Simon Fraser University: Institution of Higher Learning
Risk to Business: 1.623 = Severe
Simon Fraser University is in the spotlight again after another data breach. Cybercriminals breached a server that stored information on student and employee ID numbers and other data, including admissions or academic standing. This is the second data breach at Simon Fraser University in 12 months.
Individual Risk: 2.117 = Severe
The server contained personal information for some current and former students, faculty, staff and student applicants including student or employee ID numbers.
Customers Impacted: 200,000
How it Could Affect Your Customers’ Business: Continued security problems at any organization aren’t acceptable to consumers anymore as people become more serious about protecting their data.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Phishing Flood Continues to Swamp Companies and Create Security Sinkholes
Phishing became the biggest cybersecurity threat of 2020 for every business to handle very quickly at the beginning of the global pandemic as cybercriminals sought to capitalize on pandemic-related challenges to companies that were suddenly forced into remote operations. That tide continues to rise with new phishing threats and new security sinkholes that can swallow up data, time and money.
COVID-19 Threats Aren’t Over Yet
In a recent study, experts estimated a minimum growth rate of 220 percent for overall phishing in 2020 (including SMS, voice, message and social media) – and that trend is expected to continue into 2021 with a minimum 15 percent increase in overall phishing this year.
Much of that phishing was devoted to COVID-19 threats. Google indicated that it saw a 660 percent increase in phishing in Q2 2020 as it bulwarked the onslaught of phishing that powered a cybercrime burst in 2020. COVID-19 was Google’s biggest phishing topic in history, a record that’s unlikely to be broken anytime soon. More than 80 percent of businesses saw an increase in cybercrime including phishing in 2020 – and not all of that steep increase can be chalked up to COVID-19 threats.
2 Popular Phishing Categories That Trap the Unwary
One major lure that cybercriminals have been profiting from is brand impersonation. Especially as email volumes surged at the start of the pandemic, faux branded phishing emails were a fast, easy way for cybercriminals to get past security and get into employee inboxes (which would be 40 percent less likely with Graphus). About than 405 percent of those emails mimicked just one brand – Microsoft. Rounding out the Top 5 were DHL (18 percent) LinkedIn, (6 percent), Amazon (5 percent) and Rakuten (4 percent). An estimated 55 percent of phishing sites made use of target brand names and identities in their URLs.
Remote Workforce Support
Remote workers face a unique set of challenges, and every business in the world got to experience them in 2020. Phishing is an especially dangerous threat for remote workers. In a comprehensive study of over 1,000 remote workers, 47 percent of respondents cited distraction as the main factor in their failure to spot phishing attempts. Over half of employees said they were more likely to make security mistakes when stressed and 41 percent flubbed security procedures when tired. Overall 43 percent of the surveyed employees admitted that they’d made cybersecurity blunders as a result of newly remote workforce stress.
Training Works against These Threats
A key way for companies to prevent these lures from snagging their staffers is through regular, comprehensive security awareness training that includes phishing. Up to 70 percent of phishing attacks now lack a malicious payload – employees aren’t just looking for an attachment anymore, and they need to know that. Most phishing is done through spurious links, and employees need to be ready for that.
Are You Cyber Resilient?
Is your company prepared to not just survive a cyberattack but thrive? You are if you’re cyber resilient. By building your organization’s defenses with an eye toward cyber resilience, you give your business a better chance of making it through the unpleasantness of a cyberattack with minimal disruption to your workflow or your budget.
Companies that are cyber resilient have their bases covered, with security solutions that work together to provide layered protection. That creates strength by adding more roadblocks and warning systems between cybercriminals and your data. For example, if your IT team is getting real-time threat intelligence from Dark Web ID, they know immediately if one of your company’s credentials appears in a Dark Web market, giving them time to take care of the issue before it becomes a disaster.
Building cyber resilience also means making sure that your business can keep operating during challenging times. You shouldn’t have to shut down operations and experience major disruptions like loss of access to email because of cybercrime. In many defense plans, even when a cyberattack is repelled, businesses experience significant disruptions.
A cyber resilient organization can quarantine problems, keeping them away from operations to minimize the impact of a cyberattack. Companies that are using Passly have access to that capability through single sign on backed up with even more protection through multifactor authentication.
A new cyberattack is launched every 39 seconds , but in this economy, you can’t afford to buy every solution on the market. Get more value out of simple solutions when they work together and build your company’s cyber resilience.
Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!