Cybersecurity Awareness Month Tricks & Treats

With Halloween signifying the end of Cybersecurity Awareness Month, Centri has a handful of spooky real-world cybersecurity statistics (tricks) along with recommended tips (treats) to help avoid falling victim to these scary scenarios.

Trick: 95 % of cybersecurity breaches are caused by human error.

(World Economic Forum)

  • Treat: Entity-wide cybersecurity awareness training programs and anti-phishing campaigns are of the utmost importance. Regularly educating workforce users to be vigilant against warning signs is a critical factor in preventing human-enabled vulnerabilities that attackers look to exploit.

Trick: 68 % of business leaders feel their cybersecurity risks are increasing.


  • Treat: A cybersecurity risk assessment should be performed at least annually to keep up with the evolving threat landscape and help identify new or unmitigated risk areas. A significant number of organizations do not perform cyber risk assessments regularly, or at all, and as a result, are not aware of their critical-vulnerability risk areas that need addressing.

Trick: Over 50% of all cyber-attacks are done on small and medium-sized businesses (SMBs) and 70% of small businesses are unprepared to deal with a cyber-attack.


  • Treat: Many SMBs often have the mentality of “they won’t come after us, they want the big fish”. But, cybercriminals are looking for the easiest targets. SMBs are less likely to dedicate adequate resources toward cybersecurity risk management, which makes them easy targets for attackers to wreak havoc.

Trick: The average ransomware payment skyrocketed 518% in the past year to $570,000 and the average cost of a ransomware recovery is nearly $2,000,000.

(GRC World Forums)

  • Treat: Ransomware attackers typically penetrate information systems through clicked on phishing links, compromised user credentials, or by exploiting known system vulnerabilities. The best ways to help combat these attack vectors are through security awareness training programs and formalized patch management programs to ensure that information systems are running on the most up-to-date supported versions.

Trick: 54% of SMBs do not use multi-factor authentication (MFA) for their business.

(Cyber Readiness Institute)

  • Treat: MFA drastically mitigates the risk of unauthorized access via compromised user credentials. However, due to the increased sophistication of cybercriminals, organizations should now avoid using SMS (i.e., text messaging) as a one-time code authentication factor when utilizing MFA to access information systems.

Trick: 90% of security leaders think their organization is falling short in addressing cybersecurity risk.


  • Treat: Organizations in which the Board, Audit Committee, and senior executives place a noticeable emphasis on addressing cybersecurity trends much more favorably in terms of avoiding security incidents and lowering the cost of breaches. Allotting an adequate budget to IT and Information Security is a critical governance step towards creating a secure control environment.  

Trick: More than 77% of organizations do not have an Incident Response plan.


  • Treat: An Incident Response Plan (IRP) is one of three critical pillars within the Crisis Management suite of policies; with the other two being Disaster Recovery (DR) and Business Continuity plans (BCP). While DR and BCP help get systems back and running and help continue operations in the event of an outage, the IRP should be established as a plan to respond to and limit the risk of negative consequences. Testing the IRP with the necessary stakeholders is often an overlooked step and can be the difference between the IRP being effective or ineffective when put into use during a crisis.

Trick: 54% of Companies do not require vendors to provide proof of cybersecurity as part of their RFPs.

(ACA Compliance Group)

  • Treat: Establishing and maintaining a robust vendor management program is a key consideration for mitigating vendor-related risks. This may include the establishment of a vendor risk management policy for onboarding and monitoring vendors, vendor risk ratings, compliance with internal control reports and SLAs, and requirements for the completion of cybersecurity validations. Assigning an “owner” of the vendor management program is also a key differentiator between successful and ineffective vendor risk management functions.

Trick: Software vulnerabilities increased by 20% last year (HackerOne) and 90% of all common vulnerabilities and exposures (CVEs) uncovered could be exploited by attackers without any technical skills.

(Redscan Labs)

  • Treat: A formalized patch management program is the best way to help ensure that all information systems are kept up-to-date with the latest security. With a stronger emphasis often placed on patching workstation operating systems, patches to applications, servers, and firewalls are often overlooked and present an easily exploitable vulnerability for attackers.

Trick: Cyber insurance premiums increased by an average of 28% in the first quarter of 2022 and are expected to keep rising.

(Council of Insurance Agents & Brokers)

  • Treat: Completing a cybersecurity risk assessment and addressing high-risk gap areas is the best way to lower the soaring costs of cyber liability insurance by showing insurance companies that you take cybersecurity seriously, and lessens your likelihood to be classified as a high-risk, and high-priced policyholder.

How Centri Can Help

At Centri, our IT risk and cybersecurity advisory services are designed with your greatest assets in mind — your people. We’re here to offer you the support, resources, and expertise you need, exactly when you need it most. Our advisory experts work alongside your senior leadership to help understand your current needs and align them with the right solutions. Please contact us for more information or to explore how our expertise in cybersecurity risk management aligns with the specific needs of your company.

About Centri Business Consulting, LLC

Centri Business Consulting provides the highest quality advisory consulting services to its clients by being reliable and responsive to their needs. Centri provides companies with the expertise they need to meet their reporting demands. Centri specializes in financial reportinginternal controlstechnical accounting researchvaluation, and CFO and HR advisory services for companies of various sizes and industries. From complex technical accounting transactions to monthly financial reporting, our professionals can offer any organization the specialized expertise and multilayered skillsets to ensure the project is completed timely and accurately.

For more information, please visit

Philadelphia Office

Eight Penn Center
1628 JFK Boulevard, Suite 500
Philadelphia, PA 19103

New York Office

530 Seventh Avenue
Suite 2201
New York, NY 10018

Boston Office

50 Milk Street
16th Floor
Boston, MA 02109

Tysons Corner Office

1775 Tysons Blvd
Suite 5136
Tysons, VA 22102

Colorado Office

8310 South Valley Highway
3rd Floor
Englewood, CO 80112

Raleigh Office

4208 Six Forks Rd
Raleigh, NC 27609

Centri Virtual