We live in a digital world, and whilst that provides us all with convenience, connectivity, and a host of other benefits - it also leaves us open to digital dangers such as cyberattacks. Even with the strongest passwords and multiple verification steps, cyberattackers will still find a way to lift data and use it to their advantage. It isn’t just big organisations that are under threat, either.
The average person is also at risk of their data being breached - so why is this phenomenon happening even more in 2024 than ever before?
“The number of attacks targeting web applications and application programming interfaces (APIs) has increased significantly. Barracuda mitigated more than 18 billion attacks against applications during 2023, including 1.716 billion in December alone.
Web applications are computer programs that are accessed through a web browser. Good examples are Microsoft 365 and Google Docs/Gmail. Web applications offer many business benefits, such as speed, compatibility, and scalability.
They are also a prime target for cyberattacks. According to the latest DBIR, web applications were the top action vector in 2023, used in 80% of incidents and 60% of breaches.” - Security Brief
This raises the question as to why cyber threats are becoming the norm. Are we behind on verification technology to help us fight these? Is the internet becoming unsafe? Or, are we simply living in an age where we must protect our online business just as much as we would our homes?
Do we have to bolt the metaphorical doors and lock windows shut in the online world to simply stay safe?
For many of us, we grew up with the internet being a place that you visited. Whether that was on your home computer or going to a library to “log on” - going on the internet was very much like going to a shop or going to the petrol station.
It wasn’t present in our everyday lives, instead, it was a hobby or something “to do”. Now, the internet is omnipresent in every part of our lives, from our day-to-day jobs to our phones and watches paying for our everyday things. We live in a digital world, rather than a world where digital connectivity plays a miniscule part.
“The Internet was no longer concerned with information exchange alone: it was a sophisticated multidisciplinary tool enabling individuals to create content, communicate with one another, and even escape reality. Today, we can send data from one end of the world to the other in a matter of seconds, make online presentations, live in parallel “game worlds,” and use pictures, video, sound, and text to share our real lives, our genuine identity. Personal stories go public; local issues become global.” - BBVA
What industries are under threat and why?
Every industry can be threatened by Cyberattacks, but three key industries seem to crop up regularly: Government, Healthcare, and Technology.
So, why are these industries targeted?
Without getting into the intricacies of each industry, all three of these share one similarity: the richness of their data. Particularly within government organisations and healthcare, you’re often dealing with sensitive data and, in some cases, life-saving data. This is a hotspot for attackers because they know that they can either lift this data for personal gain or restore organisations they’ve attacked for a payout.
Case study: Anthem Inc. attack 2015
“The Anthem, Inc. attack occurred between December 2, 2014 and January 27, 2015. It was and still is the most prolific healthcare data breach reported in the United States. Anthem is a large U.S.-based health insurance provider.
The Anthem attack occurred due to a phishing email, according to CMS OCR. From there cyber criminals were able to gain a foothold in their computer network and steal almost 79 million records, including all patient records and health insurance information.
As a result of the attacks and subsequent data breach, Anthem was fined $16 million by CMS OCR. It also paid $39 million to States’ Attorneys General across the U.S. Anthem also reached a $115 million settlement in a class action suit for the data breach. That’s a whopping $1.46 per affected person, if ignoring attorneys’ fees, for having their entire identity stolen due to reportedly egregiously lacking controls.” - Network Assured
This is an excellent example that shines a light on the financial and also emotional implications of a cyberattack in the healthcare industry.
What can businesses do?
Each business has an individual responsibility to ensure that the data they possess is being stored safely and securely. There’s no perfect formula that we can suggest, either - as it’s completely dependent on what systems you use and how many employees you have. However, the bottom line should be regularly looking at your security systems and ensuring that you are following basic best practices.
For example:
-
Shredding:
Although many businesses are paperless, don’t underestimate the danger that can be associated with printed documentation. Ensure that shredding and correct disposal of any information associated with your organisation is thorough.
-
Password-protected documents:
No matter how big or small, you should consistently have oversight on who has access to important company documents. These documents should always sit behind a password wall, and only be shared with selected individuals to reduce the risk of valuable information being leaked.
-
Train staff on cybersecurity basics:
Teaching employees how they should store data, especially using company technology, is crucial. From how to use their phones to e-mails and online documentation, there should be basic cybersecurity training to ensure employees are just as aware.
What can individuals do?
As an individual, there are a few things you can do to protect the information that you have online:
Step 1: Two-step verification
Ensure that you have two-step verification on as many logins as possible. Not only does this give you an extra layer of security, but it also gives you peace of mind. If you were to be locked out of an account, it’s down to them failing the verification rather than them having access to your data.
Step 2: Never share your passwords with anyone
This goes without saying, but do not share your passwords. Your data is your data, and you should never be pressured to share sensitive information such as passwords with anybody. There are applications you can put in place to allow shared access to accounts without compromising your password.
Step 3: Update your passwords regularly
You should aim to refresh your passwords annually across all platforms. Avoid using the same password for everything, and ensure that you have your password stored in a safe place where it cannot be accessed by anybody.
