{"id":55876,"date":"2021-10-28T08:00:00","date_gmt":"2021-10-28T12:00:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=55876"},"modified":"2021-10-28T16:16:14","modified_gmt":"2021-10-28T20:16:14","slug":"top-3-statistically-scariest-it-security-scenarios","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/top-3-statistically-scariest-it-security-scenarios","title":{"rendered":"The Top 3 (Statistically) Scariest IT Security Scenarios"},"content":{"rendered":"\n

It\u2019s Cybersecurity Awareness Month! In honor of the theme \u2014 Do Your Part. #BeCyberSmart \u2014 we\u2019re doing our part by educating organizations and IT teams on protecting themselves. Throughout October, the 探花大神 blog will focus on top cybersecurity issues, from IT admin best practices to CISO responsibilities. Tune back into the blog this month for new cybersecurity content or <\/em>check out our archive of existing security articles<\/em><\/a> for cybersecurity insights written specifically for the IT professional. <\/em><\/p>\n\n\n\n

Imagine your boss calling your team saying their computer is locked and there\u2019s a note on the screen demanding ransom to the tune of $5 million. Did your stomach just drop? Ours did. <\/p>\n\n\n\n

Security incidents are an IT professional\u2019s worst nightmare \u2014 and for good reason. They\u2019re common, sophisticated, and can wreak havoc on a business.<\/p>\n\n\n\n

As a security company, we wanted to understand which security incidents IT professionals fear most so we can advise them on building defenses that help them sleep at night. So we surveyed over 1,000 people<\/a> who work in IT to hear their scariest IT security stories and learn how they\u2019re equipping their stack and team, what concerns them most, how remote work affects their security approach, and more. <\/p>\n\n\n\n

In this blog, we\u2019ll cover the top three IT security scenarios respondents overwhelmingly ranked as the scariest. We\u2019ll dive into why they\u2019re so scary, what you can do to defend against them (spoiler alert: avoid dark basements and cornfields), and how businesses are pivoting in reaction to them.\u00a0<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Top 3 Scariest Scenarios (and Why They\u2019re So Scary)<\/strong><\/h2>\n\n\n\n

Survey Background<\/h3>\n\n\n\n

First, to give you a better picture of who we talked to and how they answered, we\u2019ll briefly cover our survey methods.<\/p>\n\n\n\n

探花大神 conducted this survey in October 2021 via Propeller Insights with 509 US and 503 UK respondents. In terms of office setup, 40.6% of respondents work in the office full time, 32.5% work fully remote and 30% work in a hybrid-remote environment.<\/p>\n\n\n\n

Among many other questions about their experience as an IT professional, we presented respondents with 9 different IT scenarios and asked them to rate them on a scale of most scary to least scary. The overall scores went from a not-so-frightening score \u2014 around 3,000 \u2014 all the way to a truly terrifying 6,500. Respondents\u2019 top IT fears were overwhelmingly listed as security breaches, hacker attacks, and ransomware attacks. <\/strong><\/p>\n\n\n\n

The rundown of all presented scenarios and their scores is as follows: <\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n
  1. Security breaches: 6,381<\/em><\/li>
  2. Hacker attacks: 6,336<\/em><\/li>
  3. Ransomware attacks: 6,240<\/em><\/li>
  4. Cloud service outage: 5,071<\/em><\/li>
  5. ISP or CDN outage: 4,728<\/em><\/li>
  6. A down server: 4,641<\/em><\/li>
  7. Your device going down: 3,622<\/em><\/li>
  8. The boss\u2019s device going down: 3,571<\/em><\/li>
  9. A lost mobile device: 3,448<\/em><\/li><\/ol>\n\n\n\n

    In addition, when asked whether they felt overwhelmed at work, only 13.4% respondents said no, and 32.1% answered neutrally. That left 54.5% of respondents reporting that they felt somewhat or very overwhelmed at work.<\/strong> This sets the scene of high-pressured environments where IT professionals are working diligently to fend off dangerous \u2014 and, often, likely \u2014 threats lurking around the corner. <\/p>\n\n\n\n

    Because the top three threat scenarios far outranked the rest as the scariest, let\u2019s dive into those three scenarios, including what makes them so serious and how to defend against them. <\/p>\n\n\n\n

    \n
    \n \"探花大神\"\n <\/div>\n
    \n

    \n Tales of IT Terror <\/p>\n

    \n Find out what spooks IT professionals the most in this 2021 survey infographic. <\/p>\n <\/div>\n

