0

Keeping Safe this National Computer Security Day

Keeping Safe this National Computer Security Day

Black Friday and Cyber Monday really ramp up the holiday shopping season with customers looking to find the best deals. However, this is the opportune time for cybercriminals to make their move. November 30 is National Computer Security Day, and with it being right in the middle of the busiest shopping days of the year, this our reminder to remain vigilant online.

Author: Shannon Dority, Marketing Manager iStorage

Since 1988, National Computer Security Day brings attention to our safety when navigating the World Wide Web. As our lives have become increasingly online, so have criminals migrated to the digital era. With the holidays around the corner and busiest online shopping days ahead of us, it important to remain vigilant of cybercriminal tactics and remain cyber safe. Cybercrime is only on the rise and the statistics of 2024 only confirm these findings. We have provided 10 cybersecurity statistics from this year, alone with some resources to help you remain safe not just during this holiday season, but throughout the year.

10 cybersecurity and crime statistics for 2024

- 2,200 cyber attacks happen per day, with a cyber attack happening every 39 seconds on average (Astra)

- 88 percent of cybersecurity breaches are caused by human error (Stanford)

- MyDoom was the worst email virus in history, causing $38.5 billion in damage (National Today)

- In a 2024 breach, over 560 million Ticketmaster customers had their information stolen (BBC)

- Around 300,000 Android users have downloaded banking trojan apps via the Google Play Store (Threat Fabric)

- $2.73 million is the average cost of a ransomware recovery in 2024 (Sophos)

- Phishing attacks account for more than 80 percent of reported security incidents (CSO Online)

- DDoS-Attack-as-a-Service is being advertised on the dark web for $20 per day to $10,000 per month (Kaspersky)

- In the first half of 2024, data breaches exposed over 7 billion records (IT Governance)

- It is predicted that over the next two years, 45% of global organisations will be impacted in some way by a supply chain attack (Gartner)

Resources for staying safe online

We have created a number of resources with tips and tricks to help you stay cyber safe. Visit our links below to learn more.

3-2-1 Back Up Strategy

Catching the Phish

Cyberattack Preparedness Plan

5 C's of Cybersecurity

Have a Holly Jolly Cyber Safe Holiday

iStorage | Kanguru

We have a wide range of products that can suit those on a budget, with some of our hardware encrypted products starting at only £49, to desktop drives holding up to 24 TB to store both your personal and company’s most vital data in an ultra-secure, offline device.

Our diskAshur3 range boasts the most advanced security features, recently passed the CAVP (Cryptographic Algorithm Validation Program) testing as part of the FIPS 140-3 Level 3 validation scheme that the products are currently being evaluated against. This includes three encryption modes (patent pending), and user-configurable PINs ranging from 8 to 64 digits. The new range incorporates all the essential features of other iStorage products such as ease of use, platform independence and tamper-proof sleek designs.

And our unique and patented iStorage cloudAshur hardware security module is the perfect solution for anyone wanting to securely store, share and manage data in the cloud. cloudAshur can also be used to encrypt data stored on a network drive, on a local PC/MAC and to send encrypted email attachments or data via file sharing software applications eliminating all the security vulnerabilities that exist with cloud platforms, such as lack of control, unauthorised access and human error.

Our latest products from Kanguru deliver a wide range of flash drives, hard drives, SSDs, NVMe and other ideal data storage products. Whether you are looking for the best military grade, FIPS Certified, TAA Compliant, GDPR hardware encryption products and remote management for your high security organisation, or just a simple data storage solution for the home, Kanguru has many flexible options to choose from. Kanguru also specialises in duplicators for Hard Drives, SSD, NVMe, DVD, Blu-ray and USB duplication for all types of cloning jobs whether extensive, simple one-offs, or with secure erase for meeting GDPR standards.

If you are looking to take control of your data and keep it out of the hands of cybercriminals not just during the holidays, but year-round, speak to one of our company representatives now to see what would be best for you.

Check out our range of products

You may also be interested in

Check out our latest blog posts.

