fbpx Skip to main content

2019 State of the IT Industry Landscape, Part 3: Cybersecurity

2019 State of the IT Industry Landscape by OXEN Technology

In this portion of our 2019 update on the state of the IT industry, we review many of the pertinent and pressing statistics of the need for cybersecurity. It’s easy to paint an overwhelmingly complex and urgent picture of cybersecurity. However, we aim to balance the flood of data with digestible overview of the situation.

Industry Trends: Cybersecurity

Bottomline: Our cybersecurity risks and cost associated with them will never be lower than they are today.

OXEN’s 2017 summary of cybersecurity for small businesses concluded that SMB IT security is viewed as a necessary but unwelcome cost, rather than as an enabler of business solutions.

And now, in 2019, businesses are only beginning to realize the necessity of security awareness training programs. These training programs are important to educate employees on how to spot and avoid phishing emails and other risks.

Threat actors are more sophisticated and organized than ever; this includes nation states and well-funded organizations. These attackers will continue to adopt new techniques to stay one step ahead of defenders. Targets will expand as cybercriminals aim at new geographies around the world.

Security isn’t perfect, and threat actors don’t stand still. It’s worth their time and effort to continuously seek new, innovative ways to gain wealth and achieve notoriety.

Cybersecurity Statistics tell an overwhelming story

  • 43% of cyberattacks are aimed at SMB companies (another study said 61%).
  • The likelihood of a recurring material breach in the next two years for a single SMB is 27.9%.
  • Spam makes up 53.5% of all email traffic.
  • 91% of cyberattacks begin with a spear phishing email.
  • 92% of malware is delivered by email.
  • 22% of employees have clicked at least one phishing link in the last year.
  • Over 60% of ransomware and malware is delivered through “secure” traffic (https vs http).
  • Every 14 seconds someone will fall victim to ransomware in 2019.
    • Average ransom settlement in 2019 has been >$12,000.
  • Ransomware attacks increased 300% in 2018.
  • It took companies an average of 191 days to identify data breaches.
  • Only 25% of companies have a dedicated security department.
  • As many as 60% of hacked SMBs go out of business after six months. (And downtime is 10 times more expensive than average ransom demand of $4,300).
  • 90% of data losses are caused by human error.
  • Cyberattacks are getting more sophisticated and complex.
  • IOT devices expose new attack vectors inside SMB networks.
  • The high cost of in-house cybersecurity expertise is driving proactive SMBs to seek out managed security service providers.
  • Cybersecurity regulations by state and federal governments are expected to increase.

There’s more:

  • Ransomware attacks moved beyond brute force spam and phishing attacks. They now take advantage of system vulnerabilities to conduct reconnaissance and find the most valuable target.
  • There has been a massive move to crypto-mining and crypto-jacking to line the pockets of criminals at the expense of end users and organizations. This model takes over the processing power of infected machines to use for the benefit of the hacking organization.
  • DDoS (Distributed Denial of Service) attacks are increasing quickly as unprotected home and IOT devices increase.
  • Phishing attacks are accelerating and becoming more sophisticated:
    • 100% of phishing attacks were “zero-day attacks”.
    • 84% of phishing attacks have life cycle of less than 24 hours.
    • Phishing sites are online for average of less than 15 hours.
    • 100% of phishing attacks point to malicious pages on benign websites. (Benign websites are taken over and compromised temporarily while the website owner remains unaware.)
  • Mobile devices and tablets are increasingly targeted by attackers.
    • 50% of new and updated apps are categorized as “suspicious” or “malicious”.
    • The most targeted apps are arcade games, entertainment, productivity, personalization (e.g. ringtones), and tools.
    • Android is a primary target, but Apple is beginning to be attacked.

Cybersecurity from the IT Provider Perspective

What does cybersecurity look like from the IT service provider perspective? A study of shows:

Ransomware remains a massive threat to small-to-mid-sized businesses (SMBs).

  • From Q2 2016 to Q2 2018, 79% of Managed IT Service Providers report ransomware attacks against customers.
  • In the first 6 months of 2018, 55% reported ransomware attacks against clients.
  • 92% of Managed IT Service Providers predict the number of ransomware attacks will continue at current, or worse, rates.
  • The average managed service provider reports 5 of these attacks within their client base per year.
  • In the first half of 2018, an alarming 35% of Managed IT Service Providers report clients suffered multiple attacks in a single day (up from 26%, year-over-year). Fortunately, we have never seen this case with an OXEN client.
  • Ransomware infections in the cloud continue to increase. IT providers that report that of cloud-based malware infections, nearly 50% called out Office 365 as the target.

The problem is bigger than we know, as a startling number of attacks go unreported.

