This Cybersecurity Awareness Month, cyber breaches continue to undermine business security.

14th October 2021
Image

This month may be known as Cybersecurity Awareness Month but despite a growing understanding of the necessity of robust cybersecurity measures, and the threat posed by lax security, cyber breaches are escalating as a significant problem for most organisations. 

Cyber breaches continue to cost businesses millions of dollars in damages and harm to business reputation. 

According to the Cybersecurity Breaches Survey, over 39% of businesses reported an increase in cyber breaches or attacks over the past 12 months.  

A study from Thales and 451 Research further revealed that over 47% of businesses saw an increase in the volume, severity, and scope of cyberattacks in the past year. 

Among the different cyberattack techniques used, phishing and impersonation were the most frequent, with over 98% of attacks using social engineering methods. 

Why are cyber breaches increasing in frequency? 

The alarming rise in cyber breaches, particularly through social engineering attacks, indicates that employees and business leaders have not received the training that is needed to prevent attacks. 

Studies reveal that over 64% of respondents have no access to training, while 27% do have access to training but choose not to use it. 

The correlation between poor cyber training and rising social engineering attacks demonstrate that knowledge of data security is not as comprehensive as it should be.

Supplanting poor training for employees are poor security procedures, as research indicates that employees are not as vigilant about cybersecurity as they should be, especially given the rising threats in the landscape.

Just 46% of respondents say they use a different password for important online accounts, with another 20% reporting that they never change their password. 31% of businesses also rarely install software updates, which means that software containing valuable data may not have the necessary security updates to hinder cyberattacks or minimise the risks they pose. 

 

What can be done to mitigate the problem? 

The solution is to raise awareness amongst employees and make training resources more accessible and readily available to them. 

Cybersecurity Awareness Month is the perfect opportunity to raise awareness about the importance of security and cyberattacks, and take concrete steps towards training employees and reducing these attacks. 

Businesses should also consider upgrading their security tools to take a more proactive approach to vendor security. 

RiskXchange is the only 360-degree risk-rating solution that allows users to monitor their attack surface continuously to detect anomalies in real-time and reduce incidents of cyberattacks.

A new Wisconsin law could have ramifications on the way insurance companies and their vendors handle private data. Insurance companies must follow specific regulations to protect sensitive information, such as social security numbers and health-related information, when the new law is passed on the first of November.

Once the new law comes into effect, insurers must conduct a risk assessment, develop an information security program, create an incident response plan, and work with third-party providers to protect customer information.

Furthermore, if a cyberattack occurs, insurance companies must notify relevant parties within a specific timeframe. Insurance companies must inform consumers and insurance providers within 45 days of learning about the breach. They must also inform the Officer of The Commissioner of Insurance (OCI) of the cyber breach within three days. Moreover, if the attack affects 1000 or more consumers, they must inform consumer reporting agencies of the incident.

The new law, which has been in the works since 2019, highlights how national and local governments are placing greater emphasis on data security and are setting strict expectations over how insurance companies should be handling sensitive data.

If insurance businesses want to meet legal demands, they must work with third parties to create a secure environment that keeps data safe.

Why are governments cracking down on data security procedures?

Local and national governments are becoming more stringent about the way insurance companies handle sensitive data. The crackdown comes in the wake of several research reports showing that the healthcare industry is one of the most targeted industries for cyberattacks. Despite this, most parties involved do not have strict security measures to protect their data.

In addition, by encouraging insurance firms to take a closer look at their security, they must also scrutinise their vendors.

Insurance companies work with dozens of vendors that access sensitive data. If insurance firms are to conduct accurate risk assessments or develop suitable incident response plans, they must ensure that vendors meet high-security standards. To improve monitoring, they will need to invest in technology that would allow them to examine vendor security processes, especially when working with hundreds of vendors.

Enforce vendor security with RiskXchange

RiskXchange is the only 360-degree vendor risk management platform that allows businesses to protect their digital assets from cyber-attacks and third-party breaches by improving oversight into vendor infrastructure. The solution can help you oversee your attack surface, monitor vendor activity, and detect anomalies that indicate a cyberattack, all of which help you secure data, meet compliance requirements, and maximise vendor security infrastructure.