Have a Holly Jolly Cyber Safe Holiday

Have a Holly Jolly Cyber Safe Holiday

With the holiday season fast approaching us, online retails are expected to see an increase in activity from consumers. But as consumers rush to get their shopping completed, cybercrime significantly rises during the holidays.

Author: Shannon Dority, Marketing Manager iStorage

E-commerce has grown significantly in the last 5 years. In 2023, it accounted for 19% of global sales and it is estimated to grow to more than 25% by 2027. This trend intensifies during the holidays season, as consumers look for the best deals to finish of their shopping lists. However, in the frenzy that surrounds the holiday season and end of the year, so follows are the rise in cyberattacks for both consumers and businesses.

The heightened emotions of the holidays, especially with consumers, is what cybercriminals are banking on. Alongside this, a large portion of staff members take holiday or WFH during this time of year, leaving businesses more vulnerable to attacks and with less staff to act in a timely manner. These combinations make not only companies, but individuals more vulnerable and less responsive to cyberattacks.

The Cybersecurity and Infrastructure Security Agency has stated that “Cyber criminals may view holidays and weekends – especially holiday weekends – as attractive timeframes to target potential victims, including small and large businesses.”

Just because it is the holidays does not mean cybercriminals are taking a day off, they are working 24/7/365. So how can you keep both yourself and your business safe so you can enjoy the holiday season? Alongside adopting good cybersecurity practices, here are some other threats to keep an eye out for to remain safe.

Keep out an eye for holiday cybercrime

Phishing and ransomware increases

Malicious emails drastically increase around this time of year, with reports finding around at least 150% above average. An increase in ‘too good to be true’ emails and typosquatting (the use of commonly mistyped domains to impersonate retailers) lure in unsuspecting consumers who are looking for a good bargain. Cybercriminals like to take advantage of both time sensitive offers and the emotions of the holidays, so be sure to double check the source of the email, especially if it is too good to be true.

Malicious gift cards

Gift cards are a common gift during the holidays, but they are also an increasingly common way cybercriminals gain access to their victims’ data. Cybercriminals will likely impersonate a colleague or family member, either giving them a gift card or requesting them to make a gift purchase.

Fake charities

In the season of giving, many people will make generous charitable donations and cybercriminals exploit this. Before making any donation, double check both the link and the website to ensure your money is going to a credible charity organisation. If you are a still unsure, it is always best to contact the charity directly to discuss the correct links to make your donations through.

Don’t let cybercriminals steal your holiday cheer

Stay vigilant and check the source.

Remember that cybercriminals feed off the emotions and fast-paced environment that surround this time of the year. With phishing and ransomware on the rise alongside ecommerce trends, it is important to take a step back and double check what you might be interacting with. Best rule of thumb - if it looks suspicious, you do not recognise the sender, or the offer looks too good to be true, do not click on the link or provide your information. Read our blog on phishing to learn more.

Practice good cyber hygiene.

Ensuring you are using strong and complex passwords, multi-factor authentication, and regularly updating your systems are the first wall of armour against cybercriminals. Your systems and data are only as strong as your defensives, so make you are making your systems as safe as possible from being attacked by cybercriminals.

Review your Cybersecurity Preparedness Plan

You might already have a plan in place and have run through practice scenarios of how to respond to specific incidents. But what do you do with less staff or more distracted staff during the holiday season? This would be a great time to review your Incident Response Plan (IRP) and decide on alternative measures that could be put in place during this time of year. This could be a temporary restricted access to sensitive information, increase in security patches, etc. Your business and your employees should enjoy the holiday season and not worry about cybercriminals taking advantages of these vulnerabilities, so updating your IRP to help have scenarios for the holiday season can help reduce the stress.

Back up your data!

