Over 50% Data Breaches Are Due To Human Error

Uploaded on 2016-08-30 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Cyber-fraud is sector agnostic. Any business in any industry is just as vulnerable, if not more, to data leaks and fraud, which is why curbing tech naivety should be high on the agenda for growing businesses. Considering how both of these issues can be debilitating for growing businesses, it is crucial to understand the difference between the two, their relationship to one another and the warning signs of each.

What's a data breach and why should I care?

A data breach is essentially when sensitive, protected or confidential information has been viewed, stolen or used by someone unauthorised to do so. Data breaches can be as broad as all of your employees' email addresses, or specific and more sensitive, such as personal health information or intellectual property.

The average cybersecurity breach in the UK costs upwards of £1.4 million, and according to new research, 52 per cent of data breaches last year were due to human error, mostly from a lack of awareness.

According to CompTIA, a global non-profit association for the technology industry, cybersecurity awareness is a vital first step for businesses across sectors to protect themselves against data breaches.

“Every business that uses IT needs to be aware of the consequences of bad cybersecurity practice,” according to Graham Hunter, CompTIA's VP certifications, Europe and Middle East.

“Time and time again, we hear of employees causing data breaches, whether that be through leaving a USB device with important data lying around, or clicking on unsolicited links in emails. Such actions are rarely malicious and more often the result of a lack of training, knowledge or general carelessness.”

In order to drum up awareness among the SME community, CompTIA has launched a training programme, CyberSecure, which will include all the fundamentals of cybersecurity in the workplace.

“It’s clear that cybersecurity is no longer exclusively the domain of the IT security department,” Hunter adds. “The responsibility lies upon all employees to be secure with their devices, and this only increases as more employees work remotely and on the move.”

What about cyber-fraud?

Overall, fraud could be costing the UK economy up to £193 billion a year, according to this year's Experian Annual Fraud Indicator. Phishing attacks rose by more than a fifth (21%) last year and were estimated to cost Britain more than £280 million, affecting the procurement and insurance industries the most.

In terms of legal support, Patrick Arben, a partner at Gowling WLG, explains that the onus to prevent cyber-fraud may lie entirely on businesses. "Where tackling cybercrime is concerned, it is important that business owners remember that the role of the police and other national crime agencies is not focused on detection, rather raising awareness of the risks and the need to self-protect against any attacks. Business owners should, therefore, be as pro-active as possible in backing up valuable data and realising how to spot suspicious communications requesting confidential information," he explains.

According to Experian's ID and fraud expert, Nick Mothershaw, businesses have a lot to gain by taking accountability for their IT security. "Resilience to fraud can only be tackled from the grass-roots up, so it’s up to each organisation to not only manage fraud as a loss factor, but to overcome it by treating fraud prevention as a growth opportunity," he says.

The two-for-one combo

Data breaches and cyber-fraud are essentially two sides of the same coin, so a two-pronged approach towards both may be in order to prevent attacks of any kind. Both tend to be financially motivated, and that could have an immediate impact on your business. Attackers may attempt to use stolen data to carry out fraud in a two-part crime.

"Fraud costs merchants money in a number of different ways. Lost goods and lost revenue through chargebacks both hit merchants in the pocket. There is also the possibility that merchants will become too risk averse and tighten up their rules to the extent that legitimate transactions are declined because merchants do not have the protocols, expertise, and systems in place to differentiate between fake and genuine consumers," Don Bush,VP at fraud solution firm, Kount explains.

Unfortunately, businesses will always have to stay vigilant against data breaches and fraud. However, basic understanding of the two, how they’re different, how they relate and how to watch for them is good place to start.

How can you protect your business against cyber-fraud?

Recent Barclaycard research revealed 48 per cent of small businesses have been hit by at least one cyberattack in the last year, and 10 per cent suffered repeated attacks, many of which have a direct impact on customers. Here's how to ramp up IT security, starting with the fundamentals.

1.       Cover the basics: Firstly, all businesses should complete a risk assessment to understand what potentially sensitive or valuable information is being held, and where it is. This informs what controls are needed to protect customer data. By identifying what data is attractive to criminals, businesses will be in a much better position to take the right precautions to keep it safe.

