Express Computer
Home  »  News  »  What COVID-19 means for the data breach landscape: Learnings from confirmed data breaches

What COVID-19 means for the data breach landscape: Learnings from confirmed data breaches

0 548

A three-month analysis on the possible impact of COVID-19 on the data breach landscape has shed light on an increasing number of threat actors worrying cyber-security specialists. The Verizon Business study reviewed 474 data breach incidents from March – June 2020 based on contributor data, publicly disclosed incidents and Verizon’s own observations drawn from its collective years of experience. It focuses on 36 confirmed data breaches which were identified as being related directly to the COVID-19 pandemic.

“ In view of the COVID19 pandemic, many large and small organisations have adopted new technologies such as software- as-a-service (SaaS) solutions, increased cloud-based storage and the use of third-party vendors in record time to continue to support their customers. While the SaaS solutions mentioned above, or the cloud itself, are not inherently less secure, however the concern arises from the fact that due to the conditions the pandemic has created, most organizations are adopting them in a hurried fashion, and they are often forced to do so while relying on fewer resources in terms of both personnel and revenue thereby multiplying the risk ” said Prashant Gupta, Head of Solutions, Verizon Business.

The analysis has thrown up an increasing number of commonly seen threat actors, which include:

Increase in Error — The Verizon Business 2020 Data Breach Investigations Report (DBIR) outlined that almost a quarter of all breaches were due to human error and this trend continues during the pandemic. This is due in part to organizations operating with a reduced number of staff due to illness, redundancies and/or with staff who have limitations due to their remote status. At the same time, these organizations are often experiencing unusually heavy workloads with a much higher reliance on new and unfamiliar solutions that need to be deployed quickly.

Stolen credential-related hacking — The DBIR shows that over 80 percent of breaches within the hacking category are caused by stolen or brute­ forced credentials. During the pandemic, this is now being exacerbated by the large number of employees working from home and the maintaining external workstations for remote access, leaning on SaaS platforms. Business IT departments are being challenged to secure company assets on the corporate network while the majority of the workforce is out of the office.

Phishing — In order to utilize stolen credentials, an attacker must first be able to obtain them and phishing remains one of the most commonly used methods. Prior to COVID-19 the 2020 DBIR flagged that credential theft and social attacks such as phishing and business email compromises were at the root of the majority of breaches (over 67 percent) and this trend has continued. Specific terms in combination with “COVID” or “CORONAVIRUS,” such as “masks,” “test,” “quarantine” and “vaccine” were found to be widely used within the time period. In March, a phishing simulation, conducted by a DBIR contributor, performed on approximately 16,000 people found that almost three times as many people not only clicked through a phishing link, but also provided their credentials to the simulated login page.

“Businesses need to start taking far greater responsibility in protecting their technology infrastructure. From deploying more robust security protocols to ensuring timely data breach disclosure policies. Once you lose public confidence, gaining that credibility back can often be an uphill task”, said Dr Zaki Qureshy, Founding Father, Hyderabad Security Cluster.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image