  • IT providers report that fewer than 1 in 4 ransomware attacks are reported to the authorities.
  • SMBs are largely in the dark about the frequency and severity of ransomware attacks. Nearly 90% of Managed IT Service Providers are “highly concerned” about the ransomware threat. 36% report their SMB clients feel the same.
  • Managed IT Service Providers rank phishing emails as the top ransomware delivery method followed by malicious websites, web ads, and clickbait.

The aftermath of a ransomware attack can be crippling for a business.

  • 67% of Managed IT Service Providers report victimized clients experienced a loss of business productivity
  • More than half report clients experienced business-threatening downtime
  • The cost of business downtime is 10x greater than the cost of the ransom requested. Managed IT Service Providers report the average requested ransom for SMBs was ~$4,300 in 2017 –18. The average cost of downtime related to a ransomware attack is ~$46,800.

Are there solutions or ways to mitigate the risk of ransomware?

  • Having an Apple operating system isn’t a silver bullet. Managed IT Service Providers reporting OS/iOS attacks increased by nearly 500% year-over-year
  • The most effective solution for avoiding downtime caused by ransomware is business continuity and disaster recovery (BCDR). 90% report that victimized clients with BCDR in place fully recovered from the attack in 24 hours, or less.
  • Lack of cybersecurity education is a leading cause of a successful ransomware attack.

The best and only way to withstand evolving threats is to employ a layered approach. This means proven security technology that covers all threat vectors and is constantly kept up to date, coupled with sophisticated, ongoing end user awareness training. Cybersecurity policy helps shape and enforce procedures to improve cybersecurity.

Training is effective in reducing cyber threats. testing by top security firms showed that cybersecurity risk is reduced proportionally to the amount of training.

  • The more security awareness training is conducted, the better employees are at spotting and avoiding risks.
    • Companies that ran between 1-5 campaigns saw a 33% phishing click-through rate.
    • 6-10 campaigns dropped the rate to 28%.
    • 11 or more campaigns reduced the rate to 13%.
  • Phishing simulations and campaigns are most effective when the content is current and relevant.

The Cybersecurity Market

Where does this leave the cybersecurity market?

Given the rise in the volume and sophistication of the attacks coupled with the increasingly strategic nature of digital business projects, Cybersecurity Ventures, a venture capital firm, is projecting that businesses will spend one-trillion-dollars per year on cybersecurity by 2020.

Two-thirds of Managed IT Service providers are being asked by customers to protect instances of Microsoft Office.

Mobile computing creates challenges of not just securing the devices and the applications that run on them, but also making sure the wireless networks used to access corporate resources are not distributing malware. And continued investment in Internet of Things (IoT) projects creates increased threat of security breaches.

As for staffing, there’s a massive shortage when it comes to IT security expertise.

  • Intel estimates that by 2020 there will be anywhere from one to two million unfulfilled IT security jobs worldwide. A Forbes report predicts similar labor shortages.
  • Managed Service Providers have an advantage over internal staffs in that they can resolve security issues faster because the odds are good that they’ve seen the problem before.

What’s Next?

The next two parts of our 2019 State of the IT Landscape overview will jump to other current IT industry trends – the cloud and emerging technologies. These are some of the fastest moving areas of the IT industry. We hope you’ll join us!


Recent Posts / View All Posts

MSP Services

Boost Your Business Performance with MSP Services

| Business Productivity, Managed Services | No Comments
Every business owner wants to achieve continued success for their business. Several processes and tasks need to be taken care of in creating and maintaining a successful business. Most owners cannot handle these because there is too much to do and not enough time. For this reason, many business owners rely on the services of IT managed service providers, or MSP's. If you're a regular reader of our blogs, you'll remember that we have covered some of the most valuable services MSPs can provide for your business. Here is a quick look back at those services and how they can…
Technology

Understanding the Technology That Runs Your Business

| Business Productivity, Uncategorized | No Comments
No matter what kind of business you run or what industry you are in, we all know that technology is crucial to our success. Using the right technology can put your business on the path toward growth and success. And a lack of proper IT tools and strategies could make you fall behind your rivals and lose considerable profits. Practical Applications of Technology for the Modern Business Most business owners understand that a reliable IT system is necessary for network security. Internal and external communications, database management, and other high-priority areas. But IT is also valuable in improving practically all…
IT Provider

The Right IT Provider Is Crucial for Your Success

| Business Productivity, Uncategorized | No Comments
In the digital era that we live in, we cannot overemphasize the significance of an IT provider for the different aspects of your business. It is impossible to start or operate a business without relying partly on IT services and support. It is a challenge to stay competitive in your industry if you do not have a trusted IT person or managed services provider by your side. Ways of Getting IT Support There are different ways to get the IT support you need for your business. Each method has its pros and cons, and the choice will depend on your…