Don’t skip out on regularly (aka daily) backing up your data. Following the 3-2-1 Back Up Strategy, ensuring you have multiple encrypted backups of your data and important files is an important safeguard in the event of a cyberattack. In an already stressful time of year, having data back-ups will help you save time and money in regaining access to critical information. A hardware encryption module to encrypt data stored in the cloud and/or an offline encrypted backup is an important option to include in your data hygiene practices, as it can provide that extra level of reassurance and security. Taking that critical extra step, in protecting your data by storing it offline in an encrypted flash drive or portable HDD/SSD, out of the hands of criminals, can act as an essentially unbreakable safe and can make the world of difference when you need to restore your data following a cyber or ransomware attack, especially during the holidays.

Stay Cyber Secure this Holiday Season

At iStorage, have a wide range of products that can suit those on a budget, with some of our hardware encrypted products starting at only £49, to desktop drives holding up to 24 TB to store both your personal and company’s most vital data in an ultra-secure, offline device.

Our diskAshur3 range boasts the most advanced security features, recently passed the CAVP (Cryptographic Algorithm Validation Program) testing as part of the FIPS 140-3 Level 3 validation scheme that the products are currently being evaluated against. This includes three encryption modes (patent pending), and user-configurable PINs ranging from 8 to 64 digits. The new range incorporates all the essential features of other iStorage products such as ease of use, platform independence and tamper-proof sleek designs.

And our unique and patented iStorage cloudAshur hardware security module is the perfect solution for anyone wanting to securely store, share and manage data in the cloud. cloudAshur can also be used to encrypt data stored on a network drive, on a local PC/MAC and to send encrypted email attachments or data via file sharing software applications eliminating all the security vulnerabilities that exist with cloud platforms, such as lack of control, unauthorised access and human error.

If you are looking to take control of your data and keep it out of the hands of cybercriminals not just during the holidays, but year-round, speak to one of our company representatives now to see what would be best for you.

Check out our range of products

You may also be interested in

Check out our latest blog posts.

5 C’s of Cybersecurity

5 C's of Cybersecurity

The constantly evolving digital and technological landscape today has made the rise in cyber threats a never-ending reality. As the global average costs of data breaches continue to rise each year, cybersecurity needs to be a top priority for both businesses and consumers.

Author: Shannon Dority, Marketing Manager iStorage

Cybercriminals are becoming more sophisticated and determined with their attacks to gain access to your data. This makes having a robust security framework a top priority in order to protect your valuable data. From start-ups to large corporations, and even the everyday consumer, following the 5 Cs of cybersecurity - Change, Compliance, Cost, Continuity, and Coverage – can give you the best defence in creating a strong safeguard against cyber threats.

Change

As technology and industry trends change, cybercriminals do so right alongside them. Being able to accept and respond to these changes has proven to not only give businesses a leg up in staying competitive in the market, but also against the evolving cyber threats they face. Routine software updates and network monitoring should be standard, along with conducting regular risk assessments in order to detect and protect from threats. Staying up to date with recent cybersecurity trends, and regularly training your employees will keep you one step ahead of cyberthreats.

Compliance

Several laws and regulations have been enacted with strict guidelines to ensure data security in recent years. GDPR, CCPA, NIS2 and DORA are just a few to mention, and there is the likelihood of more to come. Remaining compliant with all of the laws and regulation that apply to you is vital in showing not only your commitment to data protection, but can help to maintain brand reputation and customer trust. There is also a cost, as failing to comply can lead to hefty fines and other consequences that can negatively impact your business.

Cost

This covers both the investment in cybersecurity protection and the impact of a potential breach. It is all about finding the balance between the two, regardless of the size of your business. The questions you need to ask yourself is: what are you willing to pay - the cost of a breach that could reach in the millions, or invest a fraction of that to implement the correct infrastructure to protect yourself? Being proactive in your security measures can help mitigate the potential of breach and the financial repercussions that come along with it. It is important to not let the cost of cybersecurity measures sway you into making shortcuts, as this could cost you more down the line.

Continuity

Cyberattacks and data breaches are always a possibility, regardless of how many measure you put in place. Human error is the leading cause of a data breach, and even with the proper ongoing training, the potential of a breach is always lingering. Making sure that you can continue business operations in the event of a cyber attach is paramount. Having a proactive plan, such as a Cyberattack Preparedness Plan, can help you prepare for, protect against and minimise the impact of a cyber event.

