24 Feb Security Breach – 21 Feb 2025
Human actions are the top cybersecurity problem with which small to medium businesses contend with. The combination of the risk from user-related vectors like human error and negligence is a difficult and potentially costly proposition. The most effective and affordable way for SMB to gain ground in the fight is through regular, high-quality cybersecurity awareness training for every user. Arming users with knowledge and experience through education is the key to mitigating human risk.
Also, phishing simulations are a powerful tool for reinforcing security awareness training. By mimicking real-world phishing attempts, these simulations provide employees with hands-on experience in identifying and responding to threats. Microsoft reports that after deploying phishing simulations five times, the percentage of users susceptible to phishing dropped from 70% to single digits. The human factor will always pose significant challenges in combating phishing attacks, which is why approaching the problem from multiple angles is essential. Pairing effective security awareness training with phishing simulations and other user protection measures like an AI-driven anti-phishing solution further mitigates phishing risk.
Recent Breaches
China – Mars Hydro – Manufacturing
Exploit: Human Error
Risk to Business: Severe: Mars Hydro, a Chinese company that manufactures a range of Internet of Things (IoT) devices, including LED lights and hydroponics equipment, has experienced a significant data breach. Security researchers discovered an unprotected database online containing nearly 2.7 billion records. The exposed data includes Wi-Fi network names, passwords, IP addresses, device numbers and more. Many of the company’s products are controlled by internet-connected devices, such as smartphones and information related to these devices was also included in the breach.
Japan – Nippon Steel – Manufacturing
Exploit: Ransomware
Risk to Business: Severe: Nippon Steel, the world’s fourth-largest crude steel producer, has allegedly fallen victim to a ransomware attack by the BianLian ransomware group. On Thursday, the group listed the Tokyo-based company on its dark leak site, claiming to have stolen 500 GB of data from Nippon’s U.S. division networks. BianLian asserts it has exfiltrated a wide range of sensitive information, including accounting records, client financial data, executives’ personal folders, file server data, production details and personnel files. Additionally, the group leaked personal contact information such as direct phone numbers for the company’s C-suite executives. The breach comes at a particularly challenging time for Nippon Steel, as it navigates a complex $15 billion merger with U.S. Steel.
Talk to a TCT team member today about implementing cyber security plan for your business.
Robert Brown
21/02/2025
Related Articles:
Securing File Storage and Transfers
Setting Up AI Rules for Your Staff