5 Must-Know Cybersecurity Stats of 2022
The past year has seen significant growth both in the type and severity of cyberattacks. To better understand what’s driving these attacks and, more importantly, how you can minimize your risk, we’ve identified the stats you need to know leading into the new year.
1. On average, remote work-related breaches cost organizations $1 million more than those where remote work was not a factor.
The shift to remote work and the cascading move to more cloud office apps and decentralized work sites has had a significant impact on the size of breaches. With 25% of employees in the United States working remotely and hybrid work becoming increasingly common, there are more opportunities for cyberattacks.
While there are many great benefits of remote work both for employees and employers, this new way of working also opens up new access points for attackers to enter an organization’s digital walls. According to Gartner, 70% of organizations already making the move to cloud email, allowing new entry and exit points for potential breaches from email platform attacks.
2. About 150 billion spam emails are sent every day.
Wow, that’s a lot of spam getting sent across the globe every day! The good news is that the majority of spam is picked up by spam filters. The bad news is that if even a tiny percentage of spam gets through these filters, that’s still a lot of spam to manage. In 2022, Abnormal saw a 91% increase in unwanted mail over the previous year.
All of this leads to email fatigue and our daily deluge of emails pushes us to use shortcuts in how we engage with email. To stay productive, employees tend to process and respond to emails from those they (appear to) know with less caution—which can lead directly into an attacker’s scam. To help employees stay vigilant, it is more important than ever to remove those spam messages so they can focus on the email that truly matters.
3. Business email compromise (BEC) accounts for 35% of all cybercrime losses.
In May of 2022, the FBI Internet Crime Complaint Center released an eye-popping report that highlighted the continued growth in BEC attacks. Global losses from BEC attacks between July 2019 and December 2021 increased by 65% over the previous year, and account for 35% of all losses due to cybercrime.
Because these targeted attacks are unique and leverage stronger veils of trust through social engineering, they are hard to recognize and often costlier than other, less-targeted attacks. A separate report from the FBI shows that BEC attacks have amounted to more than $43B in exposed losses since June 2016.
Training employees to be vigilant and use their critical thinking skills when reviewing payment requests can help mitigate less sophisticated BEC attacks, but the numbers indicate that even the best training won’t keep organizations entirely safe. The most effective tool is prevention, using technology that can analyze normal behavior about the identity, context, and content of emails and identify when sender accounts may be compromised.
Source: FBI 2021 Internet Crime Report
4. The global cybersecurity workforce gap is roughly 3.4 million people.
The supply of skilled cybersecurity workers needed to protect cross-industrial enterprises from increasingly complex modern threats has not kept up with demand. As any good economics course would teach you, when supply is less than demand, the price to fulfill demand will increase.
Practically speaking, this means organizations either need to pay more to security analysts to protect their organizations from threats or seek out options that free up security analysts' time through automation and AI technology. Otherwise, they’re guaranteed to increase their risk of becoming a cyber attack victim. Without an appropriate level of cybersecurity staff, organizations are less able to properly assess and manage risks, remediate misconfigurations, or patch critical systems expeditiously.
5. Only 36% of organizations have visibility into the level of access and permissions that internal and external users possess.
Third-party apps have become an integral part of the workplace. In fact, 165 new third-party apps were added to Microsoft’s AppSource between Dec 1 and Dec. 5. Adding purpose-built apps to Google Workspace or Microsoft 365 can fill gaps in the native cloud functionality businesses need to operate. However, these wonderfully well-meaning and productivity-increasing apps have potential pitfalls if their permissions and configurations are not monitored effectively.
More than half (51%) of organizations don’t have an inventory of third-party apps with access to their network. Attackers have seized this opportunity to infiltrate tenants through third-party applications on email platforms. After using those applications to gain access, attackers can download platform data, send additional attacks, or keep tabs on the environment before striking in other ways. Taking steps to monitor and audit third-party app installations and access levels is increasingly important.
There is a confluence of factors driving greater risk and impact of cybersecurity attacks this year. The shift to remote work, and subsequently the cloud, has opened up new vectors of vulnerability within company security postures across the world. With the changing landscape of security infrastructure, attackers have become increasingly more sophisticated, orchestrating precise social engineering attacks that compromise organizations and their vendors. This is occurring against the backdrop of an unprecedented cybersecurity analyst shortage that leaves many organizations unable to secure their email platforms without the aid of more effective technology.
Are your security initiatives keeping up with the pace and sophistication of new cyber threats? To see how Abnormal’s behavioral AI can help secure your cloud email platform, schedule a demo.