Lessons from Large Data Breaches

There were more data breaches in 2020 than in the 15 previous years combined. The pandemic in the news, employees working remotely, and criminals following the money were all factors in the increase. Large data breaches in the news also forced businesses to revise their cybersecurity budget. Spending on cybersecurity grew 10% in 2020, spending on cloud infrastructure was up 33%, and notebook PC shipments were up 17%.

Research into the breakdowns from large breaches revealed people are still the problem. Phishing was the leading attack vector by more than two and a half times the next leading vector, malware. According to the FBI, there were more than 241,000 reported phishing victims in 2020. Criminals use phishing to steal PII, or financial information, but businesses owners are concerned with login credentials.

Hackers use stolen credentials to access web applications or databases where they steal and encrypt customer information, proprietary business strategies, or even government information. They get the login credentials largely through phishing attacks on employees.

However, Phishing attacks can be prevented through training and testing. A recent study ran a simulated phishing attack on two companies. The first provided annual security awareness training since 2016, the second did not have an awareness training program. The first company had one person click a link in an email. The second, without the cybersecurity awareness training, saw 7% of users click the malicious link.

The breakdown is getting federal attention. Carole House, the director of cybersecurity for the National Security Council said, “For too long, both public and private sectors have failed to take the necessary steps to implement basic cyber hygiene practices and cybersecurity defenses.” She highlighted poor cybersecurity practices from individual companies to software developers. “Whether government, large corporations, small companies, or critical infrastructure, all of us can be targets of malicious nation-state or cyber-criminal actors,” House said. “More importantly than just being a target, everyone has a role and a responsibility to defend against these threats. So, these partnerships between public and private sectors are only growing more critical to the safety of our nation in cyberspace.”

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.


Posted by Charles Wright