In our annual Halloween blog for 2023, we’ve decided not just to tell you a scary, technological horror story of the hacked and attacked, but to show you how you can beat the cyber-criminals and protect yourself, your business, your teams, and your data, whether you’re a corporate giant, a growing enterprise, or an SMB.
SMALL BUSINESSES – THE SECTOR SEEING THE LARGEST RISES IN CYBER-ATTACKS IN 2023
Our fact file below this entry shows that SMEs are now a huge target for cyber-criminals… a further fact tells you why: only 14% of small businesses are equipped to defend themselves adequately from a cyber-attack. Now factor in that 60% of SMEs will go bust within 6 months of an attack and the need for affordable yet highly robust cyber-protection became evident to us. So, we created our OMNIA solution which has many elements including affordable SD-WAN, SASE, and Data Encryption.
The head of a small business suffered a £1.6 million loss within minutes due to fraudulent activity, when an employee fell victim to a ruse that granted unauthorized access to the company’s accounts. The owner of Kent Brushes has since expressed strong dissatisfaction with the response from authorities, whilst both law enforcement and the company’s bank have been equally critical of the Kent Brushes.
Simultaneously, a senior law enforcement official is advocating for more extended prison terms for individuals convicted of fraud. Adrian Searle, the director of the National Economic Crime Centre, pointed out that although the current maximum sentence for fraud is 10 years, the average sentence typically hovers around two years, and even in the most severe cases, it rarely exceeds four years.
“We endorse lengthier sentences for those committing the most destructive forms of fraud,” he conveyed to the BBC. “We are particularly eager to see the emotional toll of fraud taken into account.” Said Searle.
Action and revision of current sentencing is clearly needed: In the year leading up to March 2023, the Home Office recorded 1.25 million instances of fraud. Among these cases, only around 4% were subject to investigation with as little as 4,000 ending up in court.
It seems evident that SMEs, law enforcement and even the judicial system alike are finding it tough to keep up to date in countering and dealing with increasingly sophisticated cyber-criminals who are often part of global organised criminal groups.
FACTS AND STATS THAT SHOW SME’s ARE NOW A GIANT TARGET FOR CYBER-CRIMINALS:
- 61% of SMBs were hit by a successful cyber-attack in the past year
- 43% of all data breaches are against SMBs
- 82% of ransomware attacks target SMBs
- Small businesses are subject to 350% more attacks than their enterprise counterparts
- Data exfiltration occurs in 89% of successful cyberattacks on SMBs
- 43% of cyber-attacks are aimed at SMEs, but only 14% are equipped to defend themselves
- 66% of SME/SMBs have experienced a cyber-attack in the past 12 months
EVEN THE ‘BIG BUSINESS’ GIANTS ARE STILL BEING ATTACKED
By now you would think that the big corporate businesses would have their cyber-protection ducks in an orderly row. Think again. Not only are their networks breached but their reams of data measuring into the terabytes an often not encrypted.
Capita experienced a cyber-attack in March of this year, leading to a distressing revelation that a huge cache of data was left unprotected online and up for grabs by cyber-criminals. To date, around 90 organisations have reported instances of personal data breaches linked to Capita, a major outsourcing corporation, as confirmed by the ICO, a regulatory authority overseeing privacy and data. As a result of this breach, cautionary notices were issued to hundreds of thousands of individuals, informing them of the potential impact on their personal information.
A leading security researcher Kevin Beaumont told the media that he’s “very confident” it was a ransomware attack, and highly significant due to the breadth of data at risk which, in turn, could expose victims to fraud.
Since the attacks Capita has publicly assured that measures have been implemented to enhance data security, stating: “Capita continues to work closely with specialist advisers and forensic experts to investigate the cyber incident and we have taken extensive steps to recover and secure the data.”
However, layer 4 data encryption would have rendered the data stolen utterly unreadable and therefore also utterly worthless to cyber-criminals.
READ ABOUT LAYER 4 DATA ENCRYPTION AND HOW IT PROTECTS YOUR BUSINESS, YOUR TEAMS, AND YOUR DATA
Giant cyber-attacks are often on a global scale with partner businesses, supply chains, and potentially millions of individuals at risk.
One of the issues of the giants getting caught out by cyber-criminals is that it can affect businesses and individuals across the entire planet. For example, a recent data breach at Casio, the renowned Japanese electronics manufacturer, has affected customers in 149 different countries around the globe. This breach occurred when hackers managed to infiltrate the servers of Casio’s ClassPad education platform.
