Business data is at the core of all operations, making it an asset. From statistical information to strategies, customer information and comms, sales, and more, the data collected by an organization is essential to its functioning and in helping stakeholders and employees at all levels understand how the business is performing. As such, it is therefore making business data mission critical.
The data collected by organizations is often targeted by hackers who understand its value. All cybercrimes such as ransomware, phishing, BEC, malware, and more, are centered around the ability of hackers to infiltrate and obtain data from businesses and individuals.
This means that business performance and operations hinge on the ability of organizations to protect their networks and business data. However, because so many businesses have insufficient security structures in place, the rate of cybercrime and data breaches has continued to rise globally.
According to the 2022 Q1 Theft Report released by the Identity Theft Resource Center, the 404 publicly reported data compromises in the U.S. in 2022 showed a 14% increase from the same quarter in 2021. This increase has been the third consecutive year to display an increase in first-quarter breaches when compared to the previous year. The report also showed that of the number of data breaches that took place in 2022 from January to March, 92 percent of them resulted from cyberattacks, with phishing and ransomware being the top two causes. These increases have aligned with the start of the global COVID-19 pandemic.
COVID-19 has continued to play a large role in the rise of compromises that take place. The increase in remote working has subsequently caused an increase in the number of company data breaches. Cybercriminals have continued to find ways to exploit the vulnerabilities in network security due to employees working from home, often with less network security than in the office.
The global Organisation for Economic Co-operation and Development found that highly digitalized industries had the highest rates of teleworking during the pandemic with over 50% of employees, on average. This included financial service providers, information technology, communications, technical, and scientific services. And while global business operations have picked up again and many companies are attempting to return to pre-COVID-19 work models, research by McKinsey and Company predicts that hybrid models and flexible workspaces will remain, as will out-of-office systems that simplified processes.
This means that businesses must focus heavily on trade secrets and data protection because cybercrime is here to stay, and so are remote work strategies.
Business Data Breaches Incidents
From entire countries and their governments to NGOs, small, medium, and large-sized enterprises, corporations, and even healthcare service providers - no industry or type of organization has been spared from being targeted by cybercriminals. At just over halfway through the year, 2022 has seen its own fair share of horrible attacks.
Costa Rica Government
In one of the largest ransomware attacks so far this year; the Costa Rican government declared a national state of emergency after the ransomware group Conti demanded $10 million (which was later increased to $20 million). This attack was only one of several that occurred in Costa Rica; their public health service was also attacked within the same period. The country was crippled by these incidents.
Colonial Pipeline
On the 7th of May 2021, Colonial Pipeline discovered that its networks had been infiltrated. According to Tech Target, this was the largest publicly disclosed cyberattack against critical infrastructure and business data in the U.S.
Colonial Pipeline is a company that delivers fuel products including jet fuel, gasoline, diesel, and more, supplying 45% of the fuel on the East Coast. The FBI confirmed that the attack was actioned by hacker group DarkSide, who managed to retrieve 100GB of data within two hours. All the computerized equipment used to manage the pipeline was attacked, halting all pipeline operations. The company released statements addressing and updating progress on the situation.
“We proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems,” they said. The attack is one of the largest attacks globally to have taken place to date.
The Nikkei Group
Media giant, The Nikkei Group became the target of a ransomware attack earlier this year. Unauthorized access to their internal server was discovered causing them to shut down their servers. This incident followed a BEC attack the company experienced in 2019 costing the media company $29 million. In their press release regarding the ransomware attack this year, the group said that they would take the appropriate steps to enhance the security measures surrounding their business data/information.
In several of the above situations and much more unnamed in this piece, each of the organizations had been attacked more than once, and a few of them had existing cybersecurity measures in place and experts to consult. This goes to show that more often than not, the standard cybersecurity so many organizations rely on, is not enough. Even worse in situations such as the Costa Rica attacks, where there is not much emphasis on cybersecurity.
While these situations are sometimes unavoidable, it then becomes essential for organizations to have full-proof disaster recovery plans in place. Where a company has become the unfortunate victim of a cyberattack, more important than having avoided it in the first place is the ability to come back from it.
While these situations are sometimes unavoidable, it then becomes essential for organizations to have full-proof disaster recovery plans in place. Where a company has become the unfortunate victim of a cyberattack, more important than having avoided it in the first place is the ability to come back from it.
It is also as important, if not more important for small-sized enterprises to equip themselves with security solutions. While large-scale attacks are usually announced by large organizations because it is believed they have more value, smaller enterprises are just at risk, with fewer resources to recover. However, by adequately protecting their business data, they lower the risk of any attack resulting in complete business failure.
Protect Your Business Data with Sangfor Solutions
According to Gartner, “Security services edge (SSE) secures access to the web, cloud services, and private applications. Capabilities include access control, threat protection, data security, security monitoring, and acceptable use control enforced by network-based and API-based integration. SSE is primarily delivered as a cloud-based service and may include on-premises or agent-based components.”
Sangfor provides a wide range of cybersecurity solutions that cover different areas of the network security and critical business data protection of an organization. Understanding the security risks involved with hybrid work environments, Sangfor SASE provides a solution to protect the networks and business data of companies with staff outside of the office.
If you are interested in improving your organizational security, Sangfor offers a free 30-day trial of our SASE product, allowing businesses to experience the seamless taking on of a cybersecurity vendor, as well as the benefits of a secure network, cloud, and application access for all staff working in-office and remotely.
