Data Breaches Aren’t Uncommon 

It’s not just small companies with limited security budgets that have exploitable cyber gaps. Often, in fact, large organizations become targets because of the amount and nature of the data that they hold. Organizations in the healthcare sector, for example, have proven time and again to be a popular targets for cybercriminals.

Another example of a large organization being targeted is Experian. Experian experienced a major data breach in August 2020 where over 24 million records were exposed. The attackers impersonated a client and were able to request and obtain confidential data. Experian claimed that no customer banking information was exposed. Even so, personal information like this could be used in a targeted social engineering strategy to then get Experian customers to reveal further sensitive information such as their banking details.

This isn’t the first major data breach that Experian has had. Back in 2015, 15 million North American customers and applicants had their personal data, including Social Security numbers and ID details, stolen. Perhaps because of this prior experience, Experian understands the risks and are adept at dealing with cyber breaches. They claim that the attacker’s hardware has already been seized and the collected data secured and deleted.

How Much Does the Average Data Breach Cost?

The answer to this question varies between country and is additionally dependent on the sector but in general, can span anywhere from $1.25 million to $8.19 million.

According to the 2020 report from IBM and the Ponemon Institute the average cost of a data breach in 2020 is down 1.5% since 2019 and cost around $3.58 million USD. This works out to be around $150 per record and is a 10% rise over the last 5 years. The report analyzes recent breaches at more than 500 organizations to spot trends and developments in security risks and best practices.

The cost estimate includes a combination of direct and indirect costs related to time and effort in dealing with a breach, lost opportunities such as customer churn as a result of bad publicity, and regulatory fines. Though the average cost of a breach is relatively unchanged, IBM says the costs are getting smaller for prepared companies and much larger for those that don’t take any precautions.

Interestingly, various industries including healthcare appear to be more susceptible targets for attackers. According to the report, healthcare breaches cost organizations $6.45 million per breach, a number that eclipses all other sectors and makes it the ninth year in a row that healthcare organizations have had the highest costs associated with a data breach.

The average cost for per breached healthcare record ($429) is more than double any other industry too and substantially higher than the average, $150, according to the report. Healthcare breaches can often take the longest to identify (up to 236 days) as well.

Data Breaches are Happening all the Time

Data breaches are occurring constantly. Records from large brands with big security budgets and teams as well as much smaller organizations. It’s important that everyone understand the importance of secure digital practices and explores strategies for educating staff to reduce the risk of social engineering tactics.

How do Data Breaches Occur?

Hackers use various strategies to gain access to data. For example, with Experian the attacker leveraged human weakness through social engineering to persuade an employee to give them the data. Other strategies could be exploiting weaknesses such as a misconfigured or unsecured cloud storage. Alternatively a data breach could be the result of a malicious malware or ransomware. 

According to the IBM/Ponemon report around 40% of all incidents were actually due to either cloud misconfigurations or stolen login details. Because of this IBM has urged companies to reexamine their authentication protocol to ensure 2FA is active.

A final note on the ascertaining of data by attackers is around state-sponsored attacks. State-sponsored attacks only make up around 13% of the overall number of attacks according to the report. However, with an average associated cost of around $4.43 million it’s clear that these types of attacks tend to target high-value data and this results in a more extensive compromise of victims' environments.

The energy sector, commonly targeted by nation-states, saw a 14% increase in breach costs when compared to the prior-year period, with an average breach cost of $6.39 million.

How can Organisations Reduce the Cost of Data Breaches?

“The average time to identify and contain a data breach, or the "breach lifecycle," was 280 days in 2020. Speed of containment can significantly impact breach costs, which can linger for years after the incident.” - Source 

By having mitigation measures in place IBM/Ponemon estimate companies can reduce the cost of a breach by an average of $720,000. 

According to their report those companies which had automated technologies deployed experienced around half the cost of a breach ($2.65 million on average) compared to those that did not have these technologies deployed ($5.16 million average). 

Security response times were also reported to be ‘significantly shorter’ for companies with fully deployed security automation – these companies are as much as 27% faster than their counterparts at responding to breaches.

Security tools like OSINT platforms not only enable a faster breach response but a significantly more cost-efficient one as well, which as the security professional shortage persists is of absolute importance.

Final Thoughts

With our increasing levels of digitisation, our growing reliance on the cloud, and the complexity of security systems paired with human error there are more attack vectors than ever before for hackers to exploit. 

A data breach could involve anything from publicly available data being scraped and sold off to spammers, to online banking and credit card information being stolen. The longer a data breach goes undetected the longer the threat actors have to utilize this data causing more harm as time goes on.

Having the right tools and processes in place will allow you to detect data breaches early or even prevent a data breach from happening in the first place. With the steadily rising cost associated with data breaches, this could save an organization millions in the long run.

Whether they like it or not, many organizations have been forced to adopt work from home practices to continue operating. Working from home isn’t new. In fact, between 2005 and 2017 the numbers of people that were able to work from home grew 156%. However, it has generally been seen as a bonus rather than a given and more traditional workplaces have been resistant. 