Ensuring you have multiple encrypted backups of your data and important files is an important safeguard in the event of a cyberattack. These will inevitably help you to save time and money in regaining access to critical information and continuing business operations.

Using a hardware encryption module to encrypt data stored in the cloud and/or an offline encrypted backup is an important option to include in your business continuity plan, as it can provide that extra level of reassurance and security. Taking that critical extra step, in protecting your data by storing it offline in an encrypted flash drive or portable HDD/SSD, out of the hands of criminals, can act as an essentially unbreakable safe and can make the world of difference when you need to restore your data following a cyber or ransomware attack.

Coverage

This should be a comprehensive protection of all your assets, both digital and physical. Having cybersecurity insurance coverage will protect your business from the financial repercussions that can caused by potential breach. Deciding on the right coverage for your business should come from the risk assessment conducted, which will find which options are applicable to you. And as your business changes, this will need to adapt those ongoing changes.

iStorage

We have a wide range of products that can suit those on a budget, with some of our hardware encrypted products starting at only £49, to desktop drives holding up to 24 TB to store your company’s most vital data in an ultra-secure, offline device.

Our diskAshur3 range boasts the most advanced security features, recently passed the CAVP (Cryptographic Algorithm Validation Program) testing as part of the FIPS 140-3 Level 3 validation scheme that the products are currently being evaluated against. This includes three encryption modes (patent pending), and user-configurable PINs ranging from 8 to 64 digits. The new range incorporates all the essential features of other iStorage products such as ease of use, platform independence and tamper-proof sleek designs.

And our unique and patented iStorage cloudAshur hardware security module is the perfect solution for anyone wanting to securely store, share and manage data in the cloud. cloudAshur can also be used to encrypt data stored on a network drive, on a local PC/MAC and to send encrypted email attachments or data via file sharing software applications eliminating all the security vulnerabilities that exist with cloud platforms, such as lack of control, unauthorised access and human error.

If you are looking to take control of your data and keep it out of the hands of cybercriminals, speak to one of our company representatives now to see what would be best for you.

Check out our range of products

You may also be interested in

Check out our latest blog posts.

Cyberattack Preparedness Plan

Cyberattack Preparedness Plan

Preparing for a cybersecurity incident is a must in today's digital threat landscape.

You may also be interested in

Check out our latest blog posts.

Catching the Phish

Catching the Phish

Phishing is the most common form of cybercrime, making it a danger to both businesses and consumers. But as these types of attempts continue to evolve with technology, how can you spot these scams in order to keep you and your data safe?

Author: Shannon Dority, Marketing Manager iStorage

Keeping safe from cybercriminals is something we must do on the daily, as they are constantly looking for vulnerabilities to exploit to gain access to our data. Phishing is the most common form of cybercrime, which is explained as a social engineering scam where cybercriminals pose as a reputable source to get the victim to reveal important data. While phishing has predominately been related to emails and been easy to spot in the past (we all remember the Nigerian Prince), cybercriminals have grown more sophisticated alongside our technology. And the growth of gen-AI has evolved phishing into becoming more sophisticated attempts that can are growing at a rapid rate.

So as cybercriminals evolving their phishing tactics, how can you spot an attempt, keeping yourself and organisation safe? We will go through each form and the signs to look out for to avoid becoming a victim to their schemes.

Email Phishing

Email phishing remains the most common form of cybercrime, with 75% of cybersecurity threats arriving through this channel and an estimated 3.4 billion spam emails sent out each day. This makes spam emails the biggest cybersecurity risk to both businesses and consumers. But despite how much we believe we know about these emails; they still manage to catch out millions of people each year. Aside from the traditional poor grammar and spelling, here are some other ways to spot a phishing email:

Check the email domain

Double check the domain of the sender. Spam emails will have a clue hidden within the domain. Sending from a popular used domain (@gmail.com) is a strong giveaway that the email is spam, as legitimate businesses will have their own domain. But the harder one to find are spammers who grab hold of a similar domain. Check for small spelling errors, as they will try to get the domain as close as possible to the legitimate one. When in doubt, don’t respond or interact with the email.

