Report indicates a massive increase in hacking attempts on web applications
Indusface, a leading provider of application security solutions for web and mobile applications, has released a list of important statistics related to information security that every website should be aware of. The data points towards an unprecedented rise in hacking attempts, and shows why it has become pertinent for websites to focus on application security.
Mr Venkatesh Sundar, CTO at Indusface explains, “The risk is real and is getting graver with more money being pumped into the online economy. Data breach, malware, blacklisting, phishing, and DDoS attacks are some of the severe risks that companies face today. It is unfortunate that even some of the major online brand names overlook app security and compliance.”
Gartner research has already predicted that increasing adoption of cloud and mobile will drive the security market, which is estimated to $76.9 billion by this year and $170 billion by 2020. Unless companies operate their business in a vacuum, they cannot overlook the risk of hacking.
Here is a list of important security stats that websites cannot afford to miss:
- Thirty thousand websites are hacked daily, which means that around 10 million sites are hacked in a year.
- 32,323 public Indian websites were hacked in 2014 with 14% Y-o-Y increase.
- 155 .GOV and .NIC domains were hacked last year.
- 1,000,000,000 (a billion) personal records were stolen globally last year.
- Around 75% of the data breaches happen at the application layer.
Last year, it was reported that 90% of mobile banking applications were vulnerable to attack.
- 156 million phishing emails are sent every day. The figure crosses 56 billion in a year.
- 16 million emails manage to pass the spam filters successfully every day. Around 800, 000 links in these spam emails are clicked on a daily basis.
- Phishing causes companies an estimated loss of $28.1 billion.
- One phishing attack is carried out every minute. 97% internet population cannot easily identify a sophisticated phishing mail. Advanced phishing attacks use social engineering to extract user information.
- SQL Injection was discovered 15 years ago but it is still the most dangerous vulnerability. It even tops the OWASP Top 10 list.
- Around 97% of all the data breaches across the world happen due to SQL Injection.
- 91% of the websites detected with ‘Critical’ vulnerabilities tested by IndusGuard Web had SQL Injection vulnerability.
- Malware exists in computers of around 40% of the computer users. Malware is the top reason behind sites getting blacklisted by search engines and site index portals.
- There are more than 400, 000, 000 types of malware today. 80, 000, 000 types of malware have been identified recently.
- 97% of all types of mobile malware affect Android devices solely.
- DDoS attacks cost banks up to $100, 000 per hour. 20% of such attacks last for days and even months.
- 87% of the attacked companies were hit more than once.
- Competitors launch DDoS attacks to disrupt business on high sale volume days. It is impossible to detect and prevent all types of DDoS attacks unless traffic to the application is monitored continuously.
- The estimated cost of successful DDoS attack for a company is anywhere between $5,000 and $19,999 an hour.
The above data has been compiled by the Indusface Research Team from various sources including KPMG, The Dark Reading, Forbes, Government of Canada, besides other whitepapers, case studies and Indusface reports.