The Current State of Information Security

Data Breaches: The New Nightmare of Businesses

In 2022, we had quite a few data breaches ranging from SMEs to large tech companies. These breaches have been a nightmare for their customers and employees. But they've also caused a great deal of harm to the companies themselves.

 In Q3 2022 alone, a total of 108.9 million accounts were breached. This number is a 70% increase over the previous quarter. Here are some of the top breaches and cyberattacks in 2022.

• Microsoft’s Speculated Data Breach 
  

  A hacking group called “Lapsus$” gave potential evidence that they had compromised Cortana, Bing and a few other Microsoft products. It was in late March of 2022. Microsoft announced they had contained the attempt, and only one specific account was compromised. 

   

  Microsoft also stated that no customer data had been stolen. However, this still enforces the idea that cybersecurity should always be on the radar, no matter the size of an organisation or the time and money invested.

• Insider Threat from A Former Employee – Cash App

  In April 2022, the company Cash App explained that a former employee had managed to breach one of its servers. According to Cash App, the hacker had a particular issue with the business and got involved in large amounts of sensitive customer information.

   

  As a result of this attack, the company contacted more than 8 million customers, explaining the incident. It was concluded that account credentials had not been obtained from the attack, but a small amount of identifiable information was gathered.

• Red Cross Data Breach
  
  An attack was made in January 2022 against the Red Cross, attacking some servers hosting information of more than half a million people’s data. The action to take the servers offline was taken to stop the suspected attack. Sadly, at the time of writing, no one has been identified as a culprit for an attack.

Today’s 3 Biggest Information Security Challenges

Every year information security challenges get more complex. If you’re looking for new ways to protect your company, here are the top three challenges you’ll want to keep an eye on.

1. Cybersecurity Attacks

The pandemic dramatically altered cyberspace as most of the world became more dependent on the internet. While businesses worldwide changed their operations to slow the virus spread, cybercriminals adapted to spread other viruses.

In fact, cybercrimes have increased by 600% due to the COVID-19 pandemic. By 2025, we estimate that such crimes will cost the globe $10.5 trillion, which is more than 300% more than the cost in 2015. It is of the utmost importance that companies invest enough time and resources to combat such attacks to reduce the chances of being a part of that statistic.

2. Bring Your Own Devices Security Issues

A frequent by-product of organisations allowing employees to work from home is introducing a more delayed Bring Your Own Device (BYOD) policy. As more people work from home, they may already have laptops or desktops that they wish to use to assist them with their work – especially if the work equipment is slower than the equipment they already own.

BYOD, on the surface for both staff and employees, may seem like a win-win; however, it is not without its risks. Organisations must ensure that they have put the correct actions in place to manage the new threats that BYOD can introduce. Such risks include:

• Unpatched devices that either don’t have the patch installed or (even worse) are out of vendor patching and now no longer receive any form of official security patching.
• A lack of control over where data is located, with the risk of data being duplicated across multiple devices. It can make managing any sensitive data on those devices a real challenge.
• Having a conflict with staff who own such devices when questions around device management come into play. Suppose an employer lets an employee use their phone to access their company email account. Over time, this device will need to be updated to prevent old security vulnerabilities from being exploited.

If the employee refuses or (more likely) forgets to update their device, the device could be more vulnerable to attacks. In addition, requesting a mobile device management (MDM) solution to be installed onto such a device can cause conflict with the staff member over their privacy.

3. Remote Working

Organisations are now offering remote working contracts to their staff more than ever. It was stated that 56% of respondents had worked remotely for less than a year in 2022.

This is great for companies expanding the number of people they can hire, as recruiting employees from other countries is now possible through applicant tracking systems. However, introducing drastic changes in how we work often introduces new risks and challenges.

• Home network setup – because of employees working from home, the security of the network they connect to is now part of the risk surface and must be addressed. A quick win for this is introducing a mandatory VPN for those devices, which creates a tunnel to the organisation’s own network. It should drastically reduce the attack surface for this device (this is the sum of potential vulnerabilities that are exposed in which a hacker can use to obtain sensitive information or carry out a cyberattack).  It will also often result in the device being connected to a static IP address which can be helpful for other internal technical projects.
• Public Wi-Fi – One of the best parts of having a remote working team is that they can work in places outside the office and their homes. This can be a convenient option for many reasons, but it also comes with risks. Employees can connect to unprotected Wi-Fi hotspots where a malicious actor can try to capture sensitive traffic sent through a hotspot (known as a man-in-the-middle attack). That can be mostly resolved by following these actions:

1. 1. Only visit sites using HTTPS.

   2. Disable file sharing on the device.

   3. Log out of accounts once you have finished using them.

   4. Use a Virtualised Private Network (VPN) from a well-established and known VPN provider.

Information security world is evolving, what's next?

As the information security landscape continues to develop at speed, the actionable insights in our special report will be your go-to resources for the InfoSec updates on the horizon. The analyses and expert viewpoints will help you navigate and build your information security roadmap for 2023 and beyond.