With the number of data breaches increasing year on year, organisations are slowing waking up to the realisation that no company is immune to this growing threat.
46% of all UK businesses identified a breach in the last 12 months and the IDC predicts that by 2020, more than 1.5 billion people, or roughly 1/4 of the world's population, will be affected by a data breach.
These statistics are truly frightening and highlight the scale of the problem that organisations across the world are now facing.
It’s a myth that it’s just the big multinational companies that are being targeted, cybercriminals are increasingly going after smaller and mid-size organisations as they tend to have have less money and resources to invest in cybersecurity.
This leaves them especially vulnerable to attack, and research has shown that 60% of these organisations are unable to recover from the devastating effects of a data breach and will be forced to shut down as a result.
Even if a business can weather the storm, the fall-out from the breach can have massive ramifications which can include a drop in share price, loss of customers, financial penalties and damage to reputation.
The steady stream of data breach horror stories in the press has made senior executives sit up and realise that if they want to reduce their chance of being attacked, they need to become more proactive in their approach to data security and look at the areas of their business that need strengthened and protected.
How do Data Breaches occur?
A data breach typically occurs when an unauthorised attacker gains access to a secure database that contains sensitive, protected or confidential information.
There are a host of reasons why hackers want to get their hands on sensitive data, but more often than not, it all comes down to money. Cybercrime is a lucrative business and our data can be used to commit identity fraud or sold on for a nice lump sum on the dark web.
A data breach can also occur accidentally through the loss of a laptop, lost documents or emailing the wrong person but targeted attacks are usually carried out in one of the following ways:
The most frequently used methods include:
Phishing - Phishing remains the most popular social engineering attack due to its high success rate. 72% of data breaches are related to employees receiving phishing emails and the attackers will typically impersonate a legitimate company to trick an employee into disclosing sensitive information.
Malware, viruses and spyware– Malware, viruses and spyware account for 33% of all data breaches. They are installed on a computer when a user clicks on a link, downloads a malicious attachment or opens a rogue software programme. Once installed, attackers can use the malware to spy on online activities, steal personal and financial information, or the device can be used to hack into other systems.
Passwords – Weak and insecure passwords provide an easy way for hackers to gain access to a network. Sophisticated hackers will often use specialist software that enables them to test thousands of possible username and password combinations.
How can I protect my business from a Data Breach?
Organisations need to develop a robust and comprehensive security strategy that will protect sensitive data, reduce threats and ensure the reputation of an organisation remains intact.
To reduce the chance of a data breach occurring, there are a number of steps organisations should take:
For further advice and guidance on how to improve security within your organisation, join us at our webinar on the 17th October 3PM, on ‘A Nightmare on Breach Street – Could a lack of staff education lead to an information security nightmare’. Register here: go.metacompliance.com/halloween18