The breach was first identified by Casio on Wednesday, October 11 2023, after the discovery of a malfunction in a ClassPad database situated within the company’s development environment. Subsequent evidence suggests that the unauthorised access to customers’ personal information took place on October 12th 2023.
The compromised data includes customer names, email addresses, countries of residence, service usage records, and specific purchase details, encompassing payment methods, license codes, and order particulars.
“At this time, it has been confirmed that some of the network security settings in the development environment were disabled due to an operational error of the system by the department in charge and insufficient operational management,” a Casio company spokesperson said. “Casio believes these were the causes of the situation that allowed an external party to gain unauthorized access.”
Once again, layer 4 encrypted data would’ve protected Casio’s data as what was taken was clearly targeted by the cyber-thieves, had they been unable to read that compromised data they wouldn’t have known its potential value.
FACT AND STAT FILE ON HOW EVEN THE GIANTS GET IT WRONG:
- 50% of large enterprises are spending $1 million annually on security
- The average cost of a data breach to a corporate business is $9.44 million USD
- Properly protected corporations will see a 66% drop in attempted attacks
- 90% of cyber-attacks start with phishing – the more staff you have the more at risk you are!
- 89% of cyber security experts believe staff training will never be sufficient or up to date enough to keep cyber-attackers out
FINANCE AND TECH ARE REGULARLY ATTACKED AND COMPROMISED – THE BUSINESS SECTORS THAT REALLY SHOULD KNOW BETTER!
There are certain sectors that we would like to have total trust in, banking for example, and of course, we expect the technology experts to have all their bases covered. Well, the examples below say differently. But cyber-criminals often fall into two groups – firstly, they want to see the highest financial return on their attack, but secondly, they cannot resist attacking technology experts or businesses that purport to have the highest levels of security know-how.
The telco giant AT&T recently suffered a third-party data breach in which 9 million customer records were compromised. AT&T said the breach exposed Customer Proprietary Network Information (CPNI) such as the number of lines or subscribed wireless plan – information which in the USA, is highly regulated by federal laws.
In August 2023 Italy’s cybersecurity agency issued a statement admitting FIVE Italian banks had been the victim of denial-of-service (DDoS) attacks, including Intesa Sanpaolo, the largest bank in Italy. In a DDoS attack, websites are deluged with junk traffic often rendering the sites inoperable or even to crash entirely. A pro-Russian hacking group claimed responsibility for these DDoS attacks – similar groups have grown in proliferation since the Ukraine invasion.
Researchers at cybersecurity company Sekoia said in June this year that: “This likely stems from the fact that those countries are the most vocal in public declarations against Russia and pro-Ukraine, as well as providing military support and capabilities.”
While in the early part of the year tech giant Acer had 160MB of data stolen by cyber-thieves. They discovered this after their stolen data was being sold online on a popular hacking forum!
A spokesperson for Acer said. “We have recently detected an incident of unauthorized access to one of our document servers for repair technicians. While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server.” While we are happy to take their word for that there is undoubtedly serious harm done to the corporate reputation of a company that really should know better how to protect their data.
HACK FACTS & STATS FROM FINANCE AND TECH SECTORS:
- Finance firms lose approximately $5.9 million per data breach
- Losses to financial corporations are 28% higher than the global average
- 48% of financial attacks start with malicious actors
- $3 billion worth of cryptocurrency was stolen in hacks to date
- $29M was stolen from a fintech company by a hacker
EVEN THOSE WHO PROTECT SOCIETY, SUCH AS THE POLICE AND ELECTORAL COMMISSION UK, HAVE BEEN VICTIMS OF CYBER-ATTACKS
Once again, there are sectors of our society who really should know better how to protect themselves and their data. When it comes to compromising society as a whole, we expect robust systems to be in place, we might even take it for granted that every level of protection is applied – but it seems not! In recent huge hacks – with equally huge, and even dangerous ramifications – the very bedrock of our communities, society, and security have been compromised. We must all ask WHY is this crucial data and the networks it sits upon not being protected to the utmost and who will be paying the price for these cyber-attacks.
READ MORE ON WHO FOOTS THE BILL AFTER A CYBER ATTACK HERE.
