The first quarter of 2019 was busy for Cybersecurity professionals in general. Even though people are more aware of cyber-attacks and threats, crimes related to cybersecurity still on the rise and putting companies at risk. According to the last Risk Radar report released by Integrity 360, billions of compromised records, data leaks from cloud misconfigurations and record-setting cyber-threats were some of the main findings for the first period of the year. On the other hand, the lack of qualified professionals is not helping the situation either.
Below some of the highlights from the report:
- 3,542 data breaches were filed since GDPR went into effect.
- Malware, social engineering and other forms of cybercrime cost the average organisation $13 million per year.
- 6,515 data breaches were reported around the world and 5 billion records were compromised
- Data leaks stemming from misconfigured clouds are becoming all too common and putting companies at risk
- Billions of stolen account details and personal records are up for sale on the Dark Web.
- Google and Facebook data privacy failures exposed the fragility of big corporations
- Hackers’ botnets carried out 28 billion credential stuffing attempts over the course of the second half of 2018
Data Protection Commission Ireland first GDPR Report
According to the Cyber Security Risk Radar report, the first GDPR Annual paper released by DPC shows 2,864 complaints were filed and companies notified the DPC of 3,542 data breaches in Ireland since GDPR became effective on May 2018.
More than 60,000 data breaches were reported over the first seven months that the law was in effect in Europe. The largest fine during this period was received by Google, in a total of €50 million, for not giving users enough information about ad personalisation and not gaining legitimate consent.
Cybercrime Costs for Organisations on the Rise
Cyber-attacks, malware, and crimes related to cybersecurity are more and more costly to the companies. Cybercrime costs the average organisation $13 million in 2018, according to Accenture’s cost of cybercrime report. The figure includes resources to detect attacks, investigation costs and acting in security incidents. The number rose by $1.3 million over the previous year. Even though the prevention cost can be high, attacks can cost even more and put the business at serious risk.
Data Breaches and Personal Information
Despite the efforts of the GDPR in Europe along 2018 the number of data breaches still a concern for companies all over the world. Roughly 5 billion records were compromised worldwide as the result of 6,515 data breaches which were made public. One of the potential reasons for data breaches is the lack of multi-factor authentication in place. Businesses that were breached, only 21 percent had this extra layer of security, which is highly recommended.
People, in general, are becoming more aware of the uses of their personal information by the companies and breaches can affect it. In the long term, enterprises need to act faster and protect this important asset if they want to keep collecting customers personal data.
Targeting the Cloud
The popularity of the cloud is placing it in the spotlight for cybercriminals as well. On average 681 million cyber-attacks targeted cloud customers in 2018, according to cloud security provider Armor. Four types of attacks were more popular considering the cloud scenario: leveraging software vulnerabilities, credential-based campaigns, web-based attacks and Internet of Things (IoT).
Some of the recent data leaks brought up concerns about security and misconfigured clouds. The company Dow Jones recently suffered a data leak due to a misconfigured Amazon Web Services (AWS) instance, which revealed information on 2.2 million high-risk trading individuals. At least 800 million email records were exposed through a publicly accessible MongoDB database, just to mention 2 of the cases.
Facing the challenges of today’s businesses, companies are moving faster to the cloud and making the most of their IT resources. The movement required qualified technical professionals ready to face and deal with market reality.
Data Privacy Failures at Facebook and Google
Since the GDPR come to live in Europe, Google was issued the largest fine for its failure to comply with the EU’s data privacy regulations. French Data Protection Regulator fined Google for not collecting genuine consent from users to collect their data.
Facebook was also in the spotlight all over the world to have stored user’s passwords without encryption and in plain text on internal servers that were accessible for employees. The investigative journalist Brian Krebs said that between 200 million and 600 million users were potentially affected.
Both cases exposed the fragility of the companies keeping their client’s data safe and comply with the data regulations. Data privacy is a recurrent source of worry for companies of all sizes and more Countries are expected to join the EU and create their own regulations when it comes to personal data.
Credential Stuffing Attempts
Social engineering might be an old fashion name, but still, one of the best practices to avoid cybersecurity breaches. Encourage employees to follow the best practices for passwords and logins should be standardized to avoid breaches. In the second half of 2018, Akamai security analysts detected over 28 million credential stuffing attempts. Retail companies were the targets, with dedicated botnets able to launch around 115 million login attempts per day. Reuse the same password for more than one place, for example, is a practice that can make it easy for hackers to get personal information.
Email Remains the Most Popular Threat
Old friends still doing some damage as they are focused on social engineering or better saying end user’s vulnerabilities. Emotet is an example of that, while the headlines have been filled with discussions of threats like WannaCry and NotPetya, Emotet has sat in the background for years. This tactic has served it well as it has grown to become one of today’s most successful threat families.
Email remains the most popular infection vector for threat actors to spread their wares, and it will likely remain that way. When we look at Emotet, for instance. Week after week, the attackers behind this threat crank out new phishing campaigns. The same applies to malicious cryptomining, where spam campaigns consistently trick users into downloading the miners onto their computers. And in terms of mobile device management (MDM) threats, it seems plausible that the attacks began through socially engineered email.
It’s not surprising either, given the convincing design of many phishing emails, especially viewed on a mobile phone. And to a busy user, the risk and urgency conveyed by the mail could lead the recipient to take immediate action, overlooking the tell-tale signs of a threat in waiting. It’s no wonder attackers continue to turn to email to help spread their malware.
Lack of Cybersecurity Professionals
While cybercrimes still on the rise and offering a real risk to companies, qualified cybersecurity professionals are not easy to find. The latest ISACA’s State of Cybersecurity 2019 report found out that an organisation can wait three to six months on average to find a suitable candidate for an open cybersecurity position. Over half of the businesses surveyed had an open cybersecurity position and another 69 percent felt they were understaffed. The lack of professionals allied to the increase of attacks and cybercrimes exposes how on average the companies are fragile to these risks.
*The article above was based on the information provided by the Risk Radar report released by Integrity 360.
Cybersecurity Training at New Horizons Ireland
In a fast-paced environment, investing in technical training is the best way to overcome the Cybersecurity challenges. At New Horizons Ireland we provide a wide range of Cybersecurity courses from different vendors and covering all paths that you might want to follow.
In the link below, you can check all our Cybersecurity paths and choose the best option for your career.
Talk to one of our Account Managers to check all your options and possibilities. New Horizons Ireland courses are available in a variety of modalities to attend your needs, such as online live, instructor led in our Dublin classroom and Mentored Learning, which is a convenient way to attend your course at your own pace and availability.
Popular Security Courses
Information Security - EC-Council
View all Security Courses
Subscribe for more!
Like our tips and tricks? Like to get your hands our latest keyboard shortcut cheat sheets? Or want to make sure you never miss our webinars and resources? Well subscribe to our Newsletter now!