How Are Cybercriminals Stealing Business Data?

Thinking of business cybercrime risk as something that is created by cybercriminals targeting your business directly doesn’t give you a complete picture of your company’s real dangers. You’re not getting a clear view of your actual risk unless you add another factor to the mix – the risk to your business that comes from cybercriminals stealing business data from other businesses. More than 90% of companies experienced a data breach in the last twelve months because of supply chain cybersecurity weakness – and you certainly don’t want to join them.

Step Back and See the Whole Picture

It’s easy to forget about things that aren’t immediate threats when you’re running a business. That’s why getting expert help to create your business cybersecurity plan is so valuable. Did you know that in 2020, the rapidly shifting threat landscape resulted in an 85% overall increase in all categories of cybercrime for the year? Working with people who are both well versed in today’s cybersecurity threats and the solutions that are available to mitigate that risk will help you account for hidden risks that your cybersecurity needs to be prepared to handle.

One of those potentially hidden risks is also one of the most important things to account for in any business cybersecurity plan today, and it tends to get overlooked a bit – third party and supply chain threats. More than 60% of data breaches are a result of exposure through third party or supply chain risk. Your business can easily be impacted by this kind of breach – and that’s not a risk that any business can neglect.

It’s Faster and Easier Than You Think

How easily can one of your service providers or vendors have a cybersecurity incident like a data breach that puts your company at risk? Very easily. 

• On average, only 5% of companies’ folders are properly protected. 
• Data breaches exposed 36 billion records in the first half of 2020 
• About 60% of companies have over 500 accounts with non-expiring passwords 
• 41% of US companies allow employees unrestricted access to sensitive data
• A new cyberattack is launched every 39 seconds 

The danger to your organization is real, and it is growing. Not taking the right precautions against it can be devastating, as we recently saw in the federal hacking scandal. Every week we report on organizations The Week in Breach that were unfortunate enough to experience a data breach because of a third party incident, like the Blackbaud data breach that led to so many charitable foundations and trusts grappling with a surprise data breach in mid-2020.

How are cybercriminals getting their hands on your suppliers’ data (and yours)?  

Most commonly, through a ransomware attack. The favored weapon of many cybercriminals, ransomware is a fast, easy way for bad actors to make a profit from holding a company’s data or systems hostage until a ransom is paid or just stealing that data and selling it to the highest bidder. This form of cyberattack is a growing menace – ransomware attacks rose 148% in March 2020 alone.

The top 3 sectors that put your business at risk of data theft due to ransomware in 2020 

• Manufacturers experienced one-quarter of all ransomware attacks  
• Professional services companies clocked in at 17%, 
• Government entities took third place with 13%. 

Bolster Your Protection Quickly and Affordably

Adding strong mitigation against third party and supply chain risk doesn’t translate into having to blow your IT budget on things that just fight that problem. Find solutions that help you protect your systems and data from those risks as well as a host of other common cybersecurity pitfalls, giving you more for your money every time. Things like…

Secure identity and access management tools cited by experts as key security moves that add immediate protection for your business from third party and supply chain risks as well as other threats like credential stuffing.

Dark Web Monitoring enables you to get a clear picture of your company’s credential compromise threats from Dark Web sources, like lists of stolen passwords in Dark Web markets or data dumps, mitigating the risk of bad actors using a stolen password to gain access to your systems and data.

Phishing Simulations and Security Awareness Training improves your staff’s security awareness and increases phishing resistance, enabling them to sniff out suspicious messages, even if they look like they’ve come from a source like a trusted vendor that has unfortunately become a victim of business email compromise.