Are increasing data breaches leaving consumers desensitised?

Cyberattacks are on the rise, with novel cybersecurity risks emerging as companies are currently forced to do business in unprecedented ways. By Stefanie Wood Ellis, AntiFraud Product & Marketing Director, OpSec Security.

  • 3 years ago Posted in

Since July 2020 alone, both Canon and Garmin were among those to hit the headlines after suffering ransomware attacks. Canon’s online systems were breached, taking down its US website and possibly facilitating the theft of large amounts of personal data. In the case of Garmin, the attackers used malicious software to encrypt the files on its corporate network and demanded a ransom be paid in order for the files to be decrypted. This trend is concerning, particularly with much of society conducting almost all aspects of their lives online in the current climate.

Unfortunately, the frequency with which these incidents appear to be taking place is causing many people to become desensitised to them. In fact, there is a growing belief among consumers that their data will eventually be breached, but this is paired with the expectation that organisations, such as banks, retailers and travel companies, will ultimately have the protections in place to safeguard that data. And, if their details do get leaked, there’s an expectation that through credit card protections or regulatory insurance, the consumer will be protected (reimbursed) from the financial losses when the loss is through no fault of their own.

With consumers now using a growing range of online service, from banking to grocery shopping, arguably more so now due to the COVID-19 pandemic, they are increasingly expecting businesses to protect them and their data. In fact, 72% of consumers believe businesses, not governments, are best equipped to do this. Consequently, organisations need to do more to protect consumers’ data and give them the peace of mind that even if they do suffer an attack, they won’t be personally impacted. This requires businesses to begin to proactively monitor for threats.

Understanding vulnerabilities

For brands to protect their business and customers against the threat of cyberattacks, it’s vital they understand where their vulnerabilities lie and where threats may be coming from. Getting ahead and identifying any weak spots early in a brand’s online presence will in turn allow organisations to gain a comprehensive view of any vulnerabilities and creates an awareness of the types of threats they are facing before they can happen.

As part of this, it’s essential that businesses monitor all the different avenues through which threats could arise, such as the Dark Web and other online platforms, to understand whether their brand is being misused and how it’s happening and enable them to take action. For example, by using a Dark Web monitoring service, businesses will be able to see whether their IP address has been listed for sale which would indicate that they may be vulnerable to being hacked or compromised.

Raising employee awareness

Businesses must also educate their employees to ensure they can recognise the different types of threats they may be susceptible to and how they can escalate. Malicious emails are one of the most prevalent threats for businesses, with small businesses receiving an average of one malicious email in every 323 sent and 76% of businesses have reported that they were a victim of a phishing attack in 2018. Unfortunately, employee-targeted phishing scams are often the gateway to Advanced Persistent Threat (APT) attacks which can lead to businesses being infiltrated by malware to steal intellectual property, including customer data.

To better protect themselves, organisations should increase awareness of how different individuals may be targeted, such as accounts payable being targeted by scams that impersonate senior executives asking for money transfers. Meanwhile, payroll employees may be asked for tax records which contain a lot of personal information about employees, and HR may receive PDFs disguised as CVs but that actually contain malware.

Businesses need to get one step ahead of attackers by educating employees to recognise phishing attacks and threats and the different avenues hackers could take. This should include introducing processes so that employees know how to check if emails are coming from a legitimate source.

Take responsibility for consumer protection

It is the obligation of organisations to do all they can to keep consumer information safe especially as many ask customers to store their credit card details with them in order to make the processes of purchasing items as quick and simple as possible. They will be best able to protect both their business and consumers by taking a proactive approach to cybersecurity whereby they educate employees and consumers, introduce new protocols, and monitor their brand for threats.

 

By Barry O'Donnelll, Chief Operating Officer at TSG.
By Dr. Sven Krasser, Senior Vice President and Chief Scientist, CrowdStrike.
By Gareth Beanland, Infinidat.
By Nick Heudecker, Senior Director at Cribl.
By Stuart Green, Cloud Security Architect at Check Point Software Technologies.
The cloud is the backbone of digital cybersecurity. By Walter Heck, CTO HeleCloud
By Damien Brophy, Vice President EMEA at ThoughtSpot.