Police forces all over the UK have recently been attacked by cyber-criminals, but some have accidentally uploaded highly sensitive data themselves! Whilst there is little that can be done to stop all human errors, the fact remains that once that data is online it is vulnerable to attack and theft – if that data is the names and addresses of your police staff, human lives can even be at risk.
Two recent cases of human error came from Cumbria police, who admitted accidentally publishing the names and salaries of over 2,000 employees, the other was with the Northern Irish Police where even undercover officers were named online and just days after the Northern Ireland incident, an arrest was made in regard to collecting data ‘likely to be useful to terrorists’.
Greater Manchester Police have recently been the victims of what can only be described as an enormous cyber-attack where thousands of officer ID badge details were stolen. Details on warrant cards and identity badges – including names, photos of individuals, and police collar numbers or identity numbers were taken in the attack clearly identifying the city’s officers.
ACC Colin McFarlane of Greater Manchester Police (GMP) said: “We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP.
At this stage, it’s not believed this data includes financial information. We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioner’s Office and are doing everything we can to ensure employees are kept informed, their questions are answered, and they feel supported.
This is being treated extremely seriously, with a nationally-led criminal investigation into the attack.”
In London, the Metropolitan Police Force also saw a huge data breach with around 47,000 law enforcement staff and Met officer details stolen. Frighteningly – and ironically – this may have included undercover and counter-terrorism officers too, those who work closely with the security services such as MI5.
Rick Prior, the Vice Chair of the Metropolitan Police Federation, which represents more than 30,000 officers, described the Met Police data breach as a “staggering security breach that should never have happened.”
A huge understatement in our opinion!
Two further police forces namely, Norfolk and Suffolk suffered a witness and victim data breach where 1, 230 records were compromised.
But it isn’t just our security forces being attacked and hacked. One of the biggest ever data breaches in the UK made international news as a staggering [potential] 40 million electoral data records.
The Electoral Commission –
The UK’s elections watchdog has revealed it has been the victim of a “complex cyber-attack” potentially affecting millions of voters.
The Electoral Commission said unspecified “hostile actors” had managed to gain access to copies of the electoral registers, from August 2021.
Hackers also broke into its emails and “control systems” but the attack was not discovered until October 2022.
Chair John Pullinger said: “If you go public on a vulnerability before you have sealed it off, then you are risking more vulnerabilities.”
He said the “very sophisticated” attack involved using “software to try and get in and evade our systems”.
All of these attacks where highly sensitive data has been compromised, viewed by unauthorised people, and/or stolen would have been impossible if the said highly sensitive (not to mention valuable and potentially dangerous) data was subject to layer 4 encryption, such as that found in our innovative OMNIA solution.
FACTS AND STATS THAT ARE TRULY FRIGHTENING:
- Each public sector incident costs $2.07 million on average
- Cybercrime will cost companies worldwide an estimated $10.5 trillion annually by 2025, up from $3 trillion in 2015
- More than 77% of organisations do not have an incident response plan
- The average company is living with $28M in data breach risk with 157,000 sensitive records exposed
- By 2026, 40% of organisations will have dedicated cyber committees and 50% will have performance requirements for C-level leaders
Talk to us about how we can keep you connected and protected, and your data assured with the most affordable, advanced solution tailored to fit your needs, your applications, and your budget. EMAIL: info@sdwansolutions.co.uk
NEWS AND PRESS RELEASE SOURCES
| BBC News | The Electoral Commission | The Record |
| Sky News | Tech Crunch | Sanpaolo |
| The Guardian | Capita | Sekoia |
| Manchester evening News | Cambridge University | Acer |
| Greater Manchester Police | Cisco | Security Intelligence |
| CPO Magazine | Casio | Chainalysis |
| London MET | AT&T | Astra Security |
| Metropolitan Police Federation | Bleeping Computer | Cumbria Police |
| Norfolk & Suffolk Police |
FACT & STAT FILES SOURCES
| IBM | Data Breaches | Health IT Security |
| BBC News | Bloomberg | IT Governance |
| Daily Mail | Computer Weekly | Embroker |
| Guardian | Forbes | Venari Security |
| The Independent | Check Point | Firewall Times |
| Evening Standard | Kent Brushes | Security Journal |
| The Irish Times | Firewall Times | Comparitech |
| FT | Small Business Trends | Security Intelligence |
| Tech Crunch | Black Fog | Varonis |
| Cyber News | Unsecure | Gartner |