How cyberattackers get into your business

  • Home
  • /
  • Blog
  • /
  • How cyberattackers get into your business
  • Home
  • /
  • Blog
  • /
  • How cyberattackers get into your business
June 1, 2021

You may be a business that takes cyber security seriously – most of our clients do. You may have best-in-class technology and certificates of compliance.

But have you taken into account the human factor?

The leading cause of malicious data breaches 

New research analysing cyberattacks in more than 500 companies has pinpointed that the leading cause of malicious data breaches is misconfigured clouds.

What does that mean? It means a human slip-up when setting up the cloud platform that stores all your data. Rapid digitisation has driven massive increase in the use of cloud-based applications and storage. The wonderful thing about the cloud is that it is accessible, flexible and shareable. However, if misconfigured it leaves systems wide open to attack.

So while the cloud makes it brilliantly easy to store information and share it, it is so easy that simply ticking a single wrong box during set-up can lay all your data open to hackers who have the skills to get past a minimum level of security. Which is virtually all of them.

C2 Cyber - Cyberattacker

Waiting for mistakes

If you have a strong stomach, search “AWS S3 data breach buckets” and you will come up with 6.7 million examples of where hackers have just waited for mistakes in configuration to release sensitive data.

In fact, 70% of the causes of malicious data breaches are now about the way in which technology is implemented rather than the effectiveness of the security products themselves.

 This is the verdict of the latest Cost of a Data Breach Report from Ponemon, combining results from 524 organisations across 17 countries and regions, and 17 industries.

Top causes of malicious cyberattacks

The alarming breakdown is as follows:

  • Cloud misconfiguration – 19%
  • Compromised credentials – 19%
  • Vulnerability in third party software – 16%
  • Malicious insider – 7%
  • Other system or configuration error – 6%
  • Social engineering – 3%

Compromised credentials occur when your staff or your suppliers’ employees accidentally or intentionally give away their login details, usernames or passwords.

Combating third party cyber risk

Vulnerability in third party software is another open goal for the hackers. It only takes a mistake by one of your suppliers for cyberattackers to have a route right into your business via all those efficiency-gaining systems you share. Your business is only as strong as its weakest link.

So monitoring and assessment of supplier security maturity is essential. Malicious data breaches can no longer be combatted by higher firewalls. CISOs need to look at the way their security is implemented, the behaviours that manage it and how risk is understood across the whole company.

Of course, it is vital to match effort and cost to degree of risk, focusing your limited resources on the suppliers that present the most danger to your business. That is the value of C2 Cyber’s proprietary COBRA platform, which identifies the supply chain risks that pose the greatest threat.

C2 Cyber are experts in cyber security and vendor risk management. To protect your business from cyberattack, call us today on +44 (0) 20 7965 7597.

__CONFIG_local_colors__{"colors":{"8b2fd":"Snuff","edb1a":"White Lilac","83d40":"Ship Cove","20090":"Scampi","4f35b":"Rose White","b98f0":"Turquoise","772bd":"Turquoise"},"gradients":{}}__CONFIG_local_colors__