Security Breach Update
30 July 2020

Business ContinuityCybercrime Boom Means Data Breach Risks are Rising

In a challenging economy, even cyber criminals have to work a little bit harder – and they’re working overtime.

A 23% overall increase in cybercrime in 2020 so far (and a more than 600% increase in phishing attacks) means that your data is at greater risk than ever before.

So what can you do right now to improve data security immediately, and add additional protection that keeps your data protected from cybercrime?

For the quickest security upgrade, a secure identity and access management solution like DUO 2FA has the most immediate bang for your buck.

Passwords are a thorny problem for IT departments, but they don’t have to be. By combining multifactor authentication, single sign-on, and secure password vaults with easy management, DUO immediately puts an extra layer of protection between bad actors and your business – and it seamlessly integrates with the business applications that you use every day to start working from day 1.

For a longer term solution, increase security awareness training, especially phishing resistance.

Many of today’s most dangerous cyberattacks, like ransomware, have an element of phishing – and the latest breach news shows that over 90% of incidents that end in a data breach start with a phishing email.

Phishing attacks aren’t always attempted with an email attachment either; they can be links, PDFs, even SMS messages.

By taking an approach that combines both a fast fix and continuous improvements in security awareness, businesses can reduce their risk of falling victim to cybercrime like a potentially disastrous data breach and be ready for future threats as they crop up.

Recent Breaches

United States – CaptainU – College Recruiter

Exploit: Unsecured Database

Risk to Small Business: Extreme: Cybersecurity researchers recently uncovered an unsecured Amazon S3 (Simple Storage Service) bucket containing nearly 1 million records of sensitive high school student academic information. The exposed data included GPA, ACT, SAT, and PSAT scores, unofficial transcripts, student IDs, students’ and parents’ names, email addresses, home addresses, and phone numbers – plus pictures and videos of students’ athletic achievements, messages from students to coaches, and other recruitment materials. The files are still available.

Risk to Exploited Individuals: Extreme:  CaptainU is claiming that this information was always intended to be publically available, although that message differs from what parents and students were told about how information was shared by the company. Any student with a profile at this company should consider their information exposed and take appropriate measures against identity theft, spear phishing, fraud, and other criminal uses.

Customers Impacted:  1 million

United Kingdom – University of York – Institution of Higher Learning

Exploit: Third Party Data Breach

Risk to Small Business: Severe:  Last week we reported on a data breach at fundraising services provider BlackBaud, and this week we’re starting to see the fallout from that ransomware incident. Information that was breached for University of York students and alumni who have participated in fundraising events includes name, title, gender, date of birth, student number, home address, phone numbers, email addresses, LinkedIn profile details, course and educational attainment details, fundraising activities, fundraising event participation, fundraising volunteering, donations made, and professional details.

Risk to Exploited Individuals: Moderate: No financial information was reported as breached, and the personal information taken was generally publically available. Alumni will need to be especially cautious of possible spear phishing attempts made using this information.

Customers Impacted:  Unknown.

Ensure you’re protecting your data and systems from common sources of credential compromise and data loss by implementing a solid cybersecurity plan.

Talk to a TCT sales team member today and we can show you how.

Robert Brown
30/07/2020

Follow us on LinkedIn:

Related Articles:
Multifactor Authentication is a Security Must-Have in 2020
Cyber Security and the Changing Threat Landscape

Written by