Tips to Mitigate the Risk of Cybersecurity Incidents

The Cyber Incident & Breach Trends Report published by Online Trust Alliance considers 2017 as the worst year ever for cybersecurity incidents. The number of breach reports almost doubled in 2017 compared to the previous year. Aside from knowing the data, Online Trust Alliance also investigates the incidents to understand the trends and to know what to do to prevent the occurrences of cyber attacks.

In the initial report, the figure of cybersecurity incidents was guesstimated to be 159,700 based on the third quarter of 2017 data. The actual number could be higher because many incidents are usually not reported. Compared to the guesstimated figure of cybersecurity incidents in 2016 (using the same criteria), the number almost doubled from 82,000 to 159,700.

Online Trust Alliance identified ransomware attacks as having the biggest increase in cyberattack incidents. Ransom Denial-of-Service (RDoS) attack also became popular among cybercriminals so they were able to threaten a DDoS attack unless the victim pays ransom.

There was a rise in cyber threat due to the growth of IoT devices, 85% increase of malicious emails, 90% increase in business-targeted ransomware and growth in BEC attacks. There was a four-fold increase in breached records in 2017 and US companies lost an estimate of $1.6 billion because of BEC attacks since 2015.

Online Trust Alliance said that majority of breaches could have been avoided if best practices were adopted to mitigate the risk of cybersecurity incidents. Doing the following tips is recommended:

  • Regularly patch software vulnerabilities
  • Implement controls to stop insider theft and compromise of personal data
  • Block spam emails to stop malicious emails
  • Train users to recognize phishing emails
  • Conduct a thorough risk assessment including internal and external partners or third-party services
  • Fix settings of servers and devices and update operational systems and applications
  • Encrypt data and manage encryption keys to avoid loss of data even when devices are lost, hacked or stolen.