    \n Download Now<\/a>\n <\/div>\n<\/div>\n\n\n\n\n

    1. Security Breaches<\/strong><\/h3>\n\n\n\n

    Security breaches topped the list of scariest scenarios for respondents \u2014 and for good reason. As of September 30, 2021, this year\u2019s data breaches had already surpassed the total number of breaches in 2020 by 17%<\/a>.  <\/p>\n\n\n\n

    Why So Serious? <\/h4>\n\n\n\n

    Security breaches can encompass foul play as well as human error, which makes them doubly scary and particularly difficult to protect against. Effectively defending against security breaches requires a holistic approach that addresses employee security best practices, implements the right security solutions, adequately equips IT teams, and constantly looks for and addresses vulnerabilities. <\/p>\n\n\n\n

    Notably, while malicious attacks account for many security breaches, the vast majority \u2014 88% of them<\/a> \u2014  are caused by human error. And the consequences can be severe: one respondent reported that this year, they lost \u00a3500,000 in a hack that was executed when an employee clicked on a malicious link. And this is actually a bit lower<\/em> than the average cost of a data breach, which hit $4.24 million<\/a> this year.<\/p>\n\n\n\n

    With so much on the line, the importance of employee preparedness can\u2019t be overstated. <\/p>\n\n\n\n

    Building Your Defense: Don\u2019t Go in the Basement<\/h4>\n\n\n\n
    \"Creepy<\/figure><\/div>\n\n\n\n

    Most of us have seen enough scary movies to know (and the less horror-savvy have heard through the grapevine) that when there\u2019s something fishy going on, don\u2019t go in the basement. <\/em>And yet, characters continue to go into dark basements, creaky attics, and decidedly haunted cornfields. Why?<\/p>\n\n\n\n

    What seems obvious to the expert often isn\u2019t to a lay person in the thick of things. IT professionals could probably recite the signs of phishing emails until they\u2019re blue in the face, and yet, phishing remained a recurring theme in our respondents\u2019 scariest IT encounters. <\/p>\n\n\n\n

    Non-IT employees don\u2019t spend their days thinking about cybersecurity; they spend their days thinking about their role (and their life outside of it). Thus, IT teams need to focus heavily on enabling employees and communicating with them frequently, both to relay best practices and address issues as they arise. <\/p>\n\n\n\n

    Fortunately, many companies have reportedly been doing their due diligence in this regard: the 探花大神 survey found that 81.8% of respondents\u2019 companies regularly communicate best security practices with employees. <\/p>\n\n\n\n

    We\u2019ll address defending against the more malicious security breaches next.<\/p>\n\n\n\n

    2. Hacker Attacks<\/strong><\/h3>\n\n\n\n

    Hacker attacks were ranked the second scariest IT scenario. These attacks fall under a more specific and sinister type of security breach. While hacker attacks can<\/em> prey off of human error, they can also occur even when you and your team do everything right. Hacker attacks can\u2019t<\/em>, however, occur without the cybercrime component. So, what makes cybercrime so serious?<\/p>\n\n\n\n

    Why So Serious? <\/h4>\n\n\n\n

    Just as you and your colleagues likely work to stay on top of IT trends, learn and adopt new technologies, develop new methods for accomplishing goals, and hone your skills on the job, so too do cybercriminals. In fact, cybercrime organizations often operate just like legitimate businesses, which means their employees (a.k.a. malicious hackers) are studying, learning, and growing their skills too. <\/p>\n\n\n\n

    What\u2019s more, the coronavirus pandemic drove many companies to shift to remote work quickly. Cybercriminals have been studying these newly remote environments and learned to spot and exploit common vulnerabilities. For our respondents, where 32.5% worked fully remote and 30% worked in a hybrid remote environment, this poses some serious risks.<\/p>\n\n\n\n

    Building Your Defense: Outsmart the Attacker<\/h4>\n\n\n\n
    \"Magnifying<\/figure><\/div>\n\n\n\n

    Securing your environment against hacking takes more than your traditional antivirus software and firewall (73% of hackers<\/a> say they\u2019re irrelevant). Because hacking is now so strategic and skillful, the only way to protect against it is to be one step ahead of the attackers. And that takes holistic, strategic, and up-to-date security.<\/p>\n\n\n\n

