New data from the Identity Theft Resource Center shows rises in the number of data compromises following 2021’s record-setting year, all stemming from cyber attacks.
I don’t like it when reports on attacks and their results use the phrase “record-breaking”. But that’s exactly what we find in ITRC’s latest Q1 2022 Data Breach Analysis report when talking about both the 1862 data compromises reported last year and the 404 compromises reported in the first quarter of this year. These Q1 compromises are the highest we’ve seen in the last three years.
According to the report 92% of these compromises were the result of some form of cyber attack – which can include zero day attacks, software flaws, credential stuffing, malware, ransomware, and phishing.
It’s no surprise to find out that phishing topped the list as the top root cause of the reported data compromises, pointing to external threat actors intent on stealing data – whether as part of a simple data breach, a ransomware / extortion attack, or espionage.
Whatever the attack bent, the use of phishing remains a very specific kink in the cybersecurity armor of most organizations – with cybercriminals demonstrating time and time again that a pure security software solution-based defense is not going to stop every last phishing email from reaching its intended victim recipient.
This is why Security Awareness Training is so imperative; without it, users are uninformed about the social engineering tactics and methods used by scammers to trick your employees into unwittingly aiding in an attack. By putting employees through training, they become a part of the defense strategy, spotting bogus emails as quickly as you do, putting an immediate stop to an attack, before it can do harm.