More than 25,000 cyberattacks in The Netherlands in 2023? What you need to know
Nick Derks
Enterprise Security | Data & AI | Security Datalake | Automation | Cloud Security | Cyber Security | EDR, XDR, MDR for Endpoints, Cloud & Identity
A recent article in the Dutch online paper nu.nl has confirmed what many readers already know too well: cyberattacks are worryingly common, and organisations often struggle to cope with this reality.
Anyone can fall victim to a data leak, and when data leaks affect the supply chain, the effects are multiplied. Numerous organisations can suffer a loss of reputation – even though there’s little they can do to avoid it.
In this newsletter, we’re going to get to grips with this widespread issue and define the steps your organisation needs to take to protect itself from cyberattacks and data leaks.
How many?
Last year, a staggering 25,694 data leaks were reported from Dutch organizations alone. These leaks led to the personal data of 20 million people becoming exposed.
Data leaks can happen accidentally, but a cyberattack (e.g.: ransomware, extortion) is a common source of this problem.
Indeed, a recent Duke CFO Business Outlook Survey revealed that more than 80% of firms have been hacked, and our own research has unveiled that 48% of businesses experienced a ransomware attack just in the last year.
A problem that must be tackled head-on
So, what’s the damage?
It is always very hard to put a price tag on an attack. According to Statista the price tag per attack is US$4.45 million, on average. For critical industries like healthcare, the cost can be far more.
However, I think that the greatest loss is trust and reputation, which may be impossible to rebuild.
Ransomware remains a persistent threat, not only disrupting business operations but also leading to data leaks when organizations refuse to comply with demands. Alarmingly, these attacks are increasingly coupled with extortion tactics, where threat actors threaten to release sensitive data.
Many of these attacks originate from Advanced Persistent Threats (APTs) as part of an ongoing campaign of state-sponsored cyberwarfare. Given the global situation, these look to continue and intensify in the coming years, putting more companies at risk, as they get caught in the crosshairs of geopolitical ambitions.
Organisations must be aware of the facts and know how to act.
Fact 1: Most organisations significantly underestimate the threat
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, or AP) has the responsibility of ensuring that organisations meet their legal obligations with personal data in line with GDPR.
However, the AP is deeply concerned about the state of preparedness for cyberattacks. According to Dennis Davrados of the Data Protection Authority (AP),
“Companies and organisations often underestimate the risk of a data breach… More than half of all affected organisations do not inform customers about the data breach. This is very concerning.”
Despite having the power to levy fines, the Data Protection Authority didn’t issue any last year to encourage reporting. That’s how bad it is.
Fact 2: Data leaks cost businesses and their customers
In the case of ransomware attacks, paying a ransom is not guaranteed to prevent the leak of data or its destruction. The costs can be ‘double’ in such cases.
Unfortunately, when data leaks occur it’s often the customer who really feels it. They’re the one who must fend off phishing emails, scam calls, and other malicious attempts.
And some of those customers will fall victim to phishing attempts, potentially allowing access to their own systems – and continuing the cycle of misery even further.
领英推荐
Fact 3: Many organisations don’t know how to respond
As the Data Protection Authority made clear, organisations are frequently not fulfilling their obligations by adequately reporting data leaks and other cyberattacks.
The reasons for this are complex, but it’s often because they don’t have a proper playbook in place for these kinds of situations. During customer interactions, I consistently emphasize the inevitability of cyberattacks. It's crucial for organizations to develop playbooks outlining protocols for handling such incidents. This includes defining responsibilities and practicing crisis management scenarios.
Despite the statistics, too many organisations see a cyberattack as an ‘unlikely event’ that would ‘never happen to them.’
Well, think again.
Actions you must take
Report breaches - Data leaks can happen without your knowledge, but as soon as you discover one you have a responsibility to report it. In principle, this should be within 72 hours.
To ensure that this occurs, you should ensure that you have the ability to detect data leaks through sophisticated tooling that picks up unusual access patterns or other behaviours.
Create a plan - Make a play-by-play plan that covers multiple scenarios, including a ransomware attack, data leak extortion, and accidental leaks.
Attackers count on the element of surprise to force a quick ransom payment, but paying out may still leave you vulnerable in other ways (such as hidden backdoors to your system). Having a plan already ensures that everyone keeps a cool head and follows a clear runbook.
Education - Make sure all relevant personnel are trained in how to spot intrusion attempts, what they need to do to protect data, and the importance of reporting.
Staff may be tempted to ‘brush it under the rug’ if they accidentally leak data themselves or discover a ‘limited’ cyberattack that hasn’t compromised core systems or highly sensitive company data.
Preventative measures – It’s essential your organisation takes steps to secure all endpoints and networks with a complete cybersecurity solution including these capabilities:
While a roll-back cannot undo a data leak, it can avoid the possibility of paying a ransom just to keep operating.
A roll-back can also eliminate backdoor access or other vulnerabilities installed by cyberattackers, provided you can trace these vulnerabilities with a clear timeline.
Want to learn more? Read the original news article from nu.nl here, or learn about the 7 most common ways an organisation can get infected by ransomware.
At SentinelOne, we constantly monitor the latest trends and tactics, so we can keep one step ahead and keep your critical systems running. Our platform uses its own dedicated AI to hunt for threats and to detect attacks using advanced behavioural analysis. Find out more about SentinelOne here.