2.       Adhere to standards: All businesses must be compliant with the Payment Card Industry Data Security Standards (PCI DSS) which are designed to ensure they are processing and storing customer card data as securely as possible. Being compliant won’t stop businesses from being targeted by cybercrime, but it will make sure that they’re in the best position to prevent an attack, helping them avoid the financial and reputational losses.

3.       Enlist the help of a web developer: It is important for businesses to ask their web developer how they are protecting customer information, including personally identifiable data. Web developers should also frequently be conducting patch management, monitor the site for suspicious activity and regularly search for traces of malware.

4.       Keep the conversation going: Security is not a one-off cost, it’s an on-going – and essential – business investment. Maintaining a dialogue with the web developer and payment provider allows businesses to keep abreast of the latest cyber threats and solutions, which will ensure they stay protected even as the landscape changes.

5.       Stay alert: In the event that data is compromised, businesses must stay alert – this is because one merchant’s data breach may lead to fraud on the website of another. Fortunately, the payments industry has put in place a number of measures to help restrict the damage. Existing solutions include 3D Secure, Card Security Code and the Address Verification Service. These all require customers to enter additional information at the point of sale during card-not-present transactions to assess whether the transaction is genuine.

Additionally, the Industry Card Hot File – a subscription service which compares card details against a list of lost or stolen cards – can help to block attempted transactions made as a result of a data breach.

GrowTheBusiness: http://bit.ly/2a9wRg6

 

« London Police Chief Says Spy Agencies Face Terror Fight
Businesses Need To Protect Data, Not Just Devices »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LexisNexis Risk Solutions

LexisNexis Risk Solutions

LexisNexis Risk Solutions provides technology solutions for Anti-Money Laundering, Fraud Mitigation, Anti-Bribery and Corruption, Identity Management, Tracing and Investigation.

Lynx Software Technologies

Lynx Software Technologies

Lynx provide secure software and operating systems for use in mission critical applications such as aerospace, medical, transportation and IoT.

Cloudmark

Cloudmark

Cloudmark is a trusted leader in intelligent threat protection against known and future attacks, safeguarding 12 percent of the world’s inboxes from wide-scale and targeted email threats.

MedCrypt

MedCrypt

MedCrypt are a team of medical device experts focused on bringing modern cybersecurity features to the next generation of healthcare technology.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

International Data Sanitization Consortium (IDSC)

International Data Sanitization Consortium (IDSC)

IDSC is a group composed of individuals and companies dedicated to standardizing terminology and practices across the data sanitization industry.

Eco Recycling (Ecoreco)

Eco Recycling (Ecoreco)

Eco Recycling is India's first and leading professional E-waste Management Company that has set industry benchmarks with its innovative & environment friendly disposal practices.

SecureOps

SecureOps

SecureOps is transforming the Managed Security Service Provider industry by providing tailored cybersecurity solutions proven to protect organizations from cyberattacks.

Cyberwatch Finland

Cyberwatch Finland

Cyberwatch Finland's services improve decision-makers’ strategic situational picture and enable successful holistic cyber risk management.

Purple Knight

Purple Knight

Purple Knight is a free Active Directory security assessment tool built and managed by an elite group of Microsoft identity experts.

Prancer

Prancer

Prancer is the industry's first cloud-native, self-service SAAS platform for automated security validation and penetration testing in the cloud.

SolidRun

SolidRun

SolidRun is a leading provider of computing and network technology designed to streamline the deployment of edge computing infrastructure and support embedded and IoT markets.

Mutare

Mutare

For three decades, Mutare has been empowering organizations to re-imagine a better way to connect through our transformative voice security, digital voice and text messaging solutions.

Opal Security

Opal Security

Opal is an identity and access management platform that offers a consolidated view and control of your whole ecosystem from on-prem to cloud and SaaS.

Nerds On Site

Nerds On Site

Nerds On Site provide on-site & in-home IT and technical support, managed IT services, and cyber security through our collaborative team of highly-trained IT and Security professionals.

Career Smarter

Career Smarter

Career Smarter offers accredited online courses in cybersecurity and other sectors, helping learners gain industry-recognised certifications.