With nearly 3,700 publicly disclosed data compromise events in the first 3 quarters of 2018, according to security information provider, Risk Based Security, breaches remain a risk.
Many organizations want to understand what are cybercriminals really after to determine their security strategy. In some cases, it’s to hold endpoints for ransom, in others, it’s about hijacking an endpoint’s processing power to cryptomine. But, good old, tried and true data breaches are still in full swing.
According to Risk Based Security’s 2018 Q3 Data Breach QuickView Report, breaches appear to be growing in the size of individual breaches – seven breaches involved 100 million or more records, and the 10 largest breaches accounted for nearly 85% of all of the records exposed in the first 3 quarters of 2018.
It’s an interesting trend: there are less breach incidents than in 2017 (2018 saw 8% less reported breaches), but the breaches are impacting millions records at once. Add to this, the fact that over one-third of breached organizations (according to the report) remain “unwilling or unable” to disclose the number of records exposed.
According to the report, 77% of the breaches were caused by external attacks, with 71% of breaches being the result of what they define as a “computer-based intrusion”.
With users acting as the last line of defense on endpoints, the only way to truly minimize intrusions on your endpoints is to strengthen your user’s part in your security strategy through Security Awareness Training. By educating users, the likelihood of them clicking on malicious links and attachments, falling for social engineering scams, or being fooled into participating in an external attack is lessened materially. As part of a layered security strategy, Security Awareness Training ensures the human factor of your security remains vigilant.