OpenText has released its new 2020 Webroot Threat Report revealing that consumer PCs are still twice as likely to get infected as business PCs.
To compile its report, the company analyzed samples from over 37bn URLs, 842m domains, 4bn IP addresses, 31m active mobile apps and 36bn file behavior records.
According to the report’s findings, the reason consumer PCs are more susceptible to infections is due to the fact that many are running outdated operating systems such as Windows 7 and because consumers aren’t employing the same security solutions used by businesses which offer greater protection.
Of the infected consumer devices analyzed by Webroot,more than 35 percent were infected over three times and nearly 10 percent encountered six or more infections. The continued insecurity of consumer PCs also underscores the risk businesses face by allowing their employees to connect to corporate networks from their personal devices.
Increase in phishing and malware
Over the course of last year, Webroot observed a 640 percent increase in phishing attempts and a 125 percent increase in malware targeting Windows 7.
Facebook, Microsoft, Apple, Google, PayPal and DropBox were the top businesses impersonated by cybercriminals or phishing sites last year. However, phishing sites also impersonated cryptocurrency exchanges (55%), gaming sites (50%), email services (40%), financial institutions (40%) and payment services (32%).
Now that Windows 7 has reached its End of Life, cybercriminals have begun to increasingly target the outdated operating system with malware. Webroot also found that 85 percent of threats hide in a user’s temp, appdata, cache or windir folders though over half of threats (54.5%) on business PCs hide in a user’s temp folders. Thankfully this risk can be easily mitigated by creating a Windows policy to disallow programs from running from the temp directory.
Senior vice president and CTO of SMB and consumer at OpenText, Hal Lonas explained that there is no single silver bullet solution when it comes to cybersecurity, saying:
“In the cybersecurity industry the only certainty is that there is no certainty, and there is no single silver bullet solution. The findings from this year’s report underline why it’s critical that businesses and users of all sizes, ensure they’re not only protecting their data but also preparing for future attacks by taking simple steps toward cyber resilience through a defense-in-depth approach that addresses user behavior and the best protection for network and endpoints.”