Common Website Vulnerabilities

2018 witnesses some of the largest cyberattacks ever seen: hacks on the Marriott Group, Equifax, Yahoo, and Facebook all resulted in major data breaches.

Add to this the increased level interference in election processes around the world, and it is clear that we are facing a crisis.

This has been clear for some time, but you wouldn’t know that from the stats. Instead, in 2024 websites seem to be getting less secure.

PT Security found that, at the end of 2018, the vulnerability of web applications was on the rise again, after many years of decrease: they found that 67% percent of web apps had high-security vulnerabilities at the end of 2018, which the most common being Insufficient Authorization, Arbitrary File Upload, Path Traversal, and SQL Injection.

In 2024, that trend seems to be continuing. While you may be tempted to lock yourself inside, unplug from the internet, and never make human contact ever again… we would advise against that.

Instead, you can avoid most of the vulnerabilities listed below by installing a firewall and only surfing the web when connected via a virtual private network (VPN) or opting for a full cyber-security solution that includes a VPN like Norton 360 Deluxe . To learn more on these options, check out our guide to the best VPN services in Canada to choose one that works for you.

That said, let’s look at the latest data.

First, let’s take a look at the size of the cybercrime and cybersecurity economy.

1. The total monetary value of cybercrime is hard to assess, especially given that many companies keep successful hacks secret. But research by Accenture has found that direct and indirect attacks put $5.2 trillion at risk over the next five years.
2. Looking at the other side of the coin, research carried out Global Market Insights puts the size of the cybersecurity market at $300 billion a year by 2024.
3. In the US, cybersecurity is a major sink for government funds. According to the 2020 budget released by the White House, the government plans to spend $15 billion on protecting consumers, businesses, and critical infrastructure in 2020. This is a 4.1% increase on 2018.
4. These are huge numbers, and small businesses are having a hard time keeping up. Juniper Research found that in 2018, the averag small business spent less that $500 per year on cybersecurity.
5. The low level of investment of SMEs in cybercrime is also worrying, because SCORE have found that SMEs are the target of 43% of all cyberattacks.
6. When it comes to detecting and reporting hacks, we are making some progress, but not much. The average time to report data breaches in 2020 was 49.6 days, according to Risk Based Security. This is a little better than 50+ days in 2018, is still concerning.
7. At the broadest scale, cybercrime is still on the rise. The Ninth Annual Cost of Cybercrime survey by Accenture found that security breaches increased by 11% in 2018, and that this is likely to continue to rise.
8. The same survey also took a longer-term look at the increase in cyberattacks, and found that they had increased by 67% over the past five years.

The sheer scale of cybercrime, and the huge numbers involved, can sometimes mean that the victims of hacks – individuals, companies, and even governments – can be forgotten. So let’s look at the real-life affects of cybercrime.

1. The Cybersecurity Ventures Annual Crime Report for 2020 puts some numbers on the consequences of hacks for businesses. They have found that cybercrime damages are expected to cost businesses $6 trillion annually by 2021, a number which they point out “represents the biggest transfer of wealth in human history”.
2. Of this $6 trillion, ransomware damages are the fastest growing. Cybersecurity Ventures say that the cost of ransomware will reach $20 billion by 2021.
3. According to Accenture’s global study, the average cost of cybercrime for organizations is estimated to be $13 million a year.

Cybercrime is a huge problem when it comes to the profitability and sustainability of companies. But successful hacks can also have severe consequences for huge numbers of consumers.

1. Let’s get one thing out of the way: the USA is the number one target of cyberattacks, according to research by Norton. That might be one statistic where US citizens are less than proud of being #1.
2. In the US, more than 60% of citizens have been exposed to online fraud, according to a report by the American Institute of CPAs.
3. Gallup’s annual crime survey looks a little deeper, and has found that the scale of cybercrime in the USA is startling. 23% of Americans report that they, or someone they know, have been the direct victim of cybercrime.
4. The majority of these people fell victim to just a small number of huge data breaches. In 2018, according to a report by RBS, just 12 data breaches exposed more than three quarters of all the records compromised that year. The number of records? More than 100 million.
5. Looking to the future, Juniper Research claim that 33 billion records a year will be stolen by 2021.

Some industries are more likely to be the target of cybercrime than others. In particular, companies that work with critical infrastructure, or sensitive personal information, are the most at risk.

1. At the moment, manufacturers and mining companies are favored targets. A report by Make UK and AIG found that 48% of manufacturers in the UK have been targeted by cybercriminals, and according to Symantec’s Internet Security Risk Report, 38.4% of companies in the mining industry have seen similar attacks.
2. In the future, healthcare companies are going to be increasingly targeted. Cybersecurity Ventures have said that they expect attacks against healthcare companies to increase five times (yes, five times) by 2021.
3. According to Symantec’s Internet Security Risk Report, the public sector is also being increasingly targeted. One in every 302 emails received by public employees in 2020 has been a scam.
4. Malware is also on the increase, particularly in the banking and finance industries. Kaspersky Labs have recently updated their list of malware families to include more than 20 types of malicious ATM software.

Now for the rogue’s gallery: the biggest hacks of 2018 (and early 2020), and the number of victims of each.

1. Actually the biggest hack of 2018 was outside the US. An incredible 1.5 billion Indian citizens had their personal information leaked during a hack on the country’s national ID database. That’s almost everyone in the country.
2. In the US, the largest hack of 2020 was also the largest data breach in history. In March, an It security researcher found a database called “Collection 1”, which contained email addresses and passwords of 1.16 billion people.
3. Facebook seems to have a major data breach every year, and 2020 has been no exception. 540 million records were publicly exposed, according to a report by Upguard.
4. The list goes on. The Marriott Group revealed the personal information of 500 million users in late 2018, and 340 million customer records were released in a breach from Exactis, according to CNET.