Despite the fact that 49% of office workers have never experienced working from home before, this experiment has largely been a success. Empowered with communication tools like Slack, Microsoft Teams, Google Hangouts. and Zoom, teams have had deep connectivity even from their own living rooms and many organizations have actually seen increased productivity.

Even so, the challenges of working from home are enormous and are invariably compounded by technological difficulties and poor home security practices.

Security teams, in particular, are feeling the pressure. With numerous workers now operating outside the corporate network security controls, new attack vectors have been opened up which are being exploited by cybercriminals.

Cybercriminals Taking Advantage of the Pandemic

Several security providers have put together data sets which show clear spikes in malicious activity since the beginning of the pandemic. McAfee created its own coronavirus dashboard which shows malicious detections quickly growing from the hundreds into the thousands over the last six months. The most common threat type has been Trojans with Spain and the US being clear outliers in the number of threats detected.

As of August, there were nearly 2 million malicious detections against over 5,500 unique organizations. McAfee go into detail about the families and types of attacks that they’ve seen a spike of cases in since the pandemic began.

WFH challenges for security teams

We’ve established that cybercriminals are taking advantage of the security breaches created by a sudden adoption of working from home but what is it exactly that makes working from home lees secure and what exactly are the security flaws threat actors are targeting?

Working from home doesn’t necessarily mean working from home, it could also mean working from anywhere and many workers have already figured that out. This means workers can (in theory) escape their houses and head out to cafes, restaurants, libraries or other public spaces with free WiFi networks. Zoom, with its virtual background feature, has incidentally supported this. The key issue with this is when workers operate on unsecured open networks. 

Ultimately security professionals have to try and ensure device security and data protection in the work from anywhere model - a challenge made significantly harder with over 50% of employees using their own devices during this period. IT teams have tried to make the security transition easier, with some 70% increasing VPN use among employees, however, 1 in 4 workers according to the Morphisec report were unfamiliar with their company’s security protocols.

This challenge for security professionals has resulted in the majority of security professionals seeing a sizeable increase in workload since their companies began corporatewide remote work. And while most of the transition to WFH went smoothly, respondents reported an increase of security incidents, with the top issues including a rise in malicious emails, non-compliant behavior by employees and an increase in software vulnerabilities.

What can be done to improve WFH security?

Security teams have had years to develop best practices for combating the ever-evolving cyber threat landscape. The sudden move to work from home though has shifted power away from them and brought a greater reliance onto workers who simply do not have the expertise to maintain proper cybersecurity protocols. 

Worryingly, 20% of workers said their IT team had not provided any tips as they shifted to working from home. This has opened exploitable attack vectors and introduced new challenges for security professionals. This though isn’t to say that there is nothing that can be done.

Step 1: Control the WFH Environment

This is all about educating employees about best practice and the reasons for these practices when working from home. For example, informing them not to use open networks.

Step 2: Control the WFH Computer

It’s a good idea to supply the computer being used so that you can install the proper security softwares and control access to sites which might offer security risks as well as maintaining control over permissions.

Step 3: Improve your Phishing Responses 

The crossover between home life and work life extends beyond the location. People are more likely to spend time on social media networks and working on private projects than they would be if they were in the office. This opens them up to more phishing campaigns so it’s important they know how to avoid falling for them.

Step 4: Restrict Remote Access to Sensitive Documents and Data

Lockdown permissions and access to sensitive documents and data. If they really need access they can communicate this need with you directly and you can ensure it is done securely and safely. 

Step 5: Monitor Surface, Deep and Dark Web for Emerging Cyber-Threats

Use an OSINT tool like Signal to monitor for cyber threats, planned attacks and data breaches.

Step 6: Encourager VPN Usage

VPNs are a simple and easy way to improve security. It’s worth ensuring the company has a quality VPN service that doesn’t slow a users internet connection unnecessarily as this might persuade workers to turn it off.

Step 7: Don’t Allow Split-Tunnels

Split-tunnelling allows a user to access networks through both the encrypted VPN service and a potentially unsecure network simultaneously.

The Role of Threat Intelligence for Improving Work From Home Cybersecurity

One of the key benefits of using an OSINT solution like Signal is the ability to create customized searches with Boolean logic to uncover hyper-relevant threats in real-time with SMS and email alerts. 

Ways that this has been used in the past to improve cybersecurity include:

• Early detection of data breaches. The average cost of a data breach in 2020 is $3.86 million. The earlier you catch a data breach the faster you can take action to mitigate the associated financial and reputational damage.

• Discovery of new cyberattack strategies, exploit kits, phishing tactics which were talked about or for sale on the dark web.

• Organizations have uncovered attacks that are yet to be carried out. This is true for both physical attacks against an asset or person as well as cyberattacks. For example, details of a phishing strategy and the targets within the organization were discovered after being talked about in a darknet forum. 

• Monitor employee online activity. For example, this can allow security teams to identify employees who have been targeted and even blackmailed by cyber attackers for access to company data.