10 Cyber Security Facts for 2023

Our cyber stats begin with a reminder of the financial cost of data breaches. According to IBM’s 2022 Cost of a Data Breach report, the average cost of a data breach in the United States is $9.44 million, more than twice the global average of $4.35 million and highest overall. According to the report, the United States has held the title for highest cost per breach for the past 12 years. 

There is more malware (malicious software) online than ever before. Even the widespread use of anti-malware and antivirus software hasn’t stopped the spread of this persistent threat. There are more than a billion malware programs out there, and more than a half-million (560,000) new pieces of malware are detected every day. The most common malware programs are Trojans, a type of malware that disguises itself as legitimate code or software, which make up 58% of all computer malware.

Considering the growth in the Internet-of-Things (IoT), perhaps one of the most concerning items on our list of cyber security facts involves the vulnerabilities of cloud computing. Nearly half of all data breaches (45%) occur in the cloud, but organizations with a hybrid cloud model which is a mixed computing model that combines public and private clouds had lower average costs per breach, at $3.80 million, than those with public ($5.02 million) or private ($4.24 million) cloud models.

One common thread running through the cyber security threat landscape is the undeniable fact that humans make mistakes. Research indicates 19 out of 20 breaches are the result of human error in some form. This includes a range of human behaviors like downloading infected software, weak or irresponsible password management or failing to install software updates that contain critical security patches.

As the lead federal agency for investigating cyber attacks, the FBI leverages its capabilities, authority and partnerships to impose consequences against cybercriminals who attempt to exploit vulnerabilities in information security networks. The FBI maintains an operations center and watch floor that provides around-the-clock support and tracking of cyber incidents. They also leads a task force of more than 30 law enforcement and intelligence agencies called the National Cyber Investigative Joint Task Force (NCIJTF). Established in 2008 to address the evolving cyber challenge, the NCIJTF synchronizes the joint efforts of its member agencies that focus on identifying, pursuing and defeating cybercriminals

Exploiting our reliance on email in our professional lives, business email compromise (BEC) attacks are among the most financially damaging cybercrimes. In a typical BEC scam, the cybercriminal might spoof an email account or website to fool victims into thinking the fake accounts are authentic, or send spear phishing emails (attacks intended for a specific person) that look like they’re from a trusted sender but asking them to carry out a task like resetting their password or sending money by wire transfer. Scammers can also use email to infiltrate company networks and systems with malware, allowing them to gain undetected access to a company’s financial account information or passwords.

Phishing continues to hold its place at the top of the cybercrime leaderboard and next on our list of cyber security facts. With email continuing to be the leading access point for cybercriminals, the number of phishing attacks increased by 34% in 2021 and, according to APWG, 2022 was a record-setting year with more than 4.7 million phishing attacks.

The vulnerability of small and medium-sized businesses (SMBs) is well worth examining in 2023. Data shows that cyberattacks on small businesses surged by more than 150% between 2020 and 2021. 

Why are SMBs attractive targets for cybercriminals? Research suggests their owners often misunderstand the true nature of cybercrime and the tools that hackers use, so they don’t believe they could be an attractive target. In fact, a 2021 small business survey found that 56% of small business owners were not concerned about becoming a victim of hacking in the following 12 months, while 42% said that they were. In regard to falling victim to a cyberattack, the survey showed that while 59% of small business owners stated they felt they could quickly recover from an attack, only about 28% had an actual plan to do so.

What small business owners may not understand is that hackers may use their small businesses as a tunnel to gain access to major companies’ data systems, as in the 2013 Target data breach that exposed data from up to 40 million customer debit and credit card accounts.

Cybercriminals might also believe that small businesses are more easily manipulated into disclosing sensitive information or can be coerced into paying a ransom to recover encrypted files. SMB owners might feel like they don’t have the choice to say no to the perpetrators because they don’t have strict policies in place for backing up their data or procedures for its recovery. 

Repeated warnings about possible malicious cyber activity against the United States has encouraged the White House to launch  both public and private-sector action plans to fortify cyber security and promote cyber security awareness. 

The White House has urged companies to take a number of steps toward fortifying their cyber security, including mandating the use of two-factor authentication in systems, deploying modern security tools to search for and mitigate cyber threats, making sure systems are patched and protected against vulnerabilities, encrypting data so it can’t be used if it’s stolen and educating employees in smart cyber hygiene and vigilance.

Considering the role of human error in the frequency of cyber attacks, organizations are responding with cyber security training to help employees spot and avoid phishing and malware attacks. In a 2022 cyber security awareness study, 97% of organizations reported implementing some type of cyber security awareness training in the past year, with most say they are using a combination of phishing simulations and security awareness training.

As the facts about cyber security clearly demonstrate, cybercrime continues to be a threat to the information technology, software and data systems of SMBs and major companies alike. If you’re considering a career in cyber security, we can help. Our online Bachelor's Degree in Cyber Security and Networking is designed to give you hands-on learning experiences and help you develop many of the skills you’ll need to protect data and networks from cybercrime. 

Online cyber security training here at DeVry allows you to learn your way, balancing your commitment to education with work, family and other elements of your busy life. Classes start soon, so let’s talk about how you can get started in our next session.