October marks the end of Cybersecurity Awareness Month (CSAM) in the US and Canada and European Cybersecurity Month (ECMS) in Europe. While these campaigns aim to promote best practices and awareness of cybersecurity, October is also a time for Halloween and the perfect opportunity to share spine-tingling figures about the real-life tricks and threats lurking online.
In celebration of two decades of CSAM, here are 20 chilling facts and figures about cybersecurity that will leave anyone feeling uneasy about their online security:
1. Phishing attacks were the most common form of cybercrime reported to the FBI in 2022, with a total of 300,000 incidents. This likely represents just the tip of the iceberg in terms of the actual number of phishing attacks.
2. Social media-themed lures were the most common type of phishing attacks in the first half of 2023, making up 37.5% of all phishing websites.
3. The demand for username/password combinations on the dark web is on the rise, with over 24 billion combinations discovered in 2022, up from 15 billion in 2020.
4. A record number of 25,096 software vulnerabilities were discovered and published in 2022, with 80% of them being medium or high severity.
5. Phishing attacks cost consumers and businesses over $52 million in 2022, according to the FBI.
6. Despite the effectiveness of multi-factor authentication (MFA) in mitigating the threat of phishing, a study found that 44% of Americans are only “somewhat familiar” or have not heard of it at all.
7. Social media accounts are a popular target for cybercriminals, making it important to secure them from illegal takeover.
8. While SMS is the most popular form of MFA, it is not the most secure, with hackers being able to intercept codes sent over text relatively easily.
9. The use of weak and common passwords continues to be a major security risk, with nearly one in every 200 passwords being “123456,” according to a study by Digital Shadows.
10. Despite the importance of changing passwords after a data breach, less than half of breach victims reported doing so.
11. Password reuse is a dangerous practice, as it can enable hackers to open multiple accounts with a single stolen credential. However, just 15% of consumers use a unique password for each account.
12. Stolen credentials can have a critical impact on digital life and finances, with over half of identity crimes in 2022 being stemmed from compromised passwords.
13. Victims of identity fraud stemming from stolen passwords reported experiencing emotional and psychological problems, with nearly a fifth of US victims reporting thoughts of suicide.
14. Account takeover is a prevalent threat, with over a fifth of US adults having been victims of ATO, and the average financial loss from financial ATO attacks being nearly $12,000.
15. Over half of Americans are becoming increasingly concerned about the security of their online accounts, with 56% feeling more concerned about their online safety than ever before, according to Google.
16. Resetting passwords regularly is an important practice, but only a fifth of Americans reported doing so daily or multiple times a week, which may imply that they rely too much on memory.
17. While password managers are a great way to store strong and unique passwords for every app and site, only 44% of Americans currently use one.
18. Good cybersecurity practices should be followed year-round, not just during Halloween. It is important to update software, choose strong and unique passwords, enable MFA on all accounts, and be familiar with phishing tactics.
As the month comes to a close, these spine-tingling security figures serve as a reminder of the importance of staying vigilant and proactive when it comes to protecting personal and business assets from cyber threats. With cybercriminals constantly evolving their tactics, it is crucial for individuals and organizations to stay informed about best practices for online security to avoid falling victim to potential attacks.