Smaller Organisations Increasingly Vulnerable To Cyber Attack

Small to medium sized organisations were the prime target of cyber criminals in 2018 according to a recent report by cyber security firm 4iQ.

14.9 billion identity records were stolen and flouted on the surface, social and deep and dark web. This represents a 71% increase in stolen data circulating on the internet compared with the figures from 2017.

These figures are still extremely concerning, and the 12,449 breaches and leaks represent a 424% increase in new breaches when compared with 2017’s statistics.

In part, cyber criminals have started accessing digital weaknesses in small and medium sized organisations, with each leak/breach averaging 217,000 pieces of data which was 4.7 times smaller than the average breach in 2017.

However, some of this breached data may be made up of historical breaches as when the data was cleansed and assessed, 3.6 billion of the 14.9 billion identity records were new and authentic. Despite this smaller number, it still equates to a 20% increase in stolen materials when compared with the year previous.

The report also highlighted that cyber criminals are becoming more sophisticated with how they use the data they steal. Sensitive Personally Identifiable Information (PII) that was stolen from organisations is being combined with data that is open to the public to help improve the legitimacy of impersonation fraud, social engineering and phishing attacks. Similarly, it is clear that hackers are increasing their bank of stolen passwords as they continue to sell ‘combo lists.’

The 4iQ report, The Changing Landscape of Identities in the Wild: The Long Tail of Small Breaches, stated: “Small businesses and suppliers for large companies present weak links in the value chain — they have little to no cybersecurity budgets and are far less able to secure themselves from increasingly organized hackers who are systematically targeting them. Not surprisingly, in 2018, we saw a significant increase in the number of attacks on small entities.

“Each time a combo password collection is repackaged, new credentials are added to increase the total size, and each new package fuels renewed credential stuffing and account takeover attempts. Combo lists containing 1.82 billion credentials resurfaced throughout 2018 and in early 2019.”

Monica Pal CEO of 4iQ, commented: “As our personal data continues to get exposed and circulated in underground markets, the problem of identity-based attacks is only growing. Consumers need to do what they can to prevent problems, like enable two-factor authentication, use a password manager, etc. but then they also need to take a proactive approach to protect themselves by signing up for identity theft protection services which include exposure alerts and help with remediation and insurance.

“In addition, companies should look out for their customers by using this information to neutralize exposed identity information before it can be used for account takeover and detect identity theft and fraud before it becomes a bigger problem.”

Does your law firm have a robust cyber security plan to prevent your firm’s data from being stolen and flaunted on the dark web?