At a time when cyber attacks are achieving success in varying degrees and IT pros are keeping quiet about resulting breaches, there is one specific type of attack that has them most worried.
Despite us all working in IT at a time where the sharing of threat data is at its highest, there is still the notion that organizations don’t want the public finding out about data breaches for fear of the repercussions to the company’s revenue and reputation.
According to BitDefender’s 2023 Cybersecurity Assessment, it appears that 42% of IT and cybersecurity leaders have been told to keep a breach confidential — when it should have been reported. Given that 52% of organizations have experienced a data breach or leak in the last 12 months, this means a material number of attacks have gone unreported – a bit of critical information that can help shed light on threat tactics, response plan efficacy and more.
Roger Grimes, our own resident data-driven defense evangelist had this to say about the lack of reporting breaches:
“In my career, EVERY organization ever hacked asked EVERY employee to not tell anyone about the attack, every time. You can get in trouble for talking about it. It's up to senior management and legal to decide who to tell when and most don't want to tell anyone ever. That's why legally required disclosure is important. It forces some organizations to tell some people sometimes instead of always hiding it."
When asked about the most pressing cyber attack techniques used, 52% of organizations are most concerned about phishing attacks, with 72% of them believing phishing attacks are increasing in sophistication.
We need more sharing of attack details, not less. But in lieu of actionable information that other organizations can make use of to better protect themselves, the focus on protecting against phishing attacks is an impactful start – something that includes educating users on the methods, campaigns and techniques used in these attacks through Security Awareness Training.