20 scary cybersecurity facts and figures for a haunting Halloween

October is Cybersecurity Awareness Month (CSAM) in the US and Canada and European Cybersecurity Month (ECMS) on the other side of the pond. These campaigns represent a great opportunity to share best practice and improve awareness of all things cybersecurity among businesses and consumers alike.

But October is also the scariest month of the year. So with Halloween just around the corner, it seemed like a good idea to combine the two events, and share 20 top facts and figures to scare the wits out of anyone who values their security. Why 20? Because 2023 marks two decades of CSAM.

This year’s CSAM has a very simple four-pronged message for improving your security:

• Use strong passwords and a password manager

• Turn on multi-factor authentication (MFA)

• Recognize and report phishing

• Update your software

Our top 20 spooky security facts that will haunt you

With the above in mind, here are 20 terrifying security facts to keep those tips top of mind:

• Phishing was the most common form of cybercrime against businesses and consumers last year, according to incidents reported to the FBI. There were 300,000 in total reported in 2022, although even this likely represents just the tip of the iceberg.

• Phishing attacks use many lures. The most common in the first half of 2023 was social media-themed lures, according to ESET Threat Report H1 2023. These accounted for 37.5% of all phishing websites.

• Username/password combinations are in high demand, because they can grant hackers access to your online personal and banking accounts. One 2022 report found more than 24 billion such combinations on the dark web, up from 15 billion in 2020.

• Software updates are essential to fix newly discovered vulnerabilities which cybercriminals can otherwise exploit. Last year, a record number

•  of these vulnerabilities were discovered and published: 25,096.

• Some 80% of vulnerabilities reported in 2022 were either medium or high severity, with 16% deemed critical. However, even non-critical vulnerabilities can be exploited by cybercriminals to damaging effect.

• Phishing continues to be a big money-maker for cybercriminals. In 2022 alone it cost consumers and businesses over $52 million, according to the FBI.

• MFA is a great way to mitigate the threat of phishing and secure your online accounts. Yet 44% of Americans are only “somewhat familiar” or have not heard of it at all, according to one study.

• It’s not particularly surprising then that only 2.6% of X (formerly Twitter) users have MFA switched on to protect their account from phishing. Social media is a popular target for cybercriminals, so you should guard your accounts from illegal takeover.

• Not all types of MFA are created equal, because hackers can intercept codes sent over text with relative ease. Yet SMS is still the most popular form of MFA. On Twitter (now X), it accounted for 74% of MFA in 2021, followed by the more secure options of authentication apps (29%) and security keys (1%).

• It’s important to use unique, hard-to-guess credentials for all of your accounts. A 2022 study by Digital Shadows found that 40 of the top 50 most common passwords can be cracked in under a second.

• According to the same study, nearly one in every 200 passwords is “123456,” which can be easily guessed by cybercriminals.

• It’s crucial to change your passwords if they have been involved in a data breach. Yet according to one 2021 study, less than half (48%) of breach victims change the passwords on the breached account.

• Password reuse is dangerous as it can enable hackers to open many of your accounts with a single stolen credential. Yet just 15% of consumers use a unique password on each account.

• Stolen credentials can have a critical impact on your digital life and finances. Over half (55%) of identity crimes stemmed from compromised passwords last year.

• Identity fraud stemming from stolen passwords can even cause emotional and psychological problems. Nearly a fifth (16%) of US victims reported thoughts of suicide when interviewed this year.

• When cybercriminals get hold of your passwords, they can hijack your social, banking and other accounts. Over a fifth (22%) of US adults have been a victim of account takeover (ATO), according to one 2021 study.

• Account takeover can cost victims dear: the average financial loss from financial ATO attacks is nearly $12,000.

• As awareness grows, concerns over cybersecurity are also increasing. Nearly half (46%) of Americans feel confident about the security of their online accounts and 56% are more concerned about their online safety than ever before, according to Google.

• Password resets are important if you’re concerned your account may have been breached, or an organization you do business with notifies you of a breach. A fifth (21%) of Americans reset their passwords every day or multiple times a week, which may imply that they rely too much on memory.

• Password managers are a great way to store long, strong and unique passwords for every app and site. Yet, according to the same survey, only 44% of Americans currently use one.

Remember: good cybersecurity is for all year round, not just for Halloween. So update your software when prompted, choose strong and unique passwords or passphrases and store them in a password manager, switch on MFA on all accounts that offer it, and get familiar with tell-tale phishing tactics. Stay safe.