Looking back at the development of cyber-attacks throughout 2018, three cybersecurity experts met at a UKFast Webinar in Manchester, England to talk about the year’s largest breaches and to determine what the businesses in the UK and the world can learn from them.
The three cybersecurity experts were Annabelle Gold-Caution; Associate at European law firm Fieldfisher, Paul Mason; IT Security, Education and Training Specialist at cybersecurity firm Secarma and Noha Amin; Information Security Awareness Manager at TalkTalk.
They determined that there are three areas to consider. First, the most usual attacks come from inside a business. Case in point is that of the Morrison company which was ruled liable for 100,000 employees whose personal data was breached by a disgruntled employee.
Annabelle Gold-Caution, said: “The risk of business owners being held responsible for data breaches caused by employees must be considered in security policies, and mitigated by implementing strong data access permissions.”
Recommendations are for companies to tighten access privileges to critical data and reduce the risk of unauthorized data sharing.
The second cause for cyber hacks come from exploited network vulnerabilities as experienced by Facebook which suffered reputation damage which is a serious side effect following data breaches.
Facebook alone suffered two breaches and as a result one in 20 Brits as well as millions worldwide cancelled their accounts. It also affects insider employee morale as recovery is attempted.
Paul Mason said: “Although data can be retrieved with good disaster recovery strategies, reputations are not as easily recovered. This is a serious reminder for business owners to keep their networks up to date, patched and regularly tested to stay one step ahead of those willing to take advantage.”
Gold-Caution also commented, “Businesses offering employee equity compensation (e.g. stock options) can be particularly concerned about impacts on share price. A lack of transparency can lead to significant dips in internal morale, particularly for organizations with a strong mission statement.”
The third area to consider regarding data breaches comes from companies failing to securely transfer data from one system to another. This was the case of TSB Bank (Lloyd’s) in April 2018.
Their transition of data locked up 400 accounts as well as permitting some customers to view other user accounts which leaked data and resulted in fraudulent schemes that drained monies out of some customers accounts into the thousands.
Mason commented: “It’s not just leaked data that breaches GDPR legislation; Lloyds failed to provide their consumers with three basic data rights: availability, integrity and confidentiality. That’s a huge breach of data protection legislation.”
He added: “It’s crucial to test systems before they go live, especially if you’re moving large amounts of data. Even the smallest glitch could have huge consequences if you’ve not considered all possible scenarios, and how these can be resolved quickly to prevent problems that affect your customers.”
Data is becoming one of the most valued currencies in the world, and steps need to be taken to tighten access availability, weed out network vulnerabilities, and put in place secure procedures for data transfers.
With the possibility of more high-profile cyber-attacks and data breaches in 2019 let’s hope businesses learn from this years misfortunes of those that have been in public view.