    Implementing security that can outsmart hackers takes significant investments in time, effort, and money, and spans everything from network security solutions to identity and device management. And while the nature of holistic, strategic security means there\u2019s no one-size-fits-all template, there is an approach that you can \u2014 and should \u2014 implement and use as a guide: Zero Trust.<\/p>\n\n\n\n

    Building Your Defense: Trust No One<\/h4>\n\n\n\n
    \"Person<\/figure><\/div>\n\n\n\n

    Zero Trust security<\/a> is a security approach that was developed in response to perimeter security\u2019s decreasing efficacy in an increasingly cloud-based, SaaS-powered business world. Just as traditional antivirus software and firewalls can no longer be trusted, username\/password-based logins shouldn\u2019t be the only barrier to network and resource access. <\/p>\n\n\n\n

    Zero Trust security operates by the mantra, trust nothing; verify everything,<\/em> and prescribes that no one should be authenticated or authorized without being verified securely. This goes for more than a user\u2019s initial login; users must verify themselves separately to access any corporate resource. In addition, Zero Trust security defines secure verification as more than just a password. Rather, it prescribes multi-factor authentication (MFA) everywhere<\/a>. <\/p>\n\n\n\n

    These tactics make it highly difficult for a hacker to gain access, and even more difficult for them to move laterally on the off chance that they do successfully gain access to a resource, protecting resources and preventing an attack\u2019s spread.<\/p>\n\n\n\n

    Read more about securing your remote or hybrid environment with Zero Trust in our blog, Zero Trust Security for Digital Workspaces<\/a>. <\/p>\n\n\n\n

    3. Ransomware Attacks<\/strong><\/h3>\n\n\n\n

    Not far behind hacking attacks or security breaches, ransomware ranked third most terrifying in terms of IT scenarios. Ransomware is a specific type of hacker attack that blocks access to critical assets and holds them for ransom, claiming they will return them in exchange for a sum of money.<\/p>\n\n\n\n

    Everything about ransomware is sinister and scary, but a few factors make them particularly serious threats.<\/p>\n\n\n\n

    Why So Serious?<\/h4>\n\n\n\n

    First off, ransomware demands are usually high \u2014 in the first half of 2021, the average ransomware demand was $5.3 million<\/a>. And that\u2019s up 518% from last year, which averaged $847,000. <\/p>\n\n\n\n

    While these big sums look like they\u2019re fit for big enterprises, that\u2019s not always the case, and small businesses aren\u2019t off the hook. Ransomware attackers go after everything from entire cities (like Baltimore<\/a>) to small businesses, which make up more than half<\/a> of ransomware victims. Over 70 of the survey respondents mentioned ransomware attacks or attempts when asked about their scariest IT experience in 2021 \u2014 one of which had ransomware come up on the company president\u2019s computer. Another reported a ransomware attack on their supply chain, causing national food and water shortages.<\/p>\n\n\n\n

    But wait, we\u2019re not done scaring you yet.<\/p>\n\n\n\n

    Like hacking operations, ransomware operations function like businesses \u2014 except ransomware attackers reap significant rewards every time someone pays their ransom. That funds their next venture \u2014 including sourcing high volumes and caliber of labor, deep espionage, and round-the-clock development so they can work swiftly, deftly, and accurately. <\/p>\n\n\n\n

    Without black market ransom funds powering your security teams, how can you compete? <\/p>\n\n\n\n

    Building Your Defense: Let\u2019s Play a Game<\/h4>\n\n\n\n
    \"Person<\/figure><\/div>\n\n\n\n

    The defenses outlined above can help businesses defend against ransomware. However, focusing on preventative measures without also planning response and mitigation measures in case of an incident is irresponsible. To fully defend your organization against ransomware, you\u2019ll also need to play out what would happen if your organization were hit with an attack. You can do this with table-top exercises (TTX). <\/p>\n\n\n\n

    TTX is all too often overlooked, and it can be hard to gain traction for implementing TTX in an organization. However, table-top exercises are vital to preparing for attacks like ransomware where you need to be able to react quickly and correctly. <\/p>\n\n\n\n

    Table-top exercises are not unlike role-playing games: a facilitator lays out a scenario (i.e., your organization is hit with ransomware), and participants are given free rein to react how they would in a real situation. These exercises help answer many questions and iron out kinks you may not have thought of, like: <\/p>\n\n\n\n