20 scary cybersecurity facts and figures for a spooky Halloween

Digital Security

Cybersecurity Awareness Month is almost over and Halloween is just around the corner, so here are a bunch of spine-tingling numbers about some of the real tricks and threats lurking online

20 scary cybersecurity facts and figures for a spooky Halloween

It’s October Cybersecurity Awareness Month (CSAM) in the US and Canada and European Cybersecurity Month (ECMS) on the other side of the pond. These campaigns represent a great opportunity to share best practice and improve awareness of all things cybersecurity among businesses and consumers.

But October is also the scariest month of the year. So with Halloween just around the corner, it seems like a good idea to combine the two events, and share the top 20 facts and figures to scare anyone who values ​​their security. Why 20? Because 2023 marks two decades of CSAM.

This year’s CSAM has a very simple four-part message for improving your security:

  • Use a strong password and password manager
  • Turn on multi-factor authentication (MFA)
  • Identify and report phishing
  • Update your software

Our top 20 scary security facts that will haunt you

With that in mind, here are 20 scary security facts to keep tips in mind:

  • Phishing was the most common form of cybercrime against businesses and consumers last year, according to incidents the FBI reported. There will be 300,000 in total reported in 2022, although this likely represents only the tip of the iceberg.
  • Phishing attacks use a lot of bait. The most common in the first half of 2023 will be social media-themed lures, according to ESET H1 2023 Threat Report. This accounts for 37.5% of all phishing websites.
  • Username/password combinations are in high demand, as they can give hackers access to your online personal and banking accounts. In a 2022 report found more than 24 billion combinations on the dark web, up from 15 billion in 2020.
  • Software updates are essential to fix newly discovered vulnerabilities that cybercriminals can exploit. Last year, a record number of these vulnerabilities discovered and published: 25,096.
  • About 80% of vulnerabilities reported in 2022 medium or high severity, with 16% considered critical. However, even non-critical vulnerabilities can be exploited by cybercriminals to devastating effect.
  • Phishing continues to be a huge money maker for cybercriminals. In 2022 alone it will cost consumers and businesses more than $52 million, according to F.B.I.
  • MFA is a great way to mitigate the threat of phishing and secure your online accounts. However, 44% of Americans are “somewhat familiar” or have never heard of it, according to a study.
  • Not surprisingly only 2.6% of X (Twitter used to be) users have MFA turned on to protect their account from phishing. Social media is a popular target for cybercriminals, so you should protect your accounts from illegal takeovers.
  • Not all types of MFA are created equal, as hackers can intercept codes sent via text quite easily. However SMS is still the most popular form of MFA. On Twitter (now X), it accounts for 74% of MFA in 2021, followed by more secure options in authentication apps (29%) and security keys (1%).
  • It’s important to use unique, hard-to-guess credentials for all your accounts. A 2022 study by Digital Shadows found that 40 of the top 50 most common passwords can be cracked within one second.
  • According to the same studynearly one out of every 200 passwords is “123456,” which is easy for cybercriminals to guess.
  • It is important to change your passwords if they are involved in a data breach. However, according to one 2021 studyless than half (48%) of breach victims changed the passwords of the breached account.
  • Password reuse is dangerous because it enables hackers to open many of your accounts with a stolen credential. But only 15% of used by consumers a unique password for each account.
  • Stolen credentials can have a critical impact on your digital life and finances. More than half (55%) of identity crimes stem from compromised passwords last year.
  • Identity fraud stemming from stolen passwords can even cause emotional and psychological problems. Nearly one-fifth (16%) of US victims report having suicidal thoughts when interviewed this year.
  • If cybercriminals get hold of your passwords, they can hijack your social, banking and other accounts. More than a fifth (22%) of US adults have been victims of an account takeover (ATO), according to one 2021 study.
  • Account takeovers can cost victims dearly: the average financial loss from ATO financial attacks almost $12,000.
  • As awareness grows, concerns about cybersecurity grow as well. Nearly half (46%) of Americans feel confident about the security of their online accounts and 56% are more concerned about their online safety than ever, according to Google.
  • Password resets are important if you are concerned that your account may have been breached, or an organization you do business with has notified you of a breach. Fifth (21%) of Americans reset their passwords every day or several times a week, which may mean that they rely heavily on memory.
  • Password managers are a great way to store long, strong and unique passwords for every app and site. However, according to the same survey, only 44% of Americans currently using one.

Remember: good cybersecurity is for all year round, not just for Halloween. So update your software when prompted, choose strong and unique passwords or passphrases and store them in a password manager, turn on MFA on all accounts that offer it, and get familiar of phishing tactics. Stay safe.

This video will also help put you on the right path to better password security:

Leave a comment