25 Aug Security Breach – 25 Aug 2023
Cybersecurity awareness training has been a bit of a struggle for businesses to embrace. In the SMB Security Report, we asked business IT decision-makers about their commitment to cybersecurity awareness training. Shockingly, only 43% of respondents said that their organisation conducts security awareness training at all. That has come back to haunt many businesses. Later in the report, we asked small businesses about their security woes, more than 40% of respondents blamed their security issues on a lack of training for employees – and they’re right.
Security awareness training is a modern essential for many reasons. First and foremost, it can prevent employee errors that lead to a data breach or cyberattack. Even a modest investment in security awareness and training has a 72% chance of significantly reducing the business impact of a cyberattack. Plus, security awareness training is now required by most insurers to obtain or remain compliant with requirements for obtaining cyber insurance. It has also become a requirement for compliance with many regulatory standards.
Recent Breaches
Australia – Energy One – Business Software Provider
Exploit: Hacking
Risk to Business: Moderate: Wholesale energy software provider Energy One has revealed that a cyberattack on August 18, 2023, resulted in some corporate systems in Australia and the United Kingdom being taken offline. Energy One specified that it has disabled some links between its corporate and customer-facing systems as a safety measure. It is also working to determine what if any data was accessed by the attackers. The company said it has engaged cyber security specialists, CyberCX, and alerted the Australian Cyber Security Centre and certain UK authorities about the incident, which remains under investigation.
Australia – The au Domain Administration – Domain Authority
Exploit: Ransomware
Risk to Business: Ransomware: The au Domain Administration has finally admitted that it has been the victim of a cyberattack by the ransomware group NoEscape. AuDA had maintained that it had not fallen victim to a cyberattack initially but changed its tune after the ransomware group posted a sample of AuDA’s data on its leak site. NoEscape says that it has pilfered more than 15GB of data, providing screenshots of some AuDA customer documents as proof of the hack. AuDA said that it is AuDA working with the Australian Cyber Security Centre, the Department of Home Affairs and the Office of the Australian Information Commissioner as well as outside cybersecurity experts in its ongoing investigation.
United States – Tesla – Car Company
Exploit: Malicious Insider
Risk to Business: Extreme: Tesla has admitted that it had a data breach in May 2023 that was caused by malicious insiders. Allegedly, two or more Tesla employees stole data including customer data from Tesla and leaked it. The German news outlet Handelsblatt obtained the data and published an analysis of it, which is how Tesla found out about the data breach. The treasure trove contained 100 gigabytes of confidential data, which included employees’ names and contact information such as addresses, cell phone numbers, and email addresses. The leaked data also included around 2,400 customer complaints about Tesla cars suddenly accelerating and a further 1,500 complaints of braking issues, including 383 cases of “phantom braking”.
Talk to a TCT team member today about implementing cyber security and phishing training plan for your employees.
Robert Brown
25/08/2023
Related Articles:
32.4% of employees will fall for phishing scams
Insider threats are getting more dangerous!