The latest Verizon report on worldwide data breaches highlights the critical need for businesses to focus on security for remote-working as hacking, phishing, and attacks on cloud-based data rise.
The Verizon Business 2020 Data Breach Investigations Report (2020 DBIR) shows a year-over-year two-fold increase in web application breaches, to 43 per cent – stolen credentials were used in over 80 per cent of these cases.
“As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount,” said Tami Erwin, CEO, Verizon Business.
“In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious.”
- 72% of breaches involved large business victims
- 58% of victims had their personal data compromised
- 45% of breaches involved hacking
- 86% of breaches were financially motivated
- 43% of breaches involved web applications
- 37% breaches involved stolen or used credentials
- 27% of malware incidents were ransomware
- 22% of breaches involved phishing
- 22% of attacks included social attacks
- 22% involved malware
- 70% of breaches were perpetrated by external actors
- 55% of breaches were caused by organized criminal groups
Is your Safety Data safe?
Organisations that use myosh can be confident that their HSE data is entrusted with a company that is ISO 27001 certified. Equally important – myosh partners with a data centre (AWS) that is also ISO 27001 certified. Learn more about myosh Security.
In a world where companies handle increasingly large amounts of data, it’s vital that sensitive company information remains secure and risk management processes are extended to data security.
Companies need to check if their providers are ISO 27001 compliant and not just their data centres that provide the hosting. ISO 27001 is a global standard that outlines the requirements for an information security management system (ISMS). The standard is an internationally recognised best practice model for mitigating data security risks.
Organisations use ISO 27001 to securely manage assets including financial information, intellectual property, employee details, or information entrusted by third parties.
When you entrust your data to a third-party company, you should request independent verification that its information systems are ISO 27001 certified – not just data centres that provide the hosting. This means that if an information system runs on cloud infrastructure, both environments must be ISO 27001 certified. Too often, businesses claim ‘data security’ simply by piggybacking on the certifications of their cloud infrastructure provider.
Organisations certified to ISO 27001 have developed a systematic approach to managing sensitive company information. This involves applying a risk management process to its people, processes and IT systems so that data remains secure.
So do a quick check to ensure your cloud-based software providers have your back when it comes to your data security.