It should be noted that no one can avoid attacks, so companies must prepare their employees and partners to recognize attack attempts.
This year, in 82 percent of cases, unauthorized users gained access to company IT systems by deceiving users, thus bypassing rock-solid firewalls, and gained access to financial, internal, and personal data, according to the summary of the latest 2022 Data Breach Investigations Report, which provides an international outlook.
Successful intrusions were most often carried out using phishing methods, malicious programs and stolen identifiers. The average value of the loss caused by burglaries increased in 2022 – from $4.24 million a year earlier to $4.35 million. The magnitude of the damage caused by attacks aimed mainly at financial gain and partly at espionage mainly depended on what kind of sensitive data the company employee who was a victim of deception could see and manage in the company’s IT system through the privileges granted to him.
The 2022 Data Breach Investigations Report pointed out that phishing is still in its heyday. The majority of detected attacks (more than 60%) were targeted by the use of deceptive emails and websites this year. Right after, but with a smaller success rate (more than 20 percent), unauthorized persons tried to get access to important and beneficial company information by using stolen identifiers and by impersonation (pretexting). In connection with these, an astonishing trend emerges. Since 2017, the number of registered cases in the world where corporate IT systems were hacked with stolen identifiers has increased significantly by 30 percent. An even more alarming trend in the past year was that 80 percent of hacked mail servers were compromised with stolen access.
According to Tamás Mihály, the founder of XS Matrix, founded in cooperation with leading Hungarian IT security specialists, and the strategist of TheFence, companies can only really reduce the risks that threaten them if the data managers (typically middle managers) accurately define and review from time to time on a risk basis that personally, who has access to what, and they prevent the allocation of excessive, unnecessary or conflicting rights. According to the expert, it must be acknowledged that no one can avoid attacks, so companies must prepare their employees and partners to recognize attack attempts.