The 2018 WebRoot Threat Report is worth a read but time is short so we took out the top stats/pieces of research you should be aware of and listed them below.

• 94% of malicious programs (executables) are polymorphic, meaning they change, in order to avoid detection from traditional antivirus/antimalware solutions.
• Windows 10 is almost twice as safe as Windows 7.
• NotPetya uses the EternalBlue exploit to attack the server message block (SMB) and it was responsible for more than $1.2B ofdamage. Actually we detailed some time back the damage was greater than $10B.
• 25% of all URLs in 2017 were malicious, suspicious or moderately risky.
• The top 10 thousand IPs most often associated with malicious activity changed status between benign and malicious an average of 18 times throughout the year to avoid detection.

In short, hackers are getting smarter and thankfully, more recent operating systems are getting better. Every company needs to ensure its systems are up to date, patched and working properly.

Other important information to be aware of is the U.S. is the largest hacker target and the cybersecurity threat to business is worse than ever.

Even the best-designed networks can be breached in this manner. We suggest every company use a phishing simulation tool which tests employees. One alternative, Phish360 is so effective, it has achieved almost 100% click rate when used in various organizations.

The good news is the workers who click can be quickly trained on what to avoid in the future.

Here are other areas all organizations looking to promote a cybersecurity culture need to focus on:

1. Cybersecurity training must be done regularly.
2. Auditing and documentation must be performed regularly to ensure systems are secure.
3. Anomaly detection should be running constantly to detect threats as they emerge.
4. Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.
5. Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.
6. An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.·          

To ensure your organization is safe – even if you have internal IT, hire an experienced MSP or MSSP like Apex Technology Services.

It’s a dangerous world and it is getting worse. Every company must be proactive to stay secure.