2023年的十大网络安全事实

我们的网络统计数据首先提醒我们数据泄露的财务成本. 根据IBM的 2022年数据泄露成本报告在美国，数据泄露的平均成本是9美元.4400万美元，是全球平均水平(400万美元)的两倍多.3500万，总体最高. 根据报告, the United States has held the title for highest cost per breach for the past 12 years. 

还有更多 恶意软件 (恶意软件)比以往任何时候都多. Even the widespread use of anti-恶意软件 and antivirus software hasn’t stopped the spread of this persistent threat. 现在有超过10亿个恶意软件, 超过50万(560万美元),每天都能检测到000个新的恶意软件. 最常见的恶意软件程序是特洛伊木马, 一种将自己伪装成合法代码或软件的恶意软件, 哪些构成了所有计算机恶意软件的58%.

考虑到物联网(IoT)的增长, perhaps one of the most concerning items on our list of 网络安全事实 involves the vulnerabilities of cloud computing. 将近一半的人 数据泄露 (45%)发生在云中, but organizations with a hybrid cloud model which is a mixed computing model that combines public and private clouds had lower average costs per breach, at $3.8亿美元，比公共基金(5亿美元)多.200万美元)或私人(400万美元).2400万)云模.

One common thread running through the cyber security threat landscape is the undeniable fact that humans make mistakes. 研究表明，20起违规事件中有19起是 人为错误的结果 以某种形式. 这包括一系列人类行为，如下载受感染的软件, weak or irresponsible password management or failing to install software updates that contain critical security patches.

作为调查网络攻击的主要联邦机构， 美国联邦调查局 利用其功能, authority and partnerships to impose consequences against cybercriminals who attempt to exploit vulnerabilities in information security networks. The FBI maintains an operations center and watch floor that provides around-the-clock support and tracking of cyber incidents. They also leads a task force of more than 30 law enforcement and intelligence agencies called the 国家网络调查联合任务小组 (NCIJTF). 成立于2008年，旨在应对不断变化的网络挑战, the NCIJTF synchronizes the joint efforts of its member agencies that focus on identifying, 追捕和打击网络犯罪分子

利用我们在工作中对电子邮件的依赖， 商务邮件泄露(BEC)攻击 哪些是最具经济损失的网络犯罪. 在典型的BEC骗局中, the cybercriminal might spoof an email account or website to fool victims into thinking the fake accounts are authentic, or send spear phishing emails (attacks intended for a specific person) that look like they’re from a trusted sender but asking them to carry out a task like resetting their password or sending money by wire transfer. 诈骗者还可以利用电子邮件渗透公司网络和恶意软件系统, allowing them to gain undetected access to a company’s financial account information or passwords.

Phishing continues to hold its place at the top of the cybercrime leaderboard and next on our list of 网络安全事实. 随着电子邮件继续成为网络罪犯的主要访问点, 网络钓鱼攻击的数量在2021年增长了34%, 根据 APWG在美国，2022年是创纪录的一年，死亡人数超过4人.700万次网络钓鱼攻击.

The vulnerability of small and medium-sized businesses (SMBs) is well worth examining in 2023. 数据显示 针对小企业的网络攻击 在2020年到2021年之间飙升了150%以上. 

为什么中小企业 对网络罪犯来说很有吸引力的目标? Research suggests their owners often misunderstand the true nature of cybercrime and the tools that hackers use, 所以他们不相信自己会成为一个有吸引力的目标. 事实上，2021年的一项小企业调查发现，56%的 小企业主并不担心 about becoming a victim of hacking in the following 12 months, while 42% said that they were. 关于成为网络攻击的受害者, the survey showed that while 59% of small business owners stated they felt they could quickly recover from an attack, 只有大约28%的人有这样做的实际计划.

What small business owners may not understand is that hackers may use their small businesses as a tunnel to gain access to major companies’ data systems, 就像 2013年目标数据泄露 这暴露了多达4000万客户借记卡和信用卡账户的数据.

Cybercriminals might also believe that small businesses are more easily manipulated into disclosing sensitive information or can be coerced into paying a ransom to recover encrypted files. SMB owners might feel like they don’t have the choice to say no to the perpetrators because they don’t have strict policies in place for backing up their data or procedures for its recovery. 

多次警告 about possible malicious cyber activity against the United States has encouraged the White House to launch  both public and private-sector action plans to fortify cyber security and promote 网络安全意识. 

The White House has urged companies to take a number steps toward fortifying their cyber security, 包括强制在系统中使用双因素身份验证, 部署现代安全工具来搜索和减轻网络威胁, 确保系统打补丁，防止漏洞, encrypting data so it can’t be used if it’s stolen and educating employees in smart cyber hygiene and vigilance.

考虑到人为失误在网络攻击频率中的作用, organizations are responding with 网络安全培训 to help employees spot and avoid phishing and 恶意软件 attacks. 在2022年 网络安全意识研究, 97% of organizations reported implementing some type of 网络安全意识 training in the past year, with most say they are using a combination of phishing simulations and security awareness training.

网络安全的事实清楚地证明了这一点, 网络犯罪继续威胁着信息技术的发展, 中小企业和大公司的软件和数据系统. 如果你正在考虑从事网络安全方面的工作，我们可以提供帮助. 我们的网上 网络安全编程专业学士学位 is designed to give you hands-on learning experiences and help you develop many of the skills you’ll need to protect data and networks from cybercrime. 

在线 网络安全培训 在DeVry这里，你可以学习自己的方式, 平衡你对教育和工作的承诺, 家庭和你忙碌生活中的其他因素. 课程马上就要开始了，所以让我们谈谈如何在下一节课开始.