Another week, another data leak. This time hacking group Fancy Bear - also known as APT28 - went after The World Anti-Doping Agency's database to steal the records of Olympic athletes such as Bradley Wiggins and Serena Williams. The attack, which was the result of a spear phishing attack through email, serves as a reminder that hackers aren't always after financial gain, and we need to be more clued up on how valuable data or information can be.
F5 recently conducted research of over 3,000 consumers across Europe, of which 72% of respondents felt that the reason more businesses are falling victim to cyber-attacks is because hackers are getting more sophisticated. But a spear phishing attack is not so sophisticated, it's an old method that keeps getting used time and time again, with continued success - 10% of phishing scams lead to a data breach. Spear phishing involves sending a spoof email to an individual or business which contains a link or attachment that plants malware onto the victim's device. This is then used to access data or financial information - whatever the hacker is trying to steal.
Businesses must put the security policies in place to protect data, applications and identities, whilst consumers need to be aware of the risks they are unknowingly taking. For example, many are unaware of how easy it is for a hacker to impersonate an email from a known sender, and aren't sure of which signs to look out for. Remember that many forms of attachments can be used to plant malware on a device, and hovering over a link to check the hyperlink code can reveal whether the email is legitimate or not.
Another risk is connecting to free WiFi in hotels, cafes and restaurants to do some work on a personal device, as these aren't always secured properly. If this device has access to any work materials or a server, the user could be putting their company at risk. Hackers can use a portable device and a smartphone to hook up to the Wi-Fi and redirect all devices connected to it without the user's knowledge. Once connected, they can access just about anything; names, addresses, passwords and bank account details. Users should protect their device by installing encryption and antivirus apps such as Avast or Bitdefender to keep the hackers out.
If we want to get better at fighting against hackers, the focus needs to be on what businesses need to protect and in assessing whether they have data or assets that are worth hacking. Our research found that 66% of people believe hackers are motivated by financial gain, with just 9% believing it was disruptive political or religious aims.
Without understanding what hackers are after only makes it harder to prepare for when they attack. We're becoming more familiar with the saying 'it's not a case of if but when' on the subject of hacking. The idea that most attacks are motivated by financial gain is misleading. There has been a rise in politically driven attacks that will continue to cause friction between nations and political parties. Google recently revealed it detects 4,000 state-sponsored cyberattacks per month.
What organisations need to remember is that consumers are trusting them to protect the personal information they share. Whilst a company hack could break this trust, (50% of consumers said they would not share data or purchase products from a company that has been hacked in the past) those that do not educate their customers about how to react to a breach will only push them further away.
These findings teach us that there isn't always a second chance when it comes to being breached, consumers will vote with their feet and choose companies with a clean hacking history. The results speak for themselves, if you don't know what you are protecting, how can you ensure it stays safe? It's up to consumers and businesses alike to take responsibility and protect all forms of data.