Contact us
, ,

Common data breaches and how to prevent them

Cybercriminals are becoming increasingly sophisticated and persistent in their attacks. However, there are preventative strategies you can employ to mitigate this growing threat to your business.

The costs associated with data breaches include incident response, legal fees, public relations efforts, and system recovery. According to the UK Government’s Cyber security breaches 2024 survey, the average cost of a cyber attack to a medium-sized UK business in 2024 so far is £10,830.

And there are indirect costs to consider too, including loss of business, damaged reputation, and customer churn. However, with the right strategies, technology, and expert support in place, you can protect your business from these costs and significantly lower the risk of a data breach.

In this article, we’ll cover everything you need to know about data breaches affecting UK businesses in 2024 and provide a prevention strategy for each type of data breach so you can mitigate the threat they pose.

  • Why are data breaches becoming more common?
  • Types of data breaches
  • Phishing attacks
  • Malware
  • Human error
  • Third-party vulnerabilities
  • Protect your business from data breaches
  • Emerging threats

Why are data breaches becoming more common?

Data breaches are on the rise due to a combination of several factors:

  • Increased reliance on technology: As businesses and individuals become more reliant on digital systems, the attack surface expands, making them more vulnerable to breaches   
  • Sophisticated cyber threats: Hackers are employing more advanced techniques, such as ransomware, phishing, and social engineering, to compromise systems and steal data
  • Remote work and hybrid working: The shift to remote work has introduced new security challenges, as employees may be less vigilant about cybersecurity best practices when working from home. Hybrid working means work devices are more regularly in transport and exposed to loss, theft, and accidental damage
  • Underreporting: It’s believed that many data breaches go unreported, making it difficult to assess the full extent of the problem accurately

One of the most notable data breaches was the Ticketmaster breach in May 2024. This was an unprecedented breach, potentially impacting a staggering 560 million users globally. The criminals behind this incident reportedly sold a massive 1.3Tb of stolen customer data for around £400,000.


Types of data breaches

Common types of data breaches include:

  • Phishing attacks
  • Malware
  • Human error
  • Third-party vulnerabilities 

Let’s take a look at each in more detail.

 

Phishing attacks

A phishing attack is a fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details through deceptive electronic communication.   

How do phishing attacks work?

Attackers send emails, texts, or messages that appear to come from reputable sources like banks, social media platforms, or government agencies. These messages often contain malicious links or attachments that, when clicked, can install malware or redirect users to fraudulent websites.

Types of phishing attacks include:

  • Spear phishing: A highly targeted email attack that impersonates someone the victim knows and uses social engineering techniques to exploit them. Spear phishing is often financially motivated and difficult to detect because it often only uses text as its payload.
  • Whaling: A form of spear phishing that targets high-ranking managers and senior executives. These messages often create a sense of urgency to get funds transferred quickly
  • Smishing: Cyber criminals send text messages that appear to be from a company or charity. These messages work in a similar way to email phishing
  • Vishing: Cyber criminals call their targets and try to get them to share information over the phone, such as account credentials or credit card details
  • Angler phishing: Cybercriminals use social media to get information or trick targets into visiting a fake website or downloading malware

How common are phishing attacks in the UK?

Phishing is by far the most common type of cybercrime. In the UK Cyber Security Breaches Survey, 90% of businesses and 94% of charities experienced a phishing attack. This report estimates that out of the approximate 7.78 million cyber crimes of all types, only 116,000 were non-phishing cyber crimes.

It’s estimated that 3.4 billion phishing emails are sent globally every day.

Prevention strategies for phishing attacks

Given the prevalence of phishing attacks, it really should be a primary focus of your data security efforts. Thankfully, there are measures you can take to protect your business from phishing attacks:

User education and awareness

  • Regular training: Educate employees about phishing tactics, how to identify suspicious emails, and the importance of avoiding clicking on links or downloading attachments from unknown sources
  • Phishing simulations: Conduct simulated phishing attacks to test employee awareness and identify areas for improvement   

Technical controls

  • Email filtering: Implement robust email filters to block suspicious emails and spam
  • URL filtering: Use URL filtering to prevent users from accessing malicious websites
  • Anti-phishing software: Deploy anti-phishing software to detect and block phishing attempts
  • Two-factor authentication (2FA): Require an additional form of verification, such as a code sent to a mobile device, to access accounts
  • Strong password policies: Enforce the use of complex passwords and encourage password managers

Incident response plan

  • Develop an Incident Response Plan: Create a clear Incident Response Plan to address phishing attacks promptly and effectively
  • Regular testing: Conduct regular tests of the Incident Response Plan to ensure its effectiveness

What is an Incident Response Plan?

An Incident Response Plan (IRP) is designed to help your business respond to, recover from, and learn from incidents that affect business operations and data security.

