Fact: In 2015, antivirus company Symantec detected 430 million new unique pieces of malware that did not exist in 2014 [1].
Fact: Almost 600 million people around the world were affected by some sort of cyber crime in that same year [2].
Fact: 31% of Millennials across the globe are likely to share a password with someone they know [2].
We can go on and on with similar facts and figures but we think we made our point: individual internet users may think they have their cybersecurity covered, yet the hard data points to the opposite.
Things are not very different when we take our sight off individuals and look at businesses. A recent survey on globalization carried out by McKinsey&Company revealed that 8 out of 10 business executives are quite concerned about cybersecurity. In fact, 80% of the 1316 survey respondents place online security in top 3 threats, right after geopolitical instability and the development of consumer-empowering technologies.
Apparently, however, there is a gap of that cybersecurity awareness and actions taken to prevent it. According to data from Ponemon Institute, in 2015 100% of US companies suffered a security breach of some sort – from simple viruses and malware, to web-based attacks, to malicious insiders, to stolen devices.
Why does this happen?
In our opinion, there are three main reasons for that.
The first one is the fact that more often than not we are reactive, and not proactive. We tend to think that security breaches are a terrible thing that only happens to other people and companies and not to us. Security breaches do happen, though, and when we find ourselves victims of one, we take measures – rather than taking measures first and preventing any costly and damaging data loss.
Then comes the human factor and the way human beings behave. According to the Norton‘s Cybersecurity Insights report [2], one in three people globally do not have a password on their phone or desktop computer – but possibly keep sensitive and confidential information on these devices. The technology is there (every computer and smartphone allows for a secure password to be set) – but 30% of people just choose not to take advantage of it for no apparent reason.
In fact, a quarter of all data breaches in 2015 were caused by human error [3] – and while businesses invest more and more in cybersecurity, they seem to be lacking in a simple area: educating employees about the crucial importance of privacy and protecting data or assigning proper levels of access (something that we have solved with pCloud Business).
The third and most important reason for the growing internet security threats is the false sense of a job well done when some level of protection is ensured but that level is in fact not enough. Most organizations rely on a single security layer, be it a password or standard encryption. While this is usually enough to turn away less serious attacks, it still resembles an egg: there’s a shell that keeps the contents safe but once that shell is broken, there’s nothing but soft, mushy and helpless information up for grabs.
How can we protect our information better?
It’s simple: we shouldn’t put all of our eggs in one basket. In 2016, a single-layer defense is simply not enough.
The more complex the protection system, the better – and this applies both to personal and business-related information. In fact, this is one of the reasons we developed pCloud Crypto – not only does it offer an unbreakable encryption method, it is also an additional layer of security for anything you keep in pCloud. If anyone is intent on breaking into your data, they would need to hack your regular pCloud password, and then move onto getting into your Crypto folder.
Even if they somehow succeed on the first step and gain access to your pCloud account (which is quite unlikely on its own), they would still face the wall of complex client-side encryption. Intercepting files on their way to and from servers wouldn’t do the cyber attacker any good either as they would get a file that is still encrypted (with pCloud Crypto, the encryption happens on the local device before it is sent to the cloud, and the decryption takes place again on the local device after the data has been downloaded).
Think of it as of a bank vault. To get in, you must go through the bank security first, then somehow break into the vault itself only to find yourself against a locked security box. We’re not saying it’s undoable but it’s a pretty arduous task, likely to be unsuccessful. And this is why multi-layer protection matters.
[1] Symantec Internet Security Threat Report, Volume 21, April 2016
[2] Norton Cybersecurity Insights Report
[3] 2016 Cost of Data Breach Study: Global Analysis Report by Ponemon Institute for IBM