But have you taken into account the human factor?
The leading cause of malicious data breaches
New research analysing cyberattacks in more than 500 companies has pinpointed that the leading cause of malicious data breaches is misconfigured clouds.
What does that mean? It means a human slip-up when setting up the cloud platform that stores all your data. Rapid digitisation has driven massive increase in the use of cloud-based applications and storage. The wonderful thing about the cloud is that it is accessible, flexible and shareable. However, if misconfigured it leaves systems wide open to attack.
So while the cloud makes it brilliantly easy to store information and share it, it is so easy that simply ticking a single wrong box during set-up can lay all your data open to hackers who have the skills to get past a minimum level of security. Which is virtually all of them.
Waiting for mistakes
If you have a strong stomach, search “AWS S3 data breach buckets” and you will come up with 6.7 million examples of where hackers have just waited for mistakes in configuration to release sensitive data.
In fact, 70% of the causes of malicious data breaches are now about the way in which technology is implemented rather than the effectiveness of the security products themselves.
Top causes of malicious cyberattacks
The alarming breakdown is as follows:
- Cloud misconfiguration – 19%
- Compromised credentials – 19%
- Vulnerability in third party software – 16%
- Malicious insider – 7%
- Other system or configuration error – 6%
- Social engineering – 3%
Compromised credentials occur when your staff or your suppliers’ employees accidentally or intentionally give away their login details, usernames or passwords.
Combating third party cyber risk
Vulnerability in third party software is another open goal for the hackers. It only takes a mistake by one of your suppliers for cyberattackers to have a route right into your business via all those efficiency-gaining systems you share. Your business is only as strong as its weakest link.
So monitoring and assessment of supplier security maturity is essential. Malicious data breaches can no longer be combatted by higher firewalls. CISOs need to look at the way their security is implemented, the behaviours that manage it and how risk is understood across the whole company.
Of course, it is vital to match effort and cost to degree of risk, focusing your limited resources on the suppliers that present the most danger to your business. That is the value of C2 Cyber’s proprietary COBRA platform, which identifies the supply chain risks that pose the greatest threat.
C2 Cyber are experts in cyber security and vendor risk management. To protect your business from cyberattack, call us today on +44 (0) 20 7965 7597.