CISOs might suffer from breach and threat statistic fatigue but must still quickly assess the organization’s security posture when business executives ask about newsworthy incidents.
Unfortunately, sometimes statistics are the only tool security professionals have. These statistics can be valuable however, only when put into the context of your particular business risks as supporting facts, rather than to replace a business case.
The threat still begins with traditional and well-known entry points, such as email.
Attacks on emails remain the easiest way for attackers to breach an organization, as shown by these statistics:
- Email delivery is involved in 94% of malware detection.
- Phishing is present in 78% of cyber espionage incidents.
- Losses of over $1.2 billion came from business email compromise in 2018.
An emerging microtrend indicates that identities are now taking new forms.
Identity is the new treasure for cybercriminals, and CISOs don’t yet fully comprehend the extent of the challenge:
- 64% of stolen records in 2018 were stolen identities.
- 29% of breaches involved the use of stolen credentials.
- Yet, only 19% of CISOs think they encountered a stolen credential incident in 2018.