October is marked globally by various countries and organisations as Cybersecurity Awareness Month. The overarching theme for 2022 is “See Yourself In Cyber.”
At iSite Computers, we’ve dedicated this month to publishing a four-part series aimed at creating awareness on fundamental cybersecurity practices for small to medium-sized businesses in South Africa.
Share this article series with your employees to stress the critical basics of IT security in order to keep your business protected from dangers like ransomware and hackers.
This is Part 1 of 4.
***
Alongside ransomware, arguably no phrase has dominated the South African cybersecurity world in the last 24 months more than the term “data breach.”
From breaches that have impacted critical infrastructure at Transnet to hackers compromising the data of more than three million South Africans from credit bureau TransUnion, the last two years have been saturated by headlines of cybersecurity mishaps even on a global scale.
Yet, despite the media coverage on data breaches, many businesses may not know what exactly a data breach is, how they typically start, and why they occur.
According to IBM, the average time it takes to identify that a breach has occurred is 287 days, with the average time to contain a breach clocking in at 80 days. It is thus essential that business owners and managers are familiar with the anatomy of a data breach so that they can keep their data, as well as their employee’s and customers’ data, safe.
With that in mind, here is some helpful background on what data breaches are and why they are so problematic.
What is a Data Breach?
While it may seem like a complex concept, once the jargon is removed, a data breach is actually really straightforward to explain:
According to Trend Micro, a data breach is “an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner.”
And while data breaches can be the result of a technical or human error, a vast majority of data breaches are the result of cyber-attacks, where a cybercriminal gains unlawful access to sensitive system data. In fact, 92% of the data breaches in Q1 2022 were the result of cyberattacks.
What Kind of Data Can be Breached?
Cybercriminals look to get their hands on any information that they possibly can.
Ranging from more obvious sensitive information such as your financial records and employee personal data (ID numbers, bank details, cell numbers, physical address, etc.) to protectable business interests like trade secrets, product formulas, customer lists, price structures, operating procedures, etc.
What Are Some of the Tactics Used to Execute Data Breaches?
Cybercrime is getting more sophisticated each day. However, cyberattack tactics do NOT have to be cutting-edge or advanced in order to be effective.
Here are a few examples of popular tactics used by cybercriminals:
- Phishing: Phishing is when a cybercriminal pretends to be a legitimate party in hopes of tricking an individual into giving them access to personal information. Phishing is one of the oldest tricks in the book for cybercriminals but it is just as effective as ever. For example, 80% of security incidents and 90% data breaches stem from phishing attempts.
- Malware: Another tried-and-true method for cybercriminals is malware. Malware is malicious software that secretly installs itself on devices – often by way of a user engaging with fake links and content – and quietly gains access to the data on an individual’s device or a business network. Ransomware is one example of malware.
- Password Attack: Through password attacks, cybercriminals look to gain access to sensitive data and networks by way of “cracking” user passwords and using these credentials to get into networks and extract data from a given network.
How to Stop a Possible Breach?
The best way to stop a data breach is to stop it before it even starts. This includes taking steps from making sure passwords are long and complex to reporting suspicious emails and avoiding shadow IT. If you do suspect that you have been the victim of a data breach, immediately contact your IT department or managed IT services provider to notify them and follow subsequent protocols to help them scan, detect, and remediate any issues that exist.
Read More:
Backups & Data Protection for SMBs in South Africa – What You Need To Know
Book A Free #CybersecurityAwarenessMonth Consultation for Your Business
iSite Computers is a specialist Managed IT Services Provider. Our expert-led cybersecurity team helps small to medium-sized businesses in South Africa proactively prevent, monitor, and mitigate data breach threats across their organization.
Start the conversation with us today to learn more.
Book a free 30/60-minute consultation and we’ll assess your current cybersecurity posture with no further obligation. Call us directly on 031 812 9650 or email rd@isite.co.za.
0 Comments