Cybersecurity threats continue to evolve. In its 2018 Cyber Incident Breach Trends Report the Online Trust Alliance (OTA) listed some of the latest trends. The report found that 95 percent of all breaches could have been easily prevented through simple and common-sense approaches to improving security. The following are some of the more prevalent cybersecurity threats.
Cloud Data Compromises
With many businesses relying on cloud storage for sensitive data, the number of breaches is on the increase. Though there are many actual attacks such as the recent Capital One incident, many cybersecurity threats are the results of misconfigured cloud services. This results in data being left open to the Internet. Configuring data storage correctly is essential for data security!
Cybersecurity Threats via Third Parties
Often cybersecurity threats can originate through compromised third-party website content, vendors’ software or third-parties’ credentials. Though these types of attacks are not new, they have been on the increase of late. The most notable 2018 attack was Magecart, which infected the payment forms on more than 6,400 e-commerce sites worldwide.
Business Email Compromise (BEC)
BEC uses email to deceive employees into sending funds or gift cards to attackers who impersonate vendors or executives. This resulted in $1.3 billion in losses in 2018. These attacks have been targeted at businesses of all sizes including non-profit organizations like churches.
Cybersecurity Threats are Avoidable
The OTA report found most cybersecurity threats could have been prevented. In fact, 95 percent of breaches that occurred in 2018 could have been mitigated through simple and common-sense approaches to improving security. Developing and maintaining cybersecurity programs that can evolve to meet the changing nature of threats is essential. An effective ISO 27001 Information Security Management Systems (ISMS) is an excellent solution that involves all segments of a business to ensure that processes are in place to protect sensitive information.
CVG Strategy ISO 27001 consulting services help organizations plan, create, upgrade, and certify a robust and effective Information Security Management System (ISMS). Because our team of experts bring extensive experience and deep information security process control expertise (including certifications as Exemplar Global Lead Auditor ISO/IEC 27001:2013 Lead Auditor) we can help you achieve ISO/IEC 27001 certification on time and on budget.