SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
2021 open season for attackers as compromised data increases
Thu, 27th Jan 2022
FYI, this story is more than a year old

2021 was open season for attackers as ransomware gangs targeted health care facilities, schools, and critical infrastructure, with the number of publicly reported data compromises rising by 17% in 2021.

IT experts Totality Services have highlighted some key information to be aware of, why people or organisations might be targeted and the serious impact it could potentially have on business and life in general.

"Your personal information is not safe online. Data breaches happen on an almost daily basis, exposing people's email addresses, passwords, credit card numbers and other highly sensitive data," the company says.

"And as businesses and individuals around the world begin to finally return to the office following over two years of enforced hybrid working, new challenges await for IT security teams."

What are data breaches?
A data security breach is defined as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

Who is after personal data?
IT security teams have always had the unenviable job of protecting their networks and sensitive data against a seemingly endless and ever-changing array of unseen foes, ranging from small-time high-school hackers to sophisticated cyber-criminal syndicates, to international espionage between nation-states.

Notable recent cases
In 2021, data security breaches continued to rise, including an infamous data breach by Facebook that made headlines around the world, after the personal data of 533 million users (including phone numbers, dates of birth, locations, full names and email addresses) were all exposed.

Serious repercussions
Data security breaches are far from being a victimless crime. If your identity is taken, you may have funds stolen from your online banking accounts, find it difficult to get future loans, credit cards or a mortgage. An identity thief can use numerous methods to find out your personal information and will then look to open bank accounts, take out credit cards, or open government benefits in your name.

In an attempt to help prevent individuals falling victim to a data security breach, Charlie Acfield, technical IT director at Totality Services, has shared five practical tips on what people should be aware of and how they can minimise the risks of being exposed when conducting their day-to-day business online.

  • Think before you click: Beware of emails, texts or other promotions that seem off or encourage you to urgently click on links. If you receive an enticing offer, do not click on the link. Instead, go directly to the company's website to verify the offer is legitimate.
  • Do your homework: Fraudsters are fond of setting up fake eCommerce sites. Prior to making a purchase, read reviews to hear what others say about the merchant. Check trusted sources, land in addition, look for a physical location and any customer service information.
  • Consider your payment options: Using a credit card is much better than using a debit card; there are more consumer protections for credit cards if something goes awry. There are now many services you can use to pay for purchases like Google Pay without giving the merchant your payment information directly
  • Watch what you give away: Be alert to the kinds of information being collected to complete your transaction. If the merchant is requesting more data than you feel comfortable sharing, cancel the transaction. You only need to fill out required fields at checkout and you should not save your payment information in your profile.
  • Keep tabs on your financial statements: Be sure to continuously check your accounts for any unauthorised activity. Good record keeping goes hand-in-hand with managing your cybersecurity. Another tip for monitoring activity is to set up alerts so that if your credit card is used, you will receive an instant message with the transaction details.

"The reality is most people aren't aware of how their personal information is collected, stored and used by many modern organisations. That said, with Data Privacy Week 2022 now kicking off, theres no better opportunity for individuals and businesses to learn more about this topic," Acfield says.

"Unfortunately, fraudsters are getting better and better at what they do by the day. Cybercriminals and their attacks are increasingly more sophisticated, no longer do we see so many giveaways such as spelling errors or suspicious looking links. Instead, they are researching and impersonating well-known companies and people," he says.

"However, we hope by highlighting the above five simple but important tips, people will be better able to educate themselves and be less likely to be caught unawares when conducting their business online."