29 March 2022
In the UK, 83% of businesses have experienced phishing attacks in the past year, and with this number ever increasing, we can certainly expect more data breaches to follow in 2022.
We all know that a data breach can not only wreak havoc on your organisation and expose confidential, sensitive, or protected information, but can also be extremely damaging for your reputation.
What happens to your data once you have been breached? Your data is often sold to an unauthorised person or various cyber criminal groups on the dark web. Once your data is on the dark web, it’s difficult to know how much has been exposed, sold or even stolen.
Prevention is better than curing, and this is why many organisations need to look at their own risk from data breaches and ask the question, is our organisation exposing itself to being exploited? Are we allowing too many staff access to too much corporate information? Also, do we need to provide basic cyber training to employees in order to identify a potential data breach threat, such as a phishing email?
The truth is, anyone can be at risk from a data breach — from individuals in your organisation, to high-level enterprises and national governments.
Data breaches can often be pinpointed to two main weaknesses in an organisations posture. Weak Cyber Infrastructure and user behaviour.
Remote or home working is a great example of user behaviour becoming a risk. Many employees around the world are working remotely, some are using guest Wi-Fi in different locations, others are using their home networks. These alone create a risk for data breaches. This can be down to many of your employees’ computers, tablets, and mobile devices having more connective features, and this means there’s more places for your data to slip through and become exposed. It’s often said that new technologies are being created faster than we can protect them.
Often when a data breach takes place, it’s simply too late, your sensitive data is now in the hands of cyber criminals. Whether you are offline or online, hackers can get to you through many different means such as the internet, Bluetooth technology, text messages, also known as (Smishing), or via any other online service or platform that you use, more often than not, you’re likely to be attacked via a sophisticated phishing email, that an employee deems genuine.
The cyber team at Askaris always warn their global clients that without proper attention to detail, a small vulnerability can cause a massive data breach in your organisation. This is why Askaris are trusted to protect some of the biggest and best private and public sector organisations worldwide.
How do data breaches happen?
There is an assumption that data breaches are often caused by an outside hacker, but there is also the possibility of internal threats, both sinister and by accident.
Sometimes it is just individuals that have an over sight, possibly clicking on an email that they shouldn’t.
See below some of the ways in which data breaches can occur.
An Accidental Insider. An example would be an employee using a co-worker's computer and reading files without having the proper authorisation or permissions. The access is unintentional, and no information is shared. However, because it was viewed by an unauthorised person, the data is considered breached.
A Malicious Insider. This person purposely accesses and/or shares data with the intent of causing harm to the individual or organisation. The malicious insider may have legitimate authorisation to use the data, but the intent is to use the information in sinister ways.
Lost or Stolen Devices. An unencrypted and unlocked laptop, iPad, mobile phone, or hard drive could be lost or stolen, again this means that this sensitive information has gone missing. Any device that contains sensitive information is a potential data breach threat.
Malicious Outside Cyber Criminals. These are hackers who use various attack vectors to gather information from a network or an individual. It could be a Phishing email which then gains access to the corporate network.
Can we blame remote working for the increase in data breaches?
It would be unfair to blame remote working for being the main cause in the increasing number of data breaches, however they certainly contribute. One of the biggest vulnerabilities that companies are dealing with in the new remote and hybrid workforce era is the increase in sophisticated phishing attacks. These email attacks are from hackers looking to emulate a genuine email within your organisation. Askaris are seeing supply chain attacks on the increase.
In 2021 alone, 80% of IT professionals in a recent survey said that their organisations have faced an increase in the volume of phishing attacks. Unfortunately, more phishing attempts has translated into more phishing attack disasters for many organisations around the globe, and this is now leading to more large-scale data breaches.
Why are more data breaches happening?
As illustrated on the graph above, despite the evolution of security tools within some of the world’s largest brands, the frequency, severity, and complexity of attacks and breaches indicates the scale of the security issues these top organisations face today. It is evident that over time, the breaches have become larger and more frequent., even whilst the security technology has continued to innovate and adapt, to protect organisations, quicker and more seamless than ever before, you are still a target, whether you are a small business or an international corporation.
At Askaris we understand the threat landscape is ever changing. With the adoption of cloud, SaaS and IoT, securing environments has become ever more challenging and threats have become more sophisticated, but with Askaris’ range of 360-degree cyber protection and support capabilities, we can ensure your organisation is ready to face the next cyber attack.
Our extensive heritage and skillset within cyber security enables us to work in close partnership with our customers, looking at their security posture, analysing their security gaps, and identifying best practices, all to ensure your organisations security is robust and resilient.
Askaris work as an extension to our customers IT and security teams, delivering the best solutions to mitigate todays ever changing threat landscape.
To learn more about how we can help protect your organisation, get in contact with us today.
Our customers love us and stay with us because we are a highly experienced team, but we never get tired of hearing it.
References
McCandless, D. and Evans, T., 2021. World’s Biggest Data Breaches & Hacks — Information is Beautiful. [online] Information is Beautiful.
Askaris are the cyber security specialists providing customers with the complete suite of cyber security solutions and services.
Exploring Quantum-Resistant Encryption - Securing our sensitive data against the possibility of future cyberattacks from quantum computers.
Phishing: The Most Dangerous Threat To Your Cybersecurity
Understanding the Importance of Cyber Security In The Manufacturing Sector
Cybersecurity in the Financial Sector: Safeguarding Customer Data and Combating Fraud Whilst Assessing Evolving Threats
Supply Chain Cybersecurity: Protecting Your Business from Third-Party Risks
The Rise of Automotive Hacking- Safeguarding the Future of Connected Vehicles
Your SOC Team Is Overwhelmed? Askaris Cyber Security Can Help Relieve The Burden
Almost 19% of phishing emails bypass Microsoft Defender
Top 5 Attack Vectors to Look Out For in 2022
Askaris and Custodian360 Unite in New Partnership
Cybersecurity for Small Businesses
Hackers are now hiding malware in Windows Event Logs
Enterprise Organisations Are Falling Victim to Social Engineering
Check Point 2022 Security Overview
What happens to your data once you have been breached?
What Is Data Loss Prevention?
Cyber Security and The Common Types of Cyber Threats
The Role of Cybersecurity In The Education Sector
Cyber security challenges in 2022
Cyber security alone, is no longer enough: businesses need cyber resilience
Remove spyware from your computer: Askaris helping users become safer online