Security Breach Update
4 June 2020

Small businesses suffer more than a quarter of all breaches.Small businesses suffer more than a quarter of all breaches    

According to Verizon’s 2020 Data Breach Investigations Report, small businesses are increasingly the target of cybercriminals. The report, which analysed more than 157,000 cybersecurity incidents, found that 28% were directed at small businesses.

Previously, cybercriminals have targeted larger organisations as the rate of return was often higher. However, a transition to cloud computing and the use of social engineering attacks, like phishing scams, has increased the risk for small businesses. 

In response, it’s clear that small businesses need to prioritise cybersecurity as a data breach has an outsized effect on smaller organizations. Among other recommendations, the report encourages small businesses to invest in continuous vulnerability management, secure their email infrastructure to protect themselves from the growing threat of phishing attacks. It’s also essential that companies recognize and identify insider threat sources and eliminate them as quickly as possible.

Knowing that small businesses often lack the in-house cybersecurity resources to implement a 360-degree defensive strategy, businesses should be reaching out to your IT provider to provide essential cybersecurity support in this tumultuous time. 

Using tools and services that support good password hygiene, offering things like single sign-on, two-factor authentication, and other password-oriented enhancements, and enforcing stricter password reuse and sharing policies can help mitigate the risk of password compromise through password reuse and weakness.

Recent Breaches

Australia – Big Footy – AFL fan website  

Exploit: Phishing scam

Risk to Small Business: Severe: Cybersecurity researchers discovered more 132GB of accessible data originating from Big Footy’s online platform. The data includes personal and business data, as well as private conversions between users. The company has taken steps to secure its infrastructure and notify users, two tasks that will be costly to its reputation and bottom line. Big Footy hopes that bad actors haven’t accessed this information, but information that’s publicly exposed is often collected and sold on the Dark We.

Risk to Exploited Individuals: Moderate: The breach exposed users’ private messages, email addresses, phone numbers, passwords, and other sensitive personal details. The breach compromised many high-profile users, including police officers and government officials, giving the public unprecedented access to their private conversations. Big Footy is warning users to carefully monitor their accounts and communications for signs of misuse. Those impacted by the breach should update their Big Footy passwords and any other account credentials using a similar password combination.

Customers Impacted:  Unknown

Belgium – European Parliament – Legislative branch of the European Union

Exploit: Unauthorized database access

Risk to Small Business: Severe:  A website managed by the European Parliament exposed sensitive personal details for current and former staff members. The breach was detected by a cybersecurity company conducting a random screening of exposed data, meaning EU officials were unaware of the vulnerability. This underscores the agency’s integrity, as it tries to curtail data privacy issues through its expansive General Data Protection regulation. In response, users will be required to reset passwords more frequently and adhere to more stringent defensive tactics. 

Risk to Exploited Individuals: Severe:  Officials have not released the specific information categories compromised in the breach, but they admitted that it includes both personal and professional data. Notably, the breach exposes people to the risk of phishing attacks, which could lead to even more harmful compromises. Those impacted need to carefully scrutinize incoming, ensuring that they are engaging with authentic communications.

Customers Impacted:  16,200

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
4/06/2020

Follow us on LinkedIn:

Related Articles:
Cybersecurity is a Numbers Game
Stolen credentials used to attack hospitals and medical facilities.

Written by