Bots, billions and breaches: Cybersecurity by the numbers
This feature is part of a series focused exclusively on cybersecurity. To view other posts in the series, check out the spotlight page.
Looking back 10 years, it’s impressive to see how far businesses have come with technology. Just about any required service, data or information can be found online.
But with that convenience and access comes a downside: more hackers than ever are cracking systems many thought were bullet proof, looking to creatively trick users into revealing data that can open the doors to the kingdom.
There is perhaps no better way to get a sense of the problem than by looking at the numbers. The cybersecurity industry is far more than ones and zeros. The following are some of the numbers defining enterprise security, providing a better sense of what organizations are dealing with and where companies across sectors are headed when it comes to cybersecurity.4,281,795,808
The number of records exposed in 2016.
Last year, there were 4,149 breaches reported leading to a record number of exposed records, according to a report from Risk Based Security. In fact, the number of records breached in 2016 dwarfed the previous all-time high, reached in 2013, by almost 3.2 billion.
What sets 2016 apart is the severity of just a handful of breaches. The top 10 most severe breaches accounted for 71% of the total number of records exposed, compromising everything from passwords and email addresses to birth dates. Yahoo had the top two most severe breaches, followed by FriendFinder and MySpace.$25,000
The FTC’s reward for helping to secure the Internet of Things.
The Federal Trade Commission is offering $25,000 to anyone who can help it come up with a solution to combat Internet of Things (IoT) security vulnerabilities. Hackers are now harnessing IoT to launch massive botnet attacks. Recognizing the scope of the potential threat, the FTC is asking for the public’s help through its IoT Home Inspector Challenge. Submissions are due by May 22 and winners will be revealed in July.1 TBps
The largest DDoS attack of 2016.
In 2016, the internet witnessed the largest DDoS attacks on record, propelled by compromised botnets that could be unleashed to disrupt services. Radware predicts that the cybersecurity sector is entering the “1TBps DDoS era” where attacks will continue to become more sophisticated and damaging.
The largest attack last year hit the French web hosting firm OVH in September, using the Mirai botnet, which had its source code made public shortly after the attack, according to Radware. In October, Mirai was used to attack the DNS provider Dyn, disrupting internet service on the East Coast of the U.S.$101.6 billion
The amount of revenue expected from security-related spending by 2020.
Enterprise security-related spending on hardware, software and services is expected to skyrocket worldwide. Last year, the industry earned just $73.7 billion in revenue. Spending on security products is growing at twice the rate of overall IT spending growth, according to IDC.
Security services are projected to be the largest category of investment, accounting for nearly 45% of all security spending worldwide in 2016. In particular, managed security services will generate the most revenue, forecast to reach $13 billion this year.
Among industries, banking, discrete manufacturing, federal/central government and process manufacturing will be the biggest spenders on IT security over the next five years, accounting for 37% of worldwide security revenues in 2016. Meanwhile, healthcare will see the fastest growth in security investments.123456
The most commonly used password of 2016.
Despite continuous warnings about the importance of password security, almost 17% of computer users used the password "123456" in 2016, according a report from Keeper Security. The second most popular password of 2016 was not much better: "123456789." Other commonly-used passwords included "qwerty," "google," "1q2w3e4r" and "666666."$6
The amount required to buy access to a hacked server.
For a bargain price, anyone can buy credentials for one of 70,000 hacked servers on xDedic, an underground marketplace, according to the Kaspersky Lab Threat Review for 2016. Per the report, the underground economy for stolen credentials is bigger and more sophisticated than ever before.97.25%
The amount of phishing emails containing a form of ransomware in Q3.
In the third quarter of 2016, all but 2.75% of phishing emails contained ransomware, up from 92% in Q1 of 2016, according to a report from PhishMe. Locky encryption ransomware continues to lead the pack, demonstrating “adaptability and longevity” and it introduced a number of techniques to resist detection during the infection process, according to the report.$1 billion
The amount of money paid to ransomware in 2016.
The ransomware industry boomed in 2016, and is expected to generate $1 billion, up from $24 million in 2015. The average ransom demanded last year also went up, from about $295 at the end of 2015 to $679 is 2016, according to a report from Symantec.
Ransomware is easy to deploy and has a high ROI, so criminals are flocking to it. And, almost anyone can purchase ransomware kits and start pumping ransomware out almost immediately, providing very few barriers to entry. All this means ransomware is likely to continue growing, and businesses must be vigilant to prevent becoming victims.
Follow Naomi Eide on Twitter