Our team of cyber security experts have spent hundreds of hours researching and analyzing the emerging threat landscape to bring forward these predictions.
From the cost of cyber crime to the rise of supply chain attacks, our library of expertly curated security statistics has you covered.
Find your topic below or view our FAQs and sources.
As data breaches become more pervasive in our interconnected world so must our understanding of modern day cyber attacks.
In this video series, we sit down with cyber security experts and get their take on the most recent cyber attacks and breaches in 2022.
How PurpleSec Helps To Secure Your Business
Our vulnerability management services and penetration testing services provide a holistic approach to securing what’s most important to you.
How PurpleSec Helps To Secure Your Business
Our vulnerability management services and penetration testing services provide a holistic approach to securing what’s most important to you.
Ransomware is a form of malicious software that threatens you with harm, usually by denying you access to your data. Ransomware attacks are often deployed via social engineering tactics. Once a user falls victim to the attack, their data is encrypted.
The attacker then demands a ransom from the victim, with the promise to restore access to the data upon payment.
Not all attacks should be denoted as supply chain attacks, but due to their nature many of them are potential vectors for new supply chain attacks in the future. Organizations need to update their cybersecurity methodology with supply chain attacks in mind and to incorporate all their suppliers in their protection and security verification.
Add this stat to the top(According to a recent survey, over 60% of security leaders) say they plan to deploy supply chain security measures in 2022. 78% reporting that their boards confer on this topic at least once every month.
How PurpleSec Helps To Secure Your Organization
Our vulnerability management services and penetration testing services provide a holistic approach to securing what’s most important to you.
Malware, or malicious software, is any piece of software that was written with the intent of doing harm to data, devices or to people.
Types of malware include computer viruses, trojans, spyware, ransomware, adware, worms, file-less malware, or hybrid attacks. Recent malware attacks have become more sophisticated with the advent of machine learning and targeted spear phishing emails.
Social engineering is a type of cyber attack where threat actors attempt to retrieve sensitive information by manipulating people into providing sensitive data, account credentials, or granting access to networks or systems.
Threat actors track our digital footprint to gather as much information as they can about an organization, its employees, and its vendors.
They then craft general or targeted phishing campaigns by preying on our emotions or by impersonating authority figures to gain our credentials and personal information.
How PurpleSec Helps To Secure Your Organization
Our vulnerability management services and penetration testing services provide a holistic approach to securing what’s most important to you.
Cloud / Zero Trust / Web Applications / Mobile / IoT / Crypto / WFH / Managed Security
Just like the name implies, the zero-trust framework follows an implicit trust philosophy and commands us to “trust no one.” This is a significant departure from traditional security models that followed a “trust but verify” approach.
In contrast, the zero-trust security model requires continuous authentication, authorization, and validation of all internal and external users to gain and maintain secure zero-trust network access to apps and data on an enterprise network.
How PurpleSec Helps To Secure Your Organization
Our vulnerability management services and penetration testing services provide a holistic approach to securing what’s most important to you.
A mobile device is a general term for any type of handheld computer. These devices are designed to be extremely portable, and they can often fit in your hand. Some mobile devices—like tablets, e-readers, and smartphones—are powerful enough to do many of the same things you can do with a desktop or laptop computer
The Internet of Things, or IoT, refers to the billions of physical devices around the world that are now connected to the internet, all collecting and sharing data. This network of physical objects—“things”— are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and people across the globe.
Crypto is a form of digital currency that you can use to purchase services and goods. However, it uses an online ledger with strong cryptography for securing your online transactions called Blockchain. Blockchain is among the most secure technologies with data integrity, a decentralized system, and verifiability. Blockchain has incredible potential to help companies verify the sources of their products and track supply chain movement, minimizing fraud and contamination issues.
WFH means an employee is working from their house, apartment, or place of residence, rather than working from the office. Many companies have a WFH policy, or remote work policy, that allows their employees to work from home either full-time or when it’s most convenient for them.
Patient data is particularly valuable to the criminal community.
Electronic Health Records (EHR) contain a wealth of information about each patient: name, social security number, financial information, current and previous addresses, medical history and names of next of kin.
How PurpleSec Helps To Secure Your Organization
Our vulnerability management services and penetration testing services provide a holistic approach to securing what’s most important to you.
Threat actors may also target medical devices such as patient monitoring equipment. This equipment is often linked to a computer and therefore potentially to the whole network.
While it’s true that enterprise companies are targeted by cyber attacks daily it’s actually small businesses that face the most risk of loss.
This is because threat actors view small businesses as easier targets having less money to invest into security like financial institutions or technology companies may.
Related Article: 5 Proven Network Security Tips For Small Business
Endpoints are network-connected computing devices, capable of communicating with other points and devices across the network. Such devices come in many forms, from PCs, tablets, and mobile phones to smart vehicles and light bulbs. While these devices form endpoints on a network they are often the starting point of a cyber attack, which is why a focus on endpoint security is essential. This is especially relevant in a corporate environment, where sensitive business data is at stake.
A Security Information and Event Monitoring solution (SIEM) aggregates log and event data from an exponentially-growing number of data sources across the infrastructure (applications, network and endpoint security tools, cloud monitoring tools, identity providers, etc.). This data is then analyzed using predefined threat detection rules and queries to identify suspicious or unauthorized behavior.
Providing the essential role of helping security teams rapidly detect and respond to cyberattacks before they can have a material impact on the business of the organization. You can think of a SIEM as a tool that provides a comprehensive view of an organization’s IT security.
AI/ML—short for artificial intelligence (AI) and machine learning (ML)—represents an important evolution in computer science and data processing. The goal is to simulate natural intelligence to solve complex problems. The goal is to learn from data on certain tasks to maximize the performance of that task. AI is decision-making. ML allows systems to learn new things from data.
VPN stands for “Virtual Private Network” and describes the opportunity to establish a protected network connection when using public networks. VPNs encrypt your internet traffic and disguise your online identity. This makes it more difficult for third parties to track your activities online and steal data.
Managed Detection and Response (MDR) is a cybersecurity strategy focused on detecting cyber-attacks before they reach a critical stage. MDR relies on cloud computing, which provides important information about a threat and how it was detected. MDR takes this information and creates defensive measures to combat the attack.
You can read our full list of sources here.
Find an error or want to report an update? Email us and we’ll fix it!
It is reported by the Center for Strategic and International Studies (CSIS) that China and Russia are the biggest cyber offenders and have been since 2006. From 2006 to 2018, China was involved in 108 cyber incidents with losses of more than $1 million each. Russia has been responsible for 98 major cyber incidents since 2006 with losses of more than $1 million each. The study named the rest of the world as the third-worst offender, with 67 incidents. Next in the ranking came Iran with 44 incidents, and North Korea with 38. India was listed as guilty of 16 important cyber incidents from 2006 to 2018, while the U.S. was accused of nine.
Nearly 98% of all cyber attacks rely on some form of social engineering to deliver a payload such as malware. The most popular method of initiating a social engineering attack is through phishing emails. Therefore, threat actors distribute malware via email approximately 92% of the time.
62% of businesses experienced phishing and social engineering attacks in 2018 with a new organization falling victim to ransomware every 14 seconds in 2019.
The total number of spear-phishing campaigns targeting employees increased by 55%, which makes up 71% of all targeted attack on businesses. Given the rise in phishing attacks it is estimated that 90% of incidences and breaches included a phishing element in 2019.