providers report the average requested ransom for SMBs was ~$4,300 in 2017 –18. The average cost of downtime related to a ransomware attack is ~$46,800.

Are there solutions or ways to mitigate the risk of ransomware?

  • Having an Apple operating system isn’t a silver bullet. Managed IT Service Providers reporting OS/iOS attacks increased by nearly 500% year-over-year
  • The most effective solution for avoiding downtime caused by ransomware is business continuity and disaster recovery (BCDR). 90% report that victimized clients with BCDR in place fully recovered from the attack in 24 hours, or less.
  • Lack of cybersecurity education is a leading cause of a successful ransomware attack.

The best and only way to withstand evolving threats is to employ a layered approach. This means proven security technology that covers all threat vectors and is constantly kept up to date, coupled with sophisticated, ongoing end user awareness training. Cybersecurity policy helps shape and enforce procedures to improve cybersecurity.

Training is effective in reducing cyber threats. testing by top security firms showed that cybersecurity risk is reduced proportionally to the amount of training.

  • The more security awareness training is conducted, the better employees are at spotting and avoiding risks.
    • Companies that ran between 1-5 campaigns saw a 33% phishing click-through rate.
    • 6-10 campaigns dropped the rate to 28%.
    • 11 or more campaigns reduced the rate to 13%.
  • Phishing simulations and campaigns are most effective when the content is current and relevant.

The Cybersecurity Market

Where does this leave the cybersecurity market?

Given the rise in the volume and sophistication of the attacks coupled with the increasingly strategic nature of digital business projects, Cybersecurity Ventures, a venture capital firm, is projecting that businesses will spend one-trillion-dollars per year on cybersecurity by 2020.

Two-thirds of Managed IT Service providers are being asked by customers to protect instances of Microsoft Office.

Mobile computing creates challenges of not just securing the devices and the applications that run on them, but also making sure the wireless networks used to access corporate resources are not distributing malware. And continued investment in Internet of Things (IoT) projects creates increased threat of security breaches.

As for staffing, there’s a massive shortage when it comes to IT security expertise.

  • Intel estimates that by 2020 there will be anywhere from one to two million unfulfilled IT security jobs worldwide. A Forbes report predicts similar labor shortages.
  • Managed Service Providers have an advantage over internal staffs in that they can resolve security issues faster because the odds are good that they’ve seen the problem before.

What’s Next?

The next two parts of our 2019 State of the IT Landscape overview will jump to other current IT industry trends – the cloud and emerging technologies. These are some of the fastest moving areas of the IT industry. We hope you’ll join us!

Recent Posts / View All Posts

business growth and expansion

The Role of Current Technology in Business Growth and Expansion

| Business Productivity, Managed Services, Security | No Comments
Business growth and expansion entail a lot of work in all the different areas—logistics, finance, research, and technology. Technology plays a key role because practically all aspects of business rely on it. In our last few blogs, we have been talking about some benefits that small business owners can get out of integrating the right technology into their business, especially during expansion, downsizing, or switching from a remote work setup to a hybrid work environment. Attracting and Retaining Talent for Business Growth and Expansion For any SMB, attracting and keeping enterprise talent is quite an achievement. But, of course, it…
How Your IT Company Affects Customers

For Better or For Worse: How Your IT Company Affects Your Customers

| Business Productivity, Managed Services | No Comments
How Your IT Company Affects Customers is very important to keep your business operations in good hands. Most processes today rely on technology, so you need a provider to keep up with the times and ensure everything goes smoothly. But do you realize how your choice of IT company also affects your customers? The level of customer satisfaction might be one of the most revealing gauges of how efficient your IT company is. How Your IT Company Helps Affect Your Delivery of Better Service to Customers Although your IT provider does not have direct contact with your customers, the tasks they take…
Self-Help Kiosks

Self-Help Kiosks vs. Human—The Pros and Cons

| Business Productivity, Managed Services | No Comments
Self-help kiosks are becoming more commonplace by the day. There used to be a time when a business would consider it extremely high-tech if they had touchscreen monitors installed. But today, you can find these kiosks in many establishments. A self-help kiosk is an interactive screen that gives information or provides a service with a simple touch. They are extremely versatile and used in a wide range of applications. They are popular in fast-food chains, bus stations, and banks. What Are the Pros of Self-help Kiosks? There are plenty of benefits to self-help kiosks, which is why companies are all…

Tags:

Close Menu