Watch for suspicious links and/or attachments

If there link or attachment that does not match the context of the body of the email, this is most likely a scam. One-way scammers get around this is by hiding the link in a button so you can’t see its full destination, so hovering over the button to view the link can help to verify if the link is legitimate. And if you are not expecting an attachment to be sent, or verify the sender, best not to leave it unopened.

Sense of urgency, especially from an executive

Acting on your emotions in the sense of a perceived emergency is what scammers want, especially if they can convince you it is from someone of high importance like a company executive. While getting an email stating there is an emergency, either from ‘family member’ or ‘boss,’ will make you want to take immediate action to help, it does go a long way to take pause and access the situation. Is there another way to get hold of that individual to check the validity of the situation? Is the email domain legitimate? Taking pause to double check these few aspects can help you from becoming a victim to their scam.

It’s too good to be true

Just like feeding into your emotions with a sense of urgency, scammers also play on our emotions of the euphoria of winning a of type of reward. Unless you are familiar with the recipient, remember entering in a legitimate content/giveaway, there is a high likelihood of this being a scam.

Smishing and Vishing

With around 3.5 billion smartphones being used worldwide and growing each year, cybercriminals have evolved in their attempts to exploit their users through their devices. This has evolved to Smishing (SMS phishing) and Vishing (voice phishing, considered the modern spin on the traditional telephone scam). Similar to their email counterparts, both forms often impersonate a trusted source to deploy social engineering tactics to trick the receiver into clicking on the link to install malware or answering questions that divulge personal information that they can use and exploit.

The move towards utilising smartphones seems practical from the cybercriminal’s point of view, as SMS has around an average 98% open rate (with email only having an average of 20%) and around 60% of people reading text messages within 5 minutes of receiving them. The tactics they deploy are similar email scams, here are a few more things to look out for.

Don’t recognise the number(s)

Unfortunately, these scammers can be relentless in their constant calling and texting. Many times, they will call from different, yet slightly similar, numbers in the hopes of getting you to pick up the phone. If you don’t recognise the number, do not answer the phone or respond to the messages they send, and block the numbers if you can. It can be obnoxious with the number of calls and messages they send, but not responding will likely make them move on in the long run.

Claim to be from an official source

This most common scams pretend to be a bank, phone or energy provider, but the list of who they claim to be are endless. However, some companies have policies in place where they will never directly ring or text their customers, so it is important to understand what these are. If you are unsure, you can call up the official numbers on the company’s website and ask them directly how they will directly contact their customers. Many companies now have strict policies about never directly calling their customers under any circumstance, so having this knowledge will help keep you safe from these scams.

Asking for confirmation of details

While legitimate establishments that will ask you to confirm your identity in order to discuss your accounts, scammers will also use this tactic to gain your personal information to manipulate. But this information will be very specific to the company you are calling and even then, this will have all been discussed when creating your account. A big red flag is if they call you and then ask you to confirm your information, this is highly likely a criminal trying to gain your information.

Use of an intimidating or forceful tone or language

This form of scare tactic has been most often associated with people being tricked into thinking they owe a payment and some sort of legal action, or severe consequences will be taken towards them. The criminals are feeding off your fears and emotions into tricking their victims into ‘paying a fine’, giving them not only access to their financial information, but other personal information they can exploit. They can also be very pushy into trying to perform a task in a quick manner. Most people will feel uneasy during these exchanges, trust those instincts, disconnect the call and report the number to the correct officials.

Quishing

Quishing is the use of QR codes to instigate a cyberattack by taking their victims to a malicious website to download malware and/or gain sensitive information. QR codes have become increasingly popular since the pandemic as a contactless way for individuals to consume information and purchase goods. Many restaurants, bars and pubs used QR codes to allow guests to load their menus to help with social distancing and have since kept them as part of the customer experience. But they have also grown in popularity for cybercriminals to manipulate from their unsuspecting victims. These codes can be found out in public or sent via post or email. So how can you keep safe from a QR code scam? Here are some things to consider before scanning.

