What happened in the past may not predict the future, but when it comes to cybersecurity, previous incidents do help paint a picture of potential vulnerabilities within your information security approach. Findings from high profile data breaches, from the SolarWinds Hack to the attack on hotel chain Marriott, provide indicators of how malicious cyber actors can infiltrate an organization’s security protocol that your organization may find useful for planning.

Our resource explores three “Ws” from recent information security incidents to help illustrate the proactive steps your organization can take to improve its cybersecurity function.

Where You Might Be Vulnerable

We’re human, and unfortunately, our propensity to err — say to inadvertently divulge sensitive information to the wrong party — remains one of the key vulnerabilities your organization faces as it manages its cyber risks. Verizon Wireless’s 2021 Data Breach Investigations Report found that social engineering was the leading cause of breaches—that is, an information security event that led to data being disclosed to an unauthorized party—last year.

Cyber attackers seized on the disruption during the start of the pandemic to send out COVID-19 related phishing emails on the pretense that the communications were from the CDC and the World Health Organization. Continued training for all levels of employees on how cyber actors use social engineering tactics to manipulate users into opening up system access will be essential.

Findings from the recent Marriott cyber incident also demonstrate why your organization should be particularly mindful during M&A transactions to assess if the company being acquired has any cybersecurity vulnerabilities. An effective infrastructure between Marriott’s acquisition of Starwood where the two groups could share digital processes and security policies may have made for a stronger cybersecurity defense strategy and prevented a data breach that exposed nearly 500 million customers’ personal identifiable information (PII).

Another element to monitor closely are remote desktop protocols (RDP), which allow employees to remotely connect to their desktops. If you use RDP, you should be sure to also use virtual private networks (VPNs) and multi-factor authentications.

What a Cyber Attack’s End Game Looks Like

A cyber incident related to the Colonial pipeline revealed just how devastating an incident related to infrastructure can be, but for better or for worse, cyber-attacks carried out for the intent of infrastructure disruption are still in the minority. The 2021 Data Breach Investigations Report explored common motives for reported incidents, and by far, financial motives remain at the top of the list. Organizations should continue to concentrate security protocols on data that involve credit card and bank account information as this appears to be the most common type of data that cyber criminals attempt to extract during an incident.

Who Perpetrates an Information Security Incident

Once again, the high profile cases on the types of groups perpetrating an information security incident are not reflective of broader trends among information security incidents. State-sponsored actors were a much lower percentage of the total incidents captured by the 2021 Data Breach Investigations Report, with members of organized crime groups coming in as the responsible part for around 80% of all incidents in 2020.

But malicious actors are not the only perpetrators of an incident; internal users may also be inadvertently responsible for an incident or a breach. Errors contributed to 17% of all data breaches in 2020 according to the Verizon Wireless report. Types of errors that led to issues included misconfiguration of a system and undelivered critical information. Quality control checks and training for employees who handle sensitive information are highly encouraged to be included in your internal controls.

Concluding Thoughts

Cybersecurity issues evolve—as organizations get a better handle on vulnerabilities, cyber criminals will find new ones to exploit. Keeping on top of the latest developments can help your organization enhance its information security protocols and stay ahead of costly incidents and breaches.

For more information, please contact us.

Copyright © 2021, CBIZ, Inc. All rights reserved. Contents of this publication may not be reproduced without the express written consent of CBIZ. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.

CBIZ MHM is the brand name for CBIZ MHM, LLC, a national professional services company providing tax, financial advisory and consulting services to individuals, tax-exempt organizations and a wide range of publicly-traded and privately-held companies. CBIZ MHM, LLC is a fully owned subsidiary of CBIZ, Inc. (NYSE: CBZ).