Last year was a steep learning curve for many businesses, not least of all when it came to cybersecurity. The pandemic caused a surge of cyber-attacks, many of which were targeted at exposing, stealing and/or selling data harvested during a breach of the victims’ infrastructure. While few of us saw the pandemic coming, it served to highlight how often cybersecurity is overlooked, leading organisations to put their security strategies in the spotlight for the very first time.
In fact, the impact of Covid-19 on security was felt so widely that 96% of businesses shifted their strategy as a result. And the impact looks set to have lasting implications, with half of UK organisations now vowing to consider cybersecurity as part of every business decision.
Data breaches are one of the biggest risk factors for any business. Especially since GDPR regulations came into force, the parameters of safeguarding personal information and sensitive data have been a focus for almost all organisations. The repercussions of a breach, whether accidental or the result of cybercrime, are huge – both in terms of finances and damage to reputation.
Lost or stolen data can be used to facilitate a whole host of further cyber-attacks, which is why it has huge value on the black market. Human error and poor security such as weak passwords can inadvertently leave data exposed, but insider attacks and increasingly sophisticated hackers are contributing to the scale of data theft.
Let’s take a closer look at how 2020 shaped up in terms of data breaches…
Keeping track of data breaches is a tough job. Understandably, many businesses choose to keep incidents of this nature under wraps wherever possible, in order to preserve their reputation. And sometimes although it is known a breach has occurred, the number of records breached remains undisclosed, making it impossible to gain an accurate idea of the true extent over any period.
In 2020 however, the rise of remote working contributed to weakened security for many organisations, and this led to a spike in the number of data breaches, particularly in the first half of the year.
According to Verizon’s 2020 Data Breach Investigations Report, 45% of breaches occur as the result of hacking. Poor security is the second biggest cause of exposed data however, with weak passwords and a lack of multi-factor authentication leaving systems vulnerable. This was exacerbated by the sudden move to WFH in 2020, with millions of employees shifting to remote working on unprotected networks, accessing sensitive data and PII over the internet.
Social engineering gets an honourable mention, mainly due to the surge in phishing scams at the start of the year as cybercriminals scurried to take advantage of Covid anxiety.
It’s difficult to pinpoint the worst breach of the year. Along with many undisclosed breaches, there are also several where the extent is simply still unknown. Most recently, US IT software company SolarWinds fell victim to Russian hackers, causing a breach of such huge scale that the reach is still unknown. With hundreds of thousands of other businesses among SolarWinds’ clients, the breach has cascaded rapidly, and the full extent may take months to confirm.
Other notable incidents include the Travelex ransomware attack from the start of the year and the social engineering attack on Twitter in July that resulted in hackers taking control of several high-profile accounts.
If something good came out of 2020, it’s that businesses are ready to take cybersecurity seriously. No organisation can ever be completely safe from cyber-attacks, but knowledge is power, and a good understanding of the ever-evolving threat landscape is key to building a robust security strategy.
Investment in the right tools to protect your infrastructure is more important than ever, helping you to detect and mitigate threats before your business data is lost or stolen.
Ready to step up your security strategy for 2021?