Only scan QR codes from trusted sources

If the code seems out of place or context, maybe give it a pass. Most of the time companies will also give tell you the web address so, if you're unsure, type that into your browser instead of scanning the code. Something to consider with QR codes in public is to check that something hasn’t been placed over the original code. For example, a criminal might place a similar looking QR code on top of the code at a restaurant table, where guests could be expecting to scan to order, and no one would think any different. Double checking that the code has not been tampered with can help keep you safe from a potential cybercrime.

If in doubt, use an app instead

Depending on where the code is, some establishments might also have an app that can accomplish the exact same goal intended. Using the app or directly going to their website can help to keep you safe and prevent your information from being stolen.

Keep your mobile devices up to date

Smartphones and their apps will have regular updates to help not only with their usability, but to help with updating the security features on the device. Just like with your main computer, do not put off updating your device features, as it can be that extra layer of protection against malicious actors.

Unfortunately, phishing is growing and becoming more sophisticated with cybercriminals. But staying vigilant, keeping up to date with cybercrime statistics, and practicing good digital hygiene will help to keep you safe from being the potential victim of a cybercrime.

Check out our range of products

You may also be interested in

Check out our latest blog posts.

3-2-1 Back Up Strategy

3-2-1 Back Up Strategy

Attributed to photographer Peter Krogh, his rule has become the baseline for data protection and recovery. This strategy helps to ensure you will always have access to your data.

You may also be interested in

Check out our latest blog posts.

Cybersecurity Awareness Month 2024

Cybersecurity Awareness Month 2024

With October focused around Halloween and all things spooky, the month also is centred around raising awareness about the importance of cybersecurity. iStorage is proud to be participating as a Cybersecurity Awareness Month Champion Organisation with the National Cybersecurity Alliance.

Author: Shannon Dority, Marketing Manager iStorage

cybersecurity awareness month

iStorage Group Expands Global Reach with Strategic Acquisition of Kanguru Solutions

iStorage Group Expands Global Reach with Strategic Acquisition of Kanguru Solutions, Creating a Secure Data Powerhouse

London, United Kingdom, 24 September 2024 – iStorage Group, a leading innovator in hardware-encrypted data storage and cloud encryption solutions, proudly announces its acquisition of Kanguru Solutions, a U.S. based leader in high-security data storage drives, duplication systems, and remote management software.

DORA, are you ready for it?

DORA, are you ready for it?

The Digital Operational Resilience Act comes into force across the EU on 17 January 2025, aimed at strengthening cybersecurity across the financial industry. Failure to comply will result in severe fines and risk of reputation. Here is what financial institutions and ICT providers need to know in order become compliant with the new regulation.

Author: Shannon Dority, Marketing Manager iStorage

Digital Operational Resilience Act

As part of creating a risk assessment process, organisations will need to conduct an impact analysis to demonstrate how specific scenarios of severe disruptions might affect the business. These include incidents such as ICT service failures, natural disasters and cyberattacks. Data backup and recovery measures, system restoration processes and plans for communicating with affected clients, partners and the authorities must be included as part of these plans. There is not a one-size-fits-all method for how this needs to be conducted, as requirements will be proportionate to the size of the business. But regardless of size, businesses will need to demonstrate their cybersecurity measures they have in place to prevent these instances, as well as have an effective plan in place to recover quickly in the event one does occur.

With data backups being a crucial part of the DORA regulation, an important way organisations can demonstrate operational resilience is by making data backups a daily task. Having multiple encrypted backups of your data and important files is a crucial safeguard in the event of a cyberattack and/or disruption, helping to save time and money in regaining access to critical information and getting your business back up and running. Using a hardware encryption module to encrypt data stored in the cloud and/or an offline encrypted backup is an important option to include in your data hygiene practices, as it can provide that extra level of reassurance and security. Taking that critical extra step, in protecting your data by storing it offline in an encrypted flash drive or portable HDD/SSD, out of the hands of criminals, can act as an essentially unbreakable safe and can make the world of difference when you need to restore your data following an ICT service failure, natural disaster, or a cyberattack.

