May was another whirlwind of cybersecurity headlines, with climbing cybercrime rates, high-profile data breaches, and eye-opening new research.
Security Topics of the Month
According to a recent consumer survey, today’s customers put a high priority on cybersecurity. The global survey found consumers overwhelmingly feel that businesses aren’t doing enough to protect their information.
- 90% consider a company’s trustworthiness when deciding to purchase a product
- Nearly 60% would avoid doing business with a company that experienced a cyberattack in the past year
- 37% would switch to a competitor if a cyberattack caused a service disruption
- 66% are prepared to leave if operations aren’t restored within three days
- 80% said they shared negative ransomware-related brand experiences with family, friends, or colleagues
The survey results were especially problematic for financial service providers and communications products, two industries that consumers are readily prepared to abandon in the event of a cybersecurity incident.
For companies navigating an already harsh business environment, it’s clear that customer retention may be contingent on their ability to defend their networks from an ever-evolving threat landscape.
An FBI report has quantified the increase in cyberattacks, detailing that the number of reported cybersecurity complaints have increased by more than 4,000 since the pandemic began. The information comes as tech platforms have similarly quantified cyber threats related to their platforms.
Google says that it’s blocking 18 million COVID-19 phishing scams each day, and the US Federal Trade Commission (FTC) has recorded 18,257 fraud complaints related to the Coronavirus, collectively causing $13.44 million in losses.
Companies need to remain vigilant about addressing the most pressing threats, especially phishing scams, during the pandemic. However, agencies are also speculating that the significant uptick in cybercrime could be the result of a yet undisclosed data breach, which means that companies need visibility into the Dark Web where stolen credentials or other information could be used in upcoming attacks.
Despite years of advocacy for strong, unique passwords for each digital service, most people continue to reuse their credentials across various online platforms.
It appears people do this because of convenience, not ignorance. A recent survey found that 91% of consumers recognize the risk of reusing their passwords across multiple platforms, but 66% continue to use the same passwords anyway.
People are still making weak and easily guessed passwords, too. At the same time, 53% have not changed their passwords in the past year, leaving multiple platforms vulnerable to the treasure trove of login credentials available on the Dark Web.
Users who reuse passwords are primarily concerned with the hassle of a reset – 60% are worried about forgetting their login credentials, and 52% want more control over their passwords.
However, there are things you can do to mitigate the risk of password compromise through password reuse and weakness. Offer things like single sign-on, two-factor authentication, and other password-oriented enhancements. Also, enforce stricter password reuse and sharing policies.
Verizon’s 2020 Data Breach Investigations Report shows that threats continue to grow and lays out a few facts that make it easier to quantify the importance of strong security, especially when supporting a remote workforce.
More than two-thirds of all data breaches are attributable to just three factors: credential theft, social engineering attacks like phishing scams, and human error.
Insider threats are a constant problem in the breach landscape, and that hasn’t changed. While we usually think of threats as coming from outside an organization, malicious insider threats are incredibly devastating and need to be a major concern.
While today’s threat landscape is ominous and expansive, Verizon’s latest report makes it clear that businesses can make significant improvements to their defensive posture by prioritizing the most prescient risks in a comprehensive digital risk protection strategy.
Businesses hoping to rely on cybersecurity insurance coverage to offset the cost of a data breach may have a more difficult time recouping their losses. According to The Wall Street Journal, insurers are becoming increasingly critical of cybersecurity-related claims. Specifically, companies are adding questions to surveys used to calculate premiums and assess damages.
In some ways, this change is the result of a rapid shift to remote work. Remote work comes with many cybersecurity risks, and insurers are hedging their bets, assuming that they could incur an influx of claims as companies fail to grapple with the ramifications of remote work.
For businesses, this is a reminder that they shouldn’t rely on cyber insurance to bail them out if they have a cybersecurity incident. Instead, they should invest in the tools that can prevent a cybersecurity incident in the first place.
The Month in Breach
A ransomware attack on the law firm Grubman Shire Meiselas & Sacks has compromised the highly sensitive personal data of dozens of high-profile clients including tech giants, A-List celebrities, and sports stars.
The law firm lost 756GB of client data in the attack. Cybercriminals are threatening to release the information unless the firm pays a ransom, believed to exceed $20 million. This attack reflects a ransomware trend: hackers steal company data and demand payment. Until now, many were content to simply encrypt an organization’s network in hopes of being paid for a decryption key.
Cybercriminals obtained extremely detailed private information about the firm’s clients, including names, contract details, phone numbers, email addresses, personal correspondence, legal filings, and non-disclosure agreements. This information is often used to perpetuate blackmail, spear phishing attacks, identity theft, and other crimes.
Hackers were able to access a database containing customer data and sold the information on the Dark Web. The database, which was lifted in a data breach in early May, contains the personal data of more than 8 million customers. The database stored email addresses, encrypted passwords, partial credit card information, genders, ages, and subscription information.