Security Breach – 15 Sep 2023

Human error

Security Breach – 15 Sep 2023

The vast majority of cyberattacks are caused by one factor: human beings. In its 2023 Data Breach Investigations Report, Verizon found that the human element is a factor in 74% of total breaches. Human beings are gullible, and bad actors take advantage of that every day. That’s one reason why social engineering is a favoured technique of cybercriminals, especially when conducting phishing operations. It’s a huge problem for businesses as well as the IT professionals that keep them safe.

The advent of AI in cyberattacks, especially in phishing attacks where it can be incredibly effective, makes mitigating social engineering risk vital. By taking a look at social engineering in cyberattacks and some red flags that indicate its presence, it’s easy to see that every business can quickly take action to reduce its risk of a cybersecurity disaster caused by social engineering.

Cybersecurity awareness training is critical for avoiding trouble with social engineering. Employees who receive regular security awareness training are 70% less likely to cause a security incident. That wisdom applies to a company’s executives as well. An executive falling for a social engineering trick can do major damage quickly. Everyone should receive regular security awareness training to keep them vigilant and informed about the cyberattacks that they may encounter, including phishing attacks that include social engineering elements.

Of course, the best way of ensuring that an employee doesn’t fall for a social engineering trick in a phishing message is to ensure that they don’t receive the phishing message at all. Plus, it can be a challenge for even savvy employees to sniff out phishing when bad actors use technology like Chat GPT to write highly believable messages without the usual phishing red flags. AI-driven email security can make smart choices about the legitimacy of messages by reviewing their content, not just checking safe sender lists.

Recent Breaches

 

Australia – Dymocks – Australia – Bookseller

Exploit: Hacking

Risk to Business: Severe: Dymocks, a venerable bookstore chain, has announced that it experienced a data breach that may impact 836k customers. The company discovered the hack after researchers informed it that its customer data had appeared on the dark web on September 6, 2023. The company said that it sees no intrusion of its own systems and contends that the data may have come from a third-party service provider. The exposed data includes a customer’s full name, date of birth, email address, postal address, gender and specialty membership details (gold expiry date, account status, account creation date, card ranking). The company says the incident has been reported to the relevant authorities and it remains under investigation.  

Australia – TissuPath – Pathology Laboratory Chain

Exploit: Hacking

Risk to Business: Severe: TissuPath is investigating a data security incident that led to the exposure of sensitive health data going back a decade. The company says that the data was exposed due to one of its storage drives being illegally accessed by compromised user accounts at one of its service providers. TissuPath stressed that its main database and reporting system that stores patient diagnoses was not compromised. Stolen data includes scanned pathology request forms with information such as patient names, dates of birth, contact details, Medicare numbers and private health insurance details. The BlackCat/ALPHV group has claimed responsibility, claiming that it stole 446GB of data which has been published on the dark web.   

Talk to a TCT team member today about implementing cyber security and phishing training plan for your employees.

Robert Brown
15/09/2023

Related Articles:
Cybersecurity Skeletons in your Closet?
Advantages of an In-Depth Cybersecurity Strategy