fbpx Skip to main content

2019 State of the IT Industry Landscape, Part 3: Cybersecurity

2019 State of the IT Industry Landscape by OXEN Technology

In this portion of our 2019 update on the state of the IT industry, we review many of the pertinent and pressing statistics of the need for cybersecurity. It’s easy to paint an overwhelmingly complex and urgent picture of cybersecurity. However, we aim to balance the flood of data with digestible overview of the situation.

Industry Trends: Cybersecurity

Bottomline: Our cybersecurity risks and cost associated with them will never be lower than they are today.

OXEN’s 2017 summary of cybersecurity for small businesses concluded that SMB IT security is viewed as a necessary but unwelcome cost, rather than as an enabler of business solutions.

And now, in 2019, businesses are only beginning to realize the necessity of security awareness training programs. These training programs are important to educate employees on how to spot and avoid phishing emails and other risks.

Threat actors are more sophisticated and organized than ever; this includes nation states and well-funded organizations. These attackers will continue to adopt new techniques to stay one step ahead of defenders. Targets will expand as cybercriminals aim at new geographies around the world.

Security isn’t perfect, and threat actors don’t stand still. It’s worth their time and effort to continuously seek new, innovative ways to gain wealth and achieve notoriety.

Cybersecurity Statistics tell an overwhelming story

  • 43% of cyberattacks are aimed at SMB companies (another study said 61%).
  • The likelihood of a recurring material breach in the next two years for a single SMB is 27.9%.
  • Spam makes up 53.5% of all email traffic.
  • 91% of cyberattacks begin with a spear phishing email.
  • 92% of malware is delivered by email.
  • 22% of employees have clicked at least one phishing link in the last year.
  • Over 60% of ransomware and malware is delivered through “secure” traffic (https vs http).
  • Every 14 seconds someone will fall victim to ransomware in 2019.
    • Average ransom settlement in 2019 has been >$12,000.
  • Ransomware attacks increased 300% in 2018.
  • It took companies an average of 191 days to identify data breaches.
  • Only 25% of companies have a dedicated security department.
  • As many as 60% of hacked SMBs go out of business after six months. (And downtime is 10 times more expensive than average ransom demand of $4,300).
  • 90% of data losses are caused by human error.
  • Cyberattacks are getting more sophisticated and complex.
  • IOT devices expose new attack vectors inside SMB networks.
  • The high cost of in-house cybersecurity expertise is driving proactive SMBs to seek out managed security service providers.
  • Cybersecurity regulations by state and federal governments are expected to increase.

There’s more:

  • Ransomware attacks moved beyond brute force spam and phishing attacks. They now take advantage of system vulnerabilities to conduct reconnaissance and find the most valuable target.
  • There has been a massive move to crypto-mining and crypto-jacking to line the pockets of criminals at the expense of end users and organizations. This model takes over the processing power of infected machines to use for the benefit of the hacking organization.
  • DDoS (Distributed Denial of Service) attacks are increasing quickly as unprotected home and IOT devices increase.
  • Phishing attacks are accelerating and becoming more sophisticated:
    • 100% of phishing attacks were “zero-day attacks”.
    • 84% of phishing attacks have life cycle of less than 24 hours.
    • Phishing sites are online for average of less than 15 hours.
    • 100% of phishing attacks point to malicious pages on benign websites. (Benign websites are taken over and compromised temporarily while the website owner remains unaware.)
  • Mobile devices and tablets are increasingly targeted by attackers.
    • 50% of new and updated apps are categorized as “suspicious” or “malicious”.
    • The most targeted apps are arcade games, entertainment, productivity, personalization (e.g. ringtones), and tools.
    • Android is a primary target, but Apple is beginning to be attacked.

Cybersecurity from the IT Provider Perspective

What does cybersecurity look like from the IT service provider perspective? A study of shows:

Ransomware remains a massive threat to small-to-mid-sized businesses (SMBs).

  • From Q2 2016 to Q2 2018, 79% of Managed IT Service Providers report ransomware attacks against customers.
  • In the first 6 months of 2018, 55% reported ransomware attacks against clients.
  • 92% of Managed IT Service Providers predict the number of ransomware attacks will continue at current, or worse, rates.
  • The average managed service provider reports 5 of these attacks within their client base per year.
  • In the first half of 2018, an alarming 35% of Managed IT Service Providers report clients suffered multiple attacks in a single day (up from 26%, year-over-year). Fortunately, we have never seen this case with an OXEN client.
  • Ransomware infections in the cloud continue to increase. IT providers that report that of cloud-based malware infections, nearly 50% called out Office 365 as the target.

The problem is bigger than we know, as a startling number of attacks go unreported.

