This year is shaping up to be a record setter in terms of data breaches. There were 491 incidents in the US in Q2 2021, an almost 40% increase over the same period last year. In fact, the number of data compromises recorded for the first half of 2021 already constitutes 76% of the total incidents for 2020.
The Identity Theft Resource Center, a non-profit organization that provides assistance to victims of identity theft as well as risk reduction for companies, has just released their data breach analysis report for the first half of 2021.
The report shows that the three biggest sources of data breach this year are:
- Phishing
- Ransomware
- Supply chain attacks
In this article, we take a look at each of these attack vectors, and what organizations can do to plug in the gaps and reduce their vulnerabilities.
Phishing attacks
Phishing was the most prevalent form of successful attack in the first half of the year, accounting for 130 of the incidents. Although phishing is not a new tactic, it continues to be extremely successful for malicious actors. In fact, according to Proofpoint, 75% of organizations across the globe experienced some kind of phishing attack in 2020.
Of course, not all phishing emails are successful. Run-of-the-mill employee security awareness programs have highlighted, again and again, the importance of looking out for fraudulent emails. To an extent, this has improved employee savviness. Emails with an overwhelming amount of typos, or from an obviously unrealistic email address, are unlikely to cause much damage.
However, cyber criminals know this too. In response, they’ve started making their attacks more targeted, more personalized and harder to differentiate from genuine communications. Using information mined from LinkedIn and other social media sites, cyber criminals can create scarily realistic profiles of co-workers, partners or officials from public health bodies. When an employee receives this kind of email or text, it could appear so realistic that they don’t recognize it as phishing. This is likely why spear phishing emails have an open rate of 70%, per FireEye.
With the increasing stealthiness of these attacks, it’s clear that a tick-box training program isn’t enough. For one, training that is irregular and not engaging is unlikely to stick in the mind of your people. Secondly, a lot of training doesn’t account for the fact that employees receive hundreds of emails per day, making it difficult for them to be constantly alert for cyber threats.
For these reasons, it’s better to incorporate phishing awareness into the daily workflow. Nudges are a popular solution. These integrate into employees’ applications and flag potential risky actions – such as opening an email from an unknown sender, or sharing a file marked sensitive with an external email address.
Ransomware
According to the ITRC, ransomware and malware attacks accounted for 126 of the 410 US data breach incidents in 1H 2021. Verizon’s own analysis found that ransomware was the root cause in 10% of breaches worldwide – a 10% rise from the previous year. Ransomware was also behind the spectacular Colonial Pipeline data breach, as well as the Foxconn attack that compromised Apple’s IP and future product plans.
Today’s malware attacks are becoming more sophisticated and harder to detect with basic cybersecurity functionalities. Because of this, a holistic approach is needed. You need to procure a concoction of cybersecurity solutions, each of which plays an important role in deterring potential ransomware attacks.
This is not to say the basics aren’t important; tactics such as blacklisting and utilizing next generation firewalls play a pivotal role in defending against malware. However, with the proliferation of the cloud, you should also consider deploying a cloud access security broker (CASB). As well as offering dynamic data protection, CASBs offer real-time malware detection capabilities, enabling you to detect and quarantine suspicious activities before they cause any damage to your business.
Finally, if your workforce is remote, then you should also complement your ransomware strategy with endpoint security protection. A good endpoint security solution will be able to catch and trap a malware load on an end device, before it is able to crawl into your network and applications and wreak havoc.
Supply Chain Attacks
Based on ITRC’s data, there were 32 new supply chain attacks in H1 2021. These affected 292 organizations. For cyber criminals, supply chain attacks are especially lucrative, enabling them to steal or ransom data from a large number of organizations in a single attack.
Just recently, managed service provider Kaseya was hit in a ransomware attack that impacted over 1,000 businesses. The company was just one of eight large MSPs that were targeted in a supply chain attack by notorious ransomware gang REvil.
Supply chain attacks are complex to mitigate. Even if your own defenses are robust, if just one of your suppliers has any unmanaged vulnerabilities, this could result in your own systems being impacted. However, despite the challenge, there are ways to hinder this threat.
The first thing to do is to make sure your own cybersecurity estate is in order. Ensuring your data is protected, that you conduct regular penetration testing and that you manage your patches will help to ensure you aren’t the weak link in the proverbial chain.
Aside from this, you also need to manage your supplier relationships with due diligence. In today’s complex digital landscape, most businesses rely on a range of suppliers – be it for logistics, customer relationship management or as a value added reseller. To manage supply chain security, you need to create a detailed picture of your supplier ecosystem, and weigh up the risks and benefits of working with your current suppliers. For example, those who have a direct link to your IT estate or those who handle sensitive data, will likely be considered high-risk, compared to a supplier on the peripherals of your business.
Once you have a strong grounding of who you work with, and the risks, it’s time to strategize. As a starting point, NIST has created a detailed guide for managing cyber supply chain risk, aimed at helping organizations bring structure and oversight to this complex problem.
Conclusion
Ultimately, today’s most prevalent threats combine old tactics with the new. As businesses become more savvy about cybersecurity threats, cyber criminals are becoming more ingenious in their approaches. No matter how small or large your organization, you are at risk – particularly with the rise of domino-style supply chain attacks.
Your best bet at defending your company is to be proactive. By incorporating the right solutions, and instilling a culture of awareness among your employees, you can keep your company safe from a costly data breach.