It’s the first step when dealing with a security event before invoking more costly and complex Disaster Recovery and Business Continuity plans. The IRP aims to handle the incident quickly, so they aren’t necessary.

Read more about using Incident Response Plans to minimise damage and maximise recovery.

 

Malware

Malware is malicious software designed to infiltrate computer systems without the user’s knowledge, often causing damage or stealing data. Types of malware include:

  • Ransomware: Encrypts a victim’s files and demands a ransom for decryption
  • Spyware: Collects user information without consent
  • Viruses: Self-replicating malicious code that spreads through computer systems
  • Worms: Self-replicating malware that can spread independently
  • Trojans: Disguised as legitimate software but contains malicious code

How does malware work?

  1. Infection: Malware typically enters a system through:
    • Email attachments: Clicking on malicious links or opening infected attachments
    • Malicious websites: Visiting compromised websites that exploit vulnerabilities
    • Exploiting software vulnerabilities: Taking advantage of unpatched software weaknesses
    • USB drives: Inserting infected USB drives into the computer   
  2. Installation: Once inside, malware installs itself on the system, often hiding its presence to avoid detection
  3. Payload delivery: The malware then executes its malicious payload, which can vary depending on its type. This might include:
    • Data theft: Stealing personal information, financial data, or corporate secrets
    • System damage: Corrupting files, destroying data, or rendering the system inoperable
    • Spreading to other systems: Replicating itself to infect other computers on a network
    • Displaying ads: Generating revenue for the attacker by displaying unwanted advertisements
    • Taking control of the system: Allowing the attacker to control the infected device remotely.   
  4. Persistence: Many types of malware are designed to persist on the system, making removal difficult. They often use techniques to evade detection by antivirus software

How common is malware in the UK?

In the UK Cyber Security Breaches survey, 17% of businesses and 14% of charities reported a malware incident. In August 2022, a malware attack on IT supplier Advanced caused widespread outages across the UK’s National Health Service (NHS).

Prevention strategies for malware

Malware is a constant threat, but there are several steps you can take to protect your business:

Software and system maintenance

  • Keep software updated: Regularly install updates for your operating system, applications, and antivirus software. These updates often include security patches. 
  • Use antivirus and anti-malware software: Reliable antivirus software can detect and remove malware. Ensure it’s up-to-date and scan your system regularly.
  • Create regular backups: Regularly backing up your important data can help you recover from a malware attack.

User education and behaviour

  • Be cautious with email attachments: Avoid opening email attachments from unknown senders or unexpected sources
  • Verify links before clicking: Hover over links to check the actual URL before clicking. Be wary of suspicious or shortened links
  • Strong passwords: Use complex and unique passwords for all your accounts
  • Enable two-factor authentication: Add an extra layer of security by enabling 2FA whenever possible
  • Be mindful of public Wi-Fi: Avoid accessing sensitive information on public Wi-Fi networks   

Network security

  • Firewall: Use a firewall to protect your network from unauthorised access
  • Network segmentation: Divide your network into smaller segments to limit the impact of a potential breach
  • Regular security audits: Conduct regular security assessments to identify vulnerabilities

Get peace of mind with our robust Data and Device Protection solution

With our exceptional cyber security expertise and our wide range of protection services, our team will help you to keep your data and devices safe on an ongoing basis. From Advanced Antivirus and Email Threat Protection to Data Encryption and Firewall & Network Protection, you’ll be protected 24/7.

Read more about our Data and Device Protection solution.

 

Human error

Human error is a significant cause of data breaches. Mistakes made by employees can lead to sensitive information being exposed.

How does human error in data breaches happen?

Common mistakes include:

  • Accidental email sharing: Sending confidential information to the wrong recipient
  • Weak password practices: Using easily guessable passwords or reusing passwords across multiple accounts
  • Social engineering attacks: Falling victim to phishing scams or other social engineering tactics
  • Lost or stolen devices: Misplacing devices containing sensitive data

One notable example of human error in a data breach was in 2016 when major credit monitoring firm Equifax suffered a breach that affected over 15 million UK customer records. The cause of the data breach was traced back to a technician who failed to apply a security framework correctly, leaving the database vulnerable.

How common are data breaches caused by human error in the UK?

Human error is a surprisingly common culprit behind data breaches in the UK. While the exact percentage can fluctuate from year to year, it consistently ranks as one of the primary causes.

