I haven’t touched on security in a bit, so let’s revisit.
From Canalys, The worldwide cybersecurity market grew 12.5% year on year in Q1 2023 to US$18.6 billion, outpacing the rest of the tech sector despite worsening macroeconomic conditions. Results were in line with Canalys’ best-case forecasts. Identity security (+14.3%) remained a high priority, as well as securing hybrid workers, which drove investment in SSE within web and email security (+16.0%).
New survey data from TechAisle – breaches cost SMBs an average of US$1.2 million in data, productivity, compliance and regulatory expenses, and staffing costs. In contrast, upper-midmarket firms (1000-4999 employees) suffered an average loss of US$28.6 million. The research also revealed that 56% of SMBs and 88% of upper midmarket firms experienced at least one cyberattack in the past year. 85% of SMBs are citing security as a top technology concern.
A wrinkle in the data, too – while the number of organizations hit by ransomware attacks over the past year has stayed level, the data recovery cost has increased, both in ransomware payment and in restoring lost data. This is from the Sophos State of Ransomware report. Across the board, the average ransom amount paid out almost doubled this year, tipping at $1.54 million, compared to $812,380 in the 2022 study. In addition, 40% forked out more than $1 million, up from just 11% last year, with 13% making ransom payments of at least $5 million this year.
I reported on the White House considering banning ransomware payments – well, the British government is increasingly concerned about keeping incidents secret. This from a recent National Cyber Security Center advisory.
Cloud attacks up too — Exploitations targeting cloud infrastructure increased 95% from 2021 to 2022—that one from Crowdstrike.
Add to the warnings to your customers – AI-based scams using cloned voices. They’re up too. In a recent McAfee survey, 77% of victims in AI-enabled scam calls said they lost money. More than a third of those victims lost more than $1,000.
And a note – St. Margaret’s Health in Spring Valley, Illinois, closed last week, unable to recover from the costs of a 2021 ransomware attack. Examples abound – billing is on hold at Idaho Galls Community Hospital as it recovers from. May 30 incident. A medical center in Murfreesboro, Tennessee, was forced to shut down operations for two weeks after an April attack. The 722-bed Tallahassee Memorial HealthCare was shut down for a breach for two weeks in February.
There is some good news in all this. Multi-factor authentication (MFA) has nearly doubled since 2020, and phishing-resistant authenticators represent the best choice in terms of security and convenience for users, according to the Secure Sign-In Trends Report from Okta. 90% of Okta administrators and 64% of users signed in using MFA during January 2023.
Why do we care?
Get that MFA into the field, that’s for sure. Costs are going up dramatically around security, and that’s the key message. Despite the sector’s importance, I won’t linger – nothing particularly groundbreaking in this news. This is very much a series of updates.