Must-Know Cybersecurity Statistics

Cybersecurity is the top of the discussion queue within the IT channel. Businesses and governments worldwide have turned a sharp eye toward rising cyber threats. Many have learned the hard way that small businesses are frequent targets of cyberattacks. The idea of targeting a victim itself has come into question, and more realize that widespread, indiscriminate attacks are the status quo.

Cybersecurity statistics

Web applications

Web applications have become an integral part of how businesses operate. Our analysis found that critical and high-risk findings accounted for less than of overall findings. This shows that the number of medium-risk findings per application is considerably higher than high and critical findings. It is alarming that cross-site scripting findings account for half of the high-risk findings.

Infrastructure

The number of unique critical findings in external infrastructure is less than in internal infrastructure. This indicates that organizations focus heavily on vulnerabilities in their external infrastructure because of the notion that threats come from external-facing systems.

Mobile applications

Mobile applications have gained increasing acceptance by organizations. Organizations rely on Android and iOS apps to deliver a targeted experience for their audience. For Android apps, critical and high-risk findings accounted for of overall findings. iOS apps, the same number stands at. It is pertinent to note here that less than of organizations that we worked with opted for mobile app pentesting services.

APIs

Application Programming Interfaces offer a seamless experience for users and businesses by connecting one application with another. While APIs become popular, breaches continue to occur due to existing vulnerabilities in APIs.

Cyber attacks by industry

Banks and financial institutions: Contain credit card information, bank account information, and personal customer or client data.

Healthcare institutions: Repositories for health records, clinical research data, and patient records such as social security numbers, billing information, and insurance claims.

Corporations: Has inclusive data such as product concepts, intellectual property, marketing strategies, client and employee databases, contract deals, client pitches, and more.

Higher education: Hold information on enrollment data, academic research, financial records, and personally identifiable information like names, addresses, and billing info.

Conclusion

All the stakeholders must unite to make cyberspace a better place to do business. As threats continue to evolve, organizations must understand the bigger picture. Through the First Annual Report on pentesting intelligence, we hope to provide visibility into this big picture.