Statistics of IT Security Threats
This article is a continuation of Security for Your Medical Centre – Part 1. We will discuss various statistics related IT threats and security concerns. This article points out clearly the importance and significance of securing your IT infrastructure. Do not hesitate in any way from ensuring proper security measures, as not doing so can lead to damage and theft of your medical data.
Phishing scams come under social engineering attacks. They provide a fake e-mail or website that looks like an authentic one and tricks you into putting your username and password. Once they capture your username and password, they now have access to your bank account or whatever website they are pretending to be.
A disputed study by Trusteer showed that spear phishing a hundred LinkedIn users resulted in a failure rate of 68%. That would mean that around 30% of those targeted with phishing attempts disclosed their personal data. That is significant enough for medical centres to lose a substantial amount of money once their bank account information has been captured.
Cnet interviewed Michael Barrett, chief information security officer at PayPal (online payment processor) in April, 2011. This is what he had to say regarding the question of PayPal’s weakness to phishing attempts:
“I joined PayPal almost exactly five years ago and it’s fair to say the company had not realized at that point the true significance of phishing. But since that time we’ve put in place a number of defenses against it. It probably will never go away completely as a problem, but it can be substantially minimized. We’re at No. 8 on a list of most phishing sites, which is better than being No. 1. I’m not satisfied with being No. 8 and I’d really like to obliterate the crime completely, but I realize that will take another five years to get to that state. A few years ago we started digitally signing all our outbound e-mail and we worked with Yahoo and Google so if they saw e-mail that purported to come from us but wasn’t signed they would block it. That has been stunningly successful. Now we’re trying to get the whole industry to take up that type of approach. But it will take several more years of pushing to get the rest of the industry to do that.” (1)
Malware is software that is damaging to your computer in various ways. Spyware is a type of malware that infects a computer and relays information of your computer use to different parties.
In 2007, Kaspersky Labs was seeing new malware samples every two minutes, but in 2010, just three years later, that had increased to one new sample every two seconds.
This is what InformationWeek has to say about small organizations and virus threats:
“Small organization respondents’ other top concerns were Trojan applications (60%), malware designed by criminals expressly to steal data (59%), data leaks (56%), spyware (55%), and fake AV (52%). Spam and phishing threats ranked lowest. Most of today’s antivirus software suites protect against many viruses and worms. But when it comes to data-stealing malware, 21% of small U.S. organization respondents said that their IT department could do a better job of protecting end users. Notably, only 47% of small organizations install security software to help stop such malware, 30% offer related security policies, and 28% provide relevant education or guidance.” (2)
Some are touting Cloud resources as the answer to fighting back malware spread. That remains to be seen.
Security Breaches – Hacks
It’s interesting to note that organizations attribute 59% of all security breaches to human error. This can occur if the network administrator has failed to set up the proper security barriers, or it can occur by inadvertently giving our information that a hacker can use to compromise the system.
About half of all organizations consider IT security a top priority. This stat indicates two scenarios. One, namely that there are pockets of IT infrastructures that don’t need high security. Perhaps these are small organizations and medical centres that have a wireless network setup, and they don’t see themselves as a potential target from hackers. The network is small and their data isn’t all that critical. The second is that IT security is seen as a big issue for larger organizations. They have important data that cannot be leaked and as such they are prime targets for hackers. Hackers use stolen company data to sell to competitors and it is quickly becoming a lucrative business. Larger organizations need security for their systems and that entails purchasing the right equipment and having it administered properly.
The cost of an individual data breach – including lost business and the burden of responding to the incident – in 2010 increased 13% year-over-year for U.K. companies. That roughly equals $3 million for each breach, which is quite substantial. Needless to say, every organization, small or big, should pay close attention to its IT security needs.
Medical centres still fear the virus according to a new survey of 1,600 end users in Germany, Japan, the United Kingdom, and United States. Conducted by antivirus vendor Trend Micro, viruses are the leading concern for 63% of small organizations.
A CompTIA stat shows that 33% of law firms admit to experiencing a security issue such as a virus. That’s only law firms, if you total firms from other fields the number is much higher.
The presentation of stats and facts in this article is only intended to create an awareness of various cyber threats. Cyber security is a huge issue and should not be taken lightly.