
Fraud Protection
Head back to our dedicated hub for the latest fraud trends and useful resources to help protect your business from cyber criminals.
A data breach is a security incident which occurs when cybercriminals successfully infiltrate and extract sensitive information without authorisation from a data source. This can be done physically by accessing a computer or network to steal local files, or by bypassing network security remotely which crucially, is often the method used to target companies.
Stories of massive company data breaches may seem commonplace these days, but it shouldn’t be all that surprising. As technology progresses, more and more of our information has moved to the digital world and as a result, cyberattacks have become more frequent and costly.
The following are the steps usually involved in a typical a breach operation:
1. Research
The cybercriminal looks for weaknesses in the company’s security (people, systems, or the network)
2. Attack
The cybercriminal makes initial contact using either a network or social attack
3. Network attack
A network attack occurs when a cybercriminal uses infrastructure, system, and application weaknesses to infiltrate an organisation’s network.
4. Social attack
Social attacks involve tricking or baiting employees into giving access to the company’s network.
5. Exfiltration
Once the cybercriminal gets into one computer, they can then attack the network and tunnel their way to confidential company data.
Data breaches can damage both businesses and consumers in a variety of ways. They can cause significant financial loss, damage lives and reputations, and it can take businesses a considerable amount of time to repair and re-build.
The motive of cybercriminals will define which company they will look to attack. Different sources yield different information and based on the data stolen, there are specific types of information that are valuable.
Cybercriminals search for this data because it can be used to make money by duplicating credit cards, and personal information can be used for fraud, identity theft, or even blackmail. The information can also be sold in bulk in Deep Web marketplaces.
End users are rarely the target, but they can be affected when their records are part of the information stolen from big companies.
An example:
In July 2017 the Information Solutions Provided Equifax suffered a major cybersecurity incident which affected 143 million consumers in the U.S. Initially discovered on 29 July, the breach revealed the names, Social Security numbers, birth dates, and addresses of almost half of the total U.S. population. With investments in 23 other countries worldwide, around 400,000 U.K. customers were also reportedly affected. Final findings revealed a total of 145.5 million exposed records.
Cybercrime is a profitable industry for attackers which continues to grow. Corporations and businesses are extremely attractive targets to due to the large amount of data that can be obtained in one attack. Cybercriminals seek personally identifiable information to steal money, compromise identities, or sell over the dark web.
Data breaches can occur for a number of reasons including accidentally, but targeted attacks are typically carried out in the following four ways:
The more you invest in cybersecurity the better protected your organisation will be, which in turn will make you less attractive to cybercriminals in the first instance, but there are some basic proactive steps all businesses should take as a minimum to reduce the risk of a data breach:
Initial steps
Where business details (including account number and sort code) have been compromised:
Where personal details have been compromised:
#Agencies may differ according to jurisdiction.
Head back to our dedicated hub for the latest fraud trends and useful resources to help protect your business from cyber criminals.
Supply chains can be complex and opaque, making it very challenging to manage cyber risk across the chain. But while the risks are growing, the solutions are too.
Latest insights