Cyber Security breaches – A few facts for 2025
Are you concerned about Cyber Security breaches?
Your people are your greatest risk, but you can also make them your greatest defence against cyber attacks.
When you think of cybercrime, who comes to mind? Big corporations? Banks? Maybe even government agencies? Most of us picture headlines about million-pound hacks, but the reality is that small businesses are just as much — if not more — at risk. We have to be aware of the risks and know what we’re up against so lets find out more in this article about CYBER SECURITY BREACHES – A FEW FACTS FOR 2025
Here are A few Cyber Security facts for 2025
- 43% businesses reported cybersecurity breaches or attacks
- 612000 small businesses experienced a breach
- 61000 charities experienced a breach or attack
- 68% of security breaches include the human element
- 36% of data breaches are caused by phishing activities, according to Verizon
- 90% of successful hacks and data breaches start with phishing scams.
Human Risk Management
The Three pillars of Security Culture
People
Tools
Processes
The only way to fight cyber crime is to have a solid Security Culture in your organisation. This requires engagement from People, effective security Tools and robust Business Processes in equal measure. to be effective It has to be baked into to the very ethos of every organisation, from 1 man bands to large corporations.
What is Phishing
Phishing is the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters.
Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering.
What is Social Engineering
Social engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access. Phishing, spear phishing, and CEO fraud are all examples.
Pretexting | An invented scenario is used to engage a potential victim to try and increase the chance that the victim will bite. It’s a false motive usually involving some real knowledge of the victim (e.g. date of birth, Social Security number, etc.) in an attempt to get even more information. |
Diversion Theft | A ‘con’ exercised by professional thieves, usually targeted at a transport or courier company. The objective is to trick the company into making the delivery somewhere other than the intended location. |
Spear Phishing | A small, focused, targeted attack via email on a particular person or organization with the goal to penetrate their defences. The spear phishing attack is done after research on the target and has a specific personalized component designed to make the target do something against their own interest. |
Water-Holing | This technique takes advantage of websites people regularly visit and trust. The attacker will gather information about a targeted group of individuals to find out what those websites are, then test those websites for vulnerabilities. Over time, one or more members of the targeted group will get infected and the attacker can gain access to the secure system. |
Baiting | Baiting means dangling something in front of a victim so that they take action. It can be through a peer-to-peer or social networking site in the form of a (porn) movie download or it can be a USB drive labelled “Q1 Layoff Plan” left out in a public place for the victim to find. Once the device is used or malicious file is downloaded, the victim’s computer is infected allowing the criminal to take over the network. |
Quid Pro Quo | Latin for ‘something for something’, in this case it’s a benefit to the victim in exchange for information. A good example is hackers pretending to be IT support. They will call everyone they can find at a company to say they have a quick fix and “you just need to disable your AV”. Anyone that falls for it gets malware like ransomware installed on their machine. |
Tailgating | A method used by social engineers to gain access to a building or other protected area. A tailgater waits for an authorized user to open and pass through a secure entry and then follows right behind. |
Honeytrap | A trick that makes men interact with a fictitious attractive female online. From old spy tactics where a real female was used. |
Scareware | Also deception software, rogue scanner software, or fraudware, scareware, is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware. Scareware, in recent years, has become a growing and serious security threat in desktop computing. |
Phishing | The process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters. Emails claiming to be from popular social websites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering. |
what practical steps can you take to be become a cyber security focussed organisation?
People
Tools
Processes
- Be Aware, Be Aware, Be Aware!
- Train your staff regularly
- Report Suspicious Emails
- Check twice / Reply or click once
- Strong Passwords / use a password Manager
- MFA, MFA, MFA,
- Invest in a modern business grade Secure Gateway / Firewall
- A licenced Anti Virus with Malware Protection.
- Backup your OneDrive / SharePoint to a 3rd party location
- Use Phishing tests and training tools
- Weekly reporting and analysis
- Provide your staff with Acceptable Use Policy
- Ensure you have a BYOD Policy.
- Ensure you have a GDPR Policy and Data Protection Policy
- Regularly review and update your policies !!!
- Register with the Information Commissioner’s Office https://ico.org.uk/
- Certify for Cyber Essentials
In Summary:
Your people are both your strongest defence and your weakest link. Turn your staff and your top team into Cyber Security Warriors through training and education and turn your weakness into strength.
Find out more
Contact Saint IT for more information about our Cyber Awareness Training and Human Risk Management program
Telephone: 0800 009 3064