Skip to main content

10 stats that reveal the changing face of IT security

With the advent of cloud infrastructure and mobile working, there’s been a crucial shift in how we think about security. Enterprises now face an increasing number of new threats and challenges.

To help you navigate the modern world, here are ten stats that reveal the changing face of IT security.

1: In the UK, during Q2 the average number of cyber attacks per business rose to 65,000

It’s common for businesses to experience multiple attempts of unauthorised entry – even if the hackers don’t get in. But this means you need a ‘not if, but when’ mindset when protecting a business from an attack. Criminals are increasingly sophisticated, using a mix of tech and social engineering to find weak points in IT security perimeters.

2: 81% of security incidents are caused by credential theft

Hackers used to target servers and hardware, but today, credentials are the preferred method of access to a business. If employees have a lack of awareness around security – falling prey to phishing scams, weak passwords and unsecure networks, this makes it an easy job for the criminals.

3: 46% of UK businesses have ‘bring your own device’ policies

Cyber Security Breaches Survey 2017
Many businesses are now deploying Software-as-a-Service (SaaS) apps to enable flexible, mobile working on any device. While this increases productivity, and has lots of other business benefits, new ways of accessing data pose new security risks.

4: Only 7% of businesses have good visibility of all critical data. 58% say they only have slight control

Data is now decentralised across cloud, on-premises and multiple devices. And with eroding network boundaries, it becomes hard to keep track of who has what access, where. Losing control of data and access management means losing control of security.

5: Only 35% of people in the UK use strong passwords

Action Fraud
We all know a secure password contains mixed characters and is based off an acronym, with an added layer of multi-factor authentication. Yet many businesses use passwords that are easily cracked like ‘admin’. Data security is now not just about infrastructure, but understanding user behaviour and how people interact with critical business data.

6: 73% of users use password duplicates

Duplicate passwords are also a problem for enterprises. If one password is compromised from an end-user, criminals can take down multiple accounts in one go. If employees are working on their own devices, and use the same password for personal and business accounts, this increases your risk twofold.

7: 90% of login requests are traffic from credential stuffing attacks

Shape Security
Another way criminals are taking control of multiple accounts and stealing heaps of data at once is via credential stuffing. They’re now using automation to test usernames and passwords stolen from one location, and repeating the process to hack you quicker and more efficiently.

8: 80% of security breaches involve privileged credentials

Many enterprises have an unnecessary (and unknown) number of employees with privileged account access. These accounts are the master keys and hold your most sensitive information. The more users you give administrative rights, the more you’re at risk. Just look at the damage done in the Deloitte cyberattack, where hackers got direct access through a privileged email account.

9: It takes between 98 and 197 days for a business to detect a data breach

Ponemon Institute
This is plenty of time for hackers to cause irreparable damage to an enterprise. But aside from this, under the General Data Protection Regulation companies will need to report a breach within 72 hours. Failure to do so could result in penalty of around 4% of your annual global turnover.

10: 80% of employees use non-approved apps for work (shadow IT)

Frost & Sullivan
SaaS applications are great for any business, but they must be secure. Enterprises undergoing a digital transformation or technology update often discover employees are using shadow IT. If current technology is hampering productivity and holding them back, they’ll choose any old convenience over security, putting the enterprise at risk.

Cloud control: how enterprises can stay mobile, productive and secure

These stats may not come as a surprise – it’s hard for enterprises to stay secure in the modern world. Data access is now a balancing act between open and closed doors. It’s abo ut being flexible, as well as minimising risk and creating effective boundaries.

How do businesses achieve this? Through Identity and Access Management (IAM). Identity is the new security perimeter, so a good IAM strategy is crucial if you want to keep control of data in the cloud.

  • With Microsoft’s Azure Active Directory, you can give employees easy access to apps anywhere, while keeping your data secure. You can also manage user permissions, restricting them when you detect anomalous or suspicious behavior.
  • Windows Hello allows you to set-up biometric authentication and complex PIN passwords so you can deeply secure access into your network. These are tied to a registered device so data can’t be stolen remotely.

Microsoft is continuously developing new technology to counteract threats and the nasty statistics. We’re helping businesses stay protected 24/7 – both in the cloud and on-premises – anywhere and everywhere.

Learn more

Want to find out more about security, productivity and mobility in the modern world? Attend a partner-led workshop to learn about best practice when responding to new threats and challenges.