  • IT providers report that fewer than 1 in 4 ransomware attacks are reported to the authorities.
  • SMBs are largely in the dark about the frequency and severity of ransomware attacks. Nearly 90% of Managed IT Service Providers are “highly concerned” about the ransomware threat. 36% report their SMB clients feel the same.
  • Managed IT Service Providers rank phishing emails as the top ransomware delivery method followed by malicious websites, web ads, and clickbait.

The aftermath of a ransomware attack can be crippling for a business.

  • 67% of Managed IT Service Providers report victimized clients experienced a loss of business productivity
  • More than half report clients experienced business-threatening downtime
  • The cost of business downtime is 10x greater than the cost of the ransom requested. Managed IT Service Providers report the average requested ransom for SMBs was ~$4,300 in 2017 –18. The average cost of downtime related to a ransomware attack is ~$46,800.

Are there solutions or ways to mitigate the risk of ransomware?

  • Having an Apple operating system isn’t a silver bullet. Managed IT Service Providers reporting OS/iOS attacks increased by nearly 500% year-over-year
  • The most effective solution for avoiding downtime caused by ransomware is business continuity and disaster recovery (BCDR). 90% report that victimized clients with BCDR in place fully recovered from the attack in 24 hours, or less.
  • Lack of cybersecurity education is a leading cause of a successful ransomware attack.

The best and only way to withstand evolving threats is to employ a layered approach. This means proven security technology that covers all threat vectors and is constantly kept up to date, coupled with sophisticated, ongoing end user awareness training. Cybersecurity policy helps shape and enforce procedures to improve cybersecurity.

Training is effective in reducing cyber threats. testing by top security firms showed that cybersecurity risk is reduced proportionally to the amount of training.

  • The more security awareness training is conducted, the better employees are at spotting and avoiding risks.
    • Companies that ran between 1-5 campaigns saw a 33% phishing click-through rate.
    • 6-10 campaigns dropped the rate to 28%.
    • 11 or more campaigns reduced the rate to 13%.
  • Phishing simulations and campaigns are most effective when the content is current and relevant.

The Cybersecurity Market

Where does this leave the cybersecurity market?

Given the rise in the volume and sophistication of the attacks coupled with the increasingly strategic nature of digital business projects, Cybersecurity Ventures, a venture capital firm, is projecting that businesses will spend one-trillion-dollars per year on cybersecurity by 2020.

Two-thirds of Managed IT Service providers are being asked by customers to protect instances of Microsoft Office.

Mobile computing creates challenges of not just securing the devices and the applications that run on them, but also making sure the wireless networks used to access corporate resources are not distributing malware. And continued investment in Internet of Things (IoT) projects creates increased threat of security breaches.

As for staffing, there’s a massive shortage when it comes to IT security expertise.

  • Intel estimates that by 2020 there will be anywhere from one to two million unfulfilled IT security jobs worldwide. A Forbes report predicts similar labor shortages.
  • Managed Service Providers have an advantage over internal staffs in that they can resolve security issues faster because the odds are good that they’ve seen the problem before.

What’s Next?

The next two parts of our 2019 State of the IT Landscape overview will jump to other current IT industry trends – the cloud and emerging technologies. These are some of the fastest moving areas of the IT industry. We hope you’ll join us!

Recent Posts / View All Posts

Disaster Recovery

Importance of a Reliable Disaster Recovery Plan for Your Business

| Email, Managed Services, Security | No Comments
Running a business is not always a smooth-sailing operation. There are often things that could go wrong regardless of how cautious you are or how hard you abide by the so-called rules. Because of this, you should have a good backup and disaster recovery plan in case a disaster happens, like an accident or a cyberattack. There are plenty of BDR solutions for different businesses. You must find the one that fits your needs and will protect your network and data in the best way possible. Understanding Backup Disaster Recovery All businesses deal with important information, like details about transactions,…
Social Media Phishing

Quiz Time: Can You Handle Social Media Phishing Attacks at work?

| Managed Services, Security | No Comments
Our last three blogs have discussed cybersecurity threats and how they affect a business. We have talked about the dangers that stem from various types of malware. We have warned you about the newest cybersecurity risks expected to wreak havoc on businesses soon. And in the face of the ongoing growing acceptance of remote work setups, we have delved into the threats related to working from home. Now, we will now talk about social media phishing. The common thing in all these topics is that they are all linked to phishing. A strong phishing attack can make a network open…
Risks of Working from Home

Addressing the Cybersecurity Risks of Working from Home

| Business Productivity, Managed Services, Security, Tech Tip | No Comments
A remote workforce has become the norm since the pandemic. Even now that we consider it safe to return to office work, many businesses have maintained the remote work setup because of the advantages. However, the risks of working from home also bring issues that need attention so as not to risk the company’s network and data. What Are the Cybersecurity Risks That Come with Working from Home? There are risks when working from home. Workers lack the usual protective measures used in an office network. Many workers use their home networks and may also use the same device for…