Prevention strategies for data breaches caused by human error

Human error is a significant factor in data breaches, but it can be mitigated through effective training, policies, and technology:

Employee training and awareness

  • Cybersecurity awareness training: Regularly educate employees about the risks of data breaches and how to protect sensitive information
  • Phishing simulations: Conduct simulated phishing attacks to test employee awareness and reinforce best practices
  • Data handling training: Provide specific guidance on how to handle different types of data, including storage, sharing, and disposal

Policies and procedures

  • Data classification: Implement a system to classify data based on sensitivity to determine appropriate protection levels
  • Access controls: Limit access to sensitive data on a need-to-know basis
  • Clean desk policy: Encourage employees to keep their workspaces tidy and secure sensitive information
  • Bring Your Own Device (BYOD) policy: Establish clear guidelines for using personal devices for work purposes
  • Remote work security: Provide employees with the necessary tools and training for secure remote work

Technology solutions

  • Data Loss Prevention (DLP): Implement DLP software to monitor and control data movement
  • Access management: Use strong authentication methods and role-based access controls
  • Encryption: Encrypt sensitive data both at rest and in transit
  • Regular backups: Maintain regular backups of essential data to minimise data loss
  • Incident response plan: Develop a comprehensive plan to respond to data breaches effectively

Continuous improvement

  • Regular assessments: Conduct security audits to identify vulnerabilities and areas for improvement
  • Employee feedback: Encourage employees to report suspicious activities or near-miss incidents
 

Third-party vulnerabilities

Third-party vulnerabilities occur when weaknesses in the systems or software of an external vendor or supplier are exploited to gain unauthorised access to a company’s network or data.

How do third-party vulnerabilities result in data breaches?

Examples of common third-party vulnerabilities that result in data breaches include:

  • Data breaches at cloud service providers
  • Supply chain attacks targeting software suppliers
  • Weak security practices of business partners

A notable example of a third-party vulnerability that resulted in a data breach occurred in May 2024 when a payroll system used by the MoD and managed by an external contractor was hacked. The stolen data included the names and bank details of armed forces personnel.

How common are data breaches due to third-party vulnerabilities in the UK?

Data breaches stemming from third-party vulnerabilities are increasingly common in the UK. The complex nature of modern business operations, relying on numerous third-party suppliers and service providers, creates a larger attack surface.

According to an RSM survey, over half (58%) of mid-market businesses have had a third-party service provider suffer a data breach or cyber-attack in the last 12 months.

Prevention strategies for data breaches caused by third-party vulnerabilities

Managing third-party risk is crucial for protecting your organisation’s data. Here are some key strategies:

Risk assessment and management

  • Comprehensive vendor assessment: Conduct thorough evaluations of potential and existing third-party providers, assessing their security practices, Incident Response Plans, and compliance with relevant regulations
  • Risk profiling: Categorise vendors based on their criticality to the business and the potential impact of a breach
  • Continuous monitoring: Regularly assess the security posture of third-party providers to identify emerging risks

Contractual obligations

  • Clear security requirements: Include detailed security requirements in contracts with third-party providers
  • Incident notification clauses: Specify how data breaches will be reported and handled
  • Data ownership and protection clauses: Clearly define data ownership and protection responsibilities

Security controls

  • Access management: Implement strong access controls to limit access to sensitive data
  • Data encryption: Ensure sensitive data is encrypted both at rest and in transit
  • Regular security audits: Conduct regular security audits of third-party systems
  • Incident response planning: Develop a comprehensive Incident Response Plan that includes third-party involvement

Technology solutions

  • Third-party risk management platforms: Utilise specialised software to manage vendor relationships and assess risks
  • Security Information and Event Management (SIEM): Implement SIEM solutions to monitor third-party systems for anomalies

Collaboration and communication

  • Open communication: Maintain open communication with third-party providers regarding security expectations and concerns
  • Joint security initiatives: Collaborate with third parties on security initiatives and best practices
 

Emerging threats

What threats to your data security does the future hold? Here are just a few to be aware of:

  • Deep fakes: Attackers create realistic audio or video recordings of people to impersonate and manipulate users into trusting them, which may lead to them sharing sensitive information.
  • Business Email Compromise (BEC): Hackers create emails that impersonate company leadership by using details from open sources, social media, and the dark web, such as executive names, writing styles, and account specifics

We will cover more future data breach risks in a future article.

 

Protect your business from data breaches

The most common reason for a cyber security incident is the failure of basic security controls or ”cyber hygiene”. Cyber hygiene is not a set-and-forget process. In a constantly changing threat environment, it is vital that the controls you have in place are regularly checked for adequacy.

According to the UK Cyber Security Breaches Survey, 78% of businesses still lack a formal Incident Response Plan. 

With more than 75 years of combined experience across our technical team, we can help you establish a continually high level of cyber hygiene to better protect your data from the ongoing threats we have covered here. 

Our experienced technical team provides excellent technical skills and guidance, including specialist cybersecurity support. We help our clients improve their security posture with managed security services, follow industry standards by achieving Cyber Essentials certification, and work securely with cloud solutions.

Find out more by booking a Discovery Call for an introductory data protection chat with one of our friendly and experienced team.

Take a look at our latest Posts