Security Breach – 8 Sep 2023

Protecting a business from cybercrime starts by protecting it from phishing

Security Breach – 8 Sep 2023

Protecting a business from cybercrime starts by protecting it from phishing. From business email compromise to ransomware, 9 in 10 damaging cyberattacks start with a phishing message. Those messages can be very sophisticated, making it hard for employees to make smart choices when handling them. It’s also important to note that 36% of all data breaches involved phishing. This perennial favourite of bad actors threatens every organisation, no matter the size, and wears many devious disguises. Therefore, it’s important for every business to be up-to-speed on the basics of phishing and how it is evolving in 2023.

Security awareness training that includes phishing simulations is an extremely effective and affordable way to keep employees from falling victim to phishing and improve a company’s overall security posture. In a report by Microsoft, analysts determined that when employees receive simulated phishing training, they’re 50% less likely to fall for phishing.

Recent Breaches

Australia – University of Sydney (USYD) – Institution of Higher Learning

Exploit: Third-party Attack

Risk to Business: Extreme: The University of Sydney (USYD) has announced that a data breach at a third-party service provider may have exposed the personal information of recently applied and enrolled international applicants. The public university started operations in 1850. USYD has not offered specifics about the types or nature of data stolen in the incident, saying that it is still under investigation. The university said that impacted students will be contacted and receive support to mitigate the risk of exposure.  

United States – Paramount – Entertainment Company

Exploit: Hacking

Risk to Business: Moderate: Paramount Global disclosed a data breach after its systems got hacked and attackers gained access to personally identifiable information (PII). Paramount said in breach notification letters that the attackers had access to its systems between May and June 2023. In the attack, bad actors stole some customers’ names, date of birth, Social Security number or other government-issued identification number (such as driver’s license number or passport number) and information related to their relationship with Paramount. Paramount claims that about 100 people were impacted in this incident which remains under investigation.   

United States – Forever 21 – Fashion Retailer

Exploit: Hacking

Risk to Business: Severe: Clothing retailer Forever 21 has disclosed a data breach to the Office of the Maine Attorney-General that the personal information of over 500,000 people was exposed in a cyberattack. The retailer said that a cyberattack hit its systems in March 2023. In the incident, bad actors gained access to what appears to be employee data including an employee’s full name, social security number (SSN), date of birth, bank account number and Forever 21 health plan information. Forever 21 said that it has hired a specialist firm to investigate the incident. 

Talk to a TCT team member today about implementing cyber security and phishing training plan for your employees.

Robert Brown
8/09/2023

Related Articles:
What Is Push-Bombing?
What is Zero-Click Malware?