Data breach costs continue to rise

Data breach costs continue to rise

IBM’s latest report found that the current global average cost of a data breach is $4.88m (£3.82m) in 2024, a 10% increase from 2023, and the highest it has been since the pandemic. What do the findings tell us and what can your business do to prepare for a digital natural disaster?

Author: Shannon Dority, Marketing Manager iStorage

Data is the lifeblood of modern-day business, providing all the vital information necessary to operate and thrive. Its invaluable nature not only makes it indispensable to organisations but has made it the prime target for cybercriminals to attack, steal and exploit. And they are not slowing down anytime soon, making data breaches the natural disaster of the digital ecosystem. This means businesses need to step up their data protection game to keep control out of the hands of cybercriminals.

What the results tell us

IBM’s Cost of a Data Breach Report 2024 surveyed 604 companies that experienced data breaches between March 2023 and February 2024. 70% of the companies report significant or very significant disruption following a breach. The knock-on impacts of business disruptions and post-breach responses - such as the inability to conduct daily operations, sales, manufacturing shutdowns, payment of regulatory fines, class action lawsuits, lost customers and damaged reputations - have all directly led to the cost increase. 63% of organisations planned to increase the cost of their goods or services due to the breach, furthering the knock-on impact directly to customers in an already competitive market.

Healthcare, while seeing a 10.6% average decrease, remains the industry experiencing the costliest breaches at $9.77m (£7.65m). Financial and Industrial followed behind, with both seeing average cost increases of 4% and 18% respectively. These industries remain a target for cybercriminals due to their existing technology infrastructure and the high level of vulnerability they are likely to experience in the event of a cyber-attack. On top of that, 35% of attacks involved shadow data (data residing in unmanaged data sources) and took on average longer to detect resulting in higher costs.

Malware and criminal activity in the form of phishing or stolen/compromised credentials remain the most prevalent root cause for data breaches. However, destructive and exfiltration attacks proved to be more costly as they cause longer lasting and expensive business damage. Skill shortages, lack of adequate training, and overly complex security systems have also contributed to higher data breach costs, jumping to 53% in 2024 from 42% last year.

Moving Forward in the Digital Ecosystem

There are two main questions you need to ask yourself.

1. Are you prepared for the looming digital natural disaster that can strike at any time?
2. What are you willing to pay - the cost of a breach that could reach in the millions, or invest a fraction of that to implement the correct infrastructure to protect yourself?

Cybercriminals are becoming more organised and sophisticated in their attacks, and the evident rising costs of data breaches means businesses need to take both preventative and preparatory measures to combat increasing cyber-attacks. Having a plan in place in the event of a large-scale attack and preparing for the worst-case scenario can put businesses at an advantage in the event of a breach. Similar to having a natural disaster plan in place if you live in an area prone to them (hurricanes, earthquakes, etc), businesses need to have a similar plan in place for their digital infrastructure. A data breach is a digital natural disaster that everyone needs to be in preparation for because it is no longer the case of ‘IF’, but ‘WHEN.’

It is important to know your entire data ecosystem to have a successful security approach. Security and IT teams must also assume that there is unmanaged (shadow) data that has not been accounted for or disclosed. Around 40% of all breaches involved data distributed across multiple environments, such as public clouds, private clouds and on premises. Knowing where your data is distributed and stored at all times can help to prevent, identify and contain breaches with minimal disruptions.

One positive that came from the report was that 63% of the company’s that fell victim to ransomware attacks did not pay the ransom in the end. This means that they either had backups and/or controls in place that protected their data from being encrypted and were able to restore their operations. Ensuring you have multiple encrypted offline backups of your data is an important safeguard in the event of a cyberattack, helping to save time and money in regaining access to critical information and getting your operations quickly back in action.