After a year filled with data breaches left right and centre, the reports containing breach statistics are enough to make anyone feel uneasy.
The American TV phone and internet provider Verizon instructed their security research division to look into 2,260 breaches reported by various organisations and companies. Having seen data breaches take a centre spotlight in the news throughout 2016, the results don’t surprise us; but they are nonetheless worrying…
Focusing on the discovery of data leaks, Verizon wanted to see how long it would take a company to realise they were subject to a data breach. In over 25% of the reported incidents it took the company more than a month to realise their systems had been compromised.
Different types of breaches range in discovery time
Data breaches that involved physical thefts from administrative mistakes were much easier to catch and companies were therefore much quicker at discovering those. Those data breaches made up around two thirds of the total analysed breaches.
The breaches that took months to over a year to detect were of a more malicious nature. These included breaches considered to be “cyber espionage”, “privilege misuse” and “point-of-sale intrusions”, according to Verizon.
Having a strong password is essential
Looking at attacks from a cybercriminal, Verizon found that 63% of data breaches were due to weak, default or stolen passwords. At the risk of sounding like a broken record player, if you value your data, it’s absolutely essential to protect yourself with strong passwords. If you value the money in your bank account, don’t set your online banking password to ‘bankpassword’ or your birthday. Cyber-attacks happen far too often in this digitally centred world, and sometimes you won’t even be aware of it.
Another startling revelation was the speed it took for hackers to gain access to data. In 93% of hacks, it took less than a few minutes for hackers to make their way into network systems. From there, around 28% of hacks saw data extracted within another few minutes.
Attackers prey on weaknesses
The report also revealed that cyber criminals are relying on weaker human nature to obtain information. Whilst hacking may require sophisticated software, phishing needs only some persuasive words. After this information is obtained, the third parties often hold data at ransom; forcing data owners to pay up or risk sensitive and potentially embarrassing information being leaked and distributed.
Ransomware has increased by 16% since the year before, proving to be increasing in popularity.
Miscellaneous errors the number one reason for leaks in 2017
Verizon found that the number one reason for data leaks in 2016 was “miscellaneous errors”. As seen with multiple hospital data leaks, admin personnel often make very simple mistakes like sending an email to the wrong recipient or ‘cc’ing instead of ‘bcc’ing the recipients. As an example, the 56 Dean Street Clinic saw almost 800 sexual health patients have their email addresses leaked when an admin worker failed to hide them when sending out a newsletter. Whilst the clinic paid out £180,000 in fines, and compensation claims are ongoing, the mortification some patients felt has been hard to measure.
The “three-pronged attack”
A new trend that is rising in popularity is the “three-pronged attack”. This includes:
- Sending out a phishing email instructing or inviting the receiver to click on a malicious link.
- When clicked on, the malware is downloaded onto the clicker’s device, taking a hold of any information it can find.
- Using the stolen information, cyber criminals can then sell it on, use it to log into the data owner’s accounts elsewhere or ransom it.
It is essential that you protect your data as you would take care of your own health. Take action to reset your passwords by varying upper and lowercase letters with numbers and symbols thrown in. Be vigilante in checking your accounts for any suspicious behaviour, and if in doubt, don’t click on any unprompted links that sound too good to be true. In some instances, you can click on the senders legitimate sounding name like ‘Amazon help’ and find that the email address is actually from somewhere else entirely.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.