In its monthly analysis of the latest data breaches and cyber attacks across the world, IT Governance has identified 104 publicly disclosed security incidents in January – which accounted for 277,618,767 compromised records.
Compared to December 2022, IT Governance saw a huge 779% increase in incidents. This accounts for more breached records than found in any calendar month in 2022, and it’s among one of the highest incident numbers IT Governance has ever recorded to date.
Alan Calder, Founder and Chairman of IT Governance, commented, ‘This huge spike in data breaches should serve as a reminder to businesses to review their cybersecurity plans immediately. It may be a New Year – but cyber crime is here to stay, and it’s only going to become more costly and difficult to effectively manage if organisations put off their New Year’s resolution to get their cyber security processes reviewed and strengthened now.
The numerous high-profile data breaches and cyber attacks in January show us that no business is safe from the threat of cyber crime, and the variety and complexity of these instances – ranging from supply chain hacks to ransomware – demonstrate the necessity for organisations to implement a strong, multi-layered defence in depth security strategy, that covers the whole spectrum of potential threats.
Organisations must focus their efforts on the five elements of a strong cyber defence in depth strategy: detection, protection, management, response and recovery.
Regular vulnerability scanning is a critical component of a risk-based approach to security as it detects and identifies security vulnerabilities in computers, internal and external networks, and communications equipment.
Certification to basic security schemes such as Cyber Essentials helps protect organisations from the most common cyber threats and demonstrate their commitment to cyber security. Training and professional certification helps ensure you have the skilled staff you need to implement and maintain your security measures.
For many organisations, managing cyber security risks requires a more intensive approach than simply implementing basic protections. Cyber security is an ongoing process, requiring continual evaluation, maintenance and revision. ISO 27001 – the international standard for an ISMS, encompasses people, processes and technology and includes measures such as embedding risk-based security controls into corporate processes, managing the security of supply chains and carrying out regular audits to ensure security controls remain up to date.
The security measures you have implemented should minimise the impact of a successful attack, but how you respond is critical to limiting disruption and costs. This is especially important when it comes to breaches of personal data, which must be reported to the data protection authorities within 72 hours of being discovered under the GDPR and DPA 2018.
Implementing cyber incident response management plans means you won’t waste valuable time when the worst happens.
Recovering from a cyber attack or data breach can be far more disruptive than you planned for. This is where cyber insurance is important, as it can cover the cost of-rebuilding if all else fails.
Ultimately, the focus for organisations should be on ensuring the necessary safeguards are in place – continuously testing for any gaps in your frontline of defence will set your business up well for 2023.
Conducting a cyber health check will provide you with an incisive and detailed report describing your current cyber risk status and critical exposures, and will draw on best practice – such as ISO 27001, 10 Steps to Cyber Security, CIS 20 Critical Controls, NCSC guidance and Cyber Essentials – to provide recommendations for reducing your cyber and compliance risk.’