Visa Europe revealed important stats about the usage of Contactless Cards. Poland, Spain and the UK use this payment methd the most, with UK usage growing by 300% year over year.
.png)
Aaron Valentine December 29, 2022
The year 2022 saw several high-profile data breaches that exposed millions of individuals and businesses. These breaches highlighted the need for organizations to prioritize and implement robust measures to protect their systems and data from cyber threats.
Here are some lessons we can learn from 2022's biggest data breach stories.
Third-party vendors are something organizations must rely on to protect critical data. However, as Uber has discovered this year, this comes with significant risk. On December 10, an attacker breached third-party asset management vendor Teqtivity’s internal systems by exploiting vulnerabilities in their AWS backup system and leaked the account information and personal data of around 77,000 Uber employees on a hacker forum.
Before that, on September 15, a hacker going by the name ‘Tea Pot’ successfully breached Uber’s internal infrastructure and cloud services before using its internal Slack to brag about the attack. The attacker accessed Uber’s systems after ‘MFA bombing’ a contractor, hitting their SMS with login requests until they accepted one and granting access to Uber’s internal systems.
Uber isn’t unique here. Third parties are increasingly a weak link in the cyber security chain, with a report by SecureLink showing 51% of companies have now experienced a data breach that exploited security weaknesses within the supply chain.
Organizations should seek a thorough understanding of their third-party vendors inside and out, with careful screening, structured onboarding, and regular risk assessments of third-party vendors required to ascertain what systems will be accessed, which data they may hold, and potential avenues of compromise.
Research by CS Hub revealed that 75% of cyber security researchers see social engineering as the biggest threat. It’s not hard to see why; humans are often the most straightforward way into any organization. You can have all the defenses in the world, but they’re not as helpful if staff can be deceived into letting someone unsavory into the organization’s network.
Dropbox found this out firsthand this year when a hacker accessed a GitHub account of a Dropbox developer who had fallen victim of a phishing email. The attacker could access 130 internal code repositories that belonged to Dropbox, though Dropbox insisted they didn’t contain anything related to core applications. However, Dropbox admitted that there may have been some plain text API keys and credentials among the code, including thousands of names and email addresses belonging to Dropbox employees.
Technology conglomerate Cisco has noted that social engineering attacks are getting more complicated and common. Organizations must use procedures like multifactor authentication, strong email security, good password management, and consistent employee training to stay on top of social engineering attacks.
Companies today are learning the hard way to limit access to their more critical data. It’s crucial to do this, as not limiting who can view your data could prove extremely harmful to the organization and put staff and customers at risk.
Pegasus Airlines this year were reminded of the importance of this principle when an AWS cloud storage bucket was left unprotected, resulting in the firm unintentionally putting 23 million files and 6.5 TB worth of data online. The data included information on EFB software, flight charts, navigation and crew material, passwords in plain text, and more.
Organizations should seek to control access to data throughout the company, whether by ensuring specific roles only have access to certain information or ensuring employees aren’t accidentally or purposefully breaking data management and security policies.
By investing in advanced technology, implementing robust security policies, and educating employees about data protection, you can strengthen your cybersecurity measures. Count on our team of experienced professionals to help you protect your data, secure your network, and recover from disasters. Talk to our experts today.
Aaron is a recent graduate of the University of Gloucestershire, where he studied cybersecurity. He is a cyber security consultant at Advantio, using his expertise to help clients secure their systems and protect against cyber threats. In his free time, Aaron enjoys traveling and long walks.
Comments