In the past month alone we’ve seen ChatGPT, Western Digital, Microstar International and Pizza Hut all admit to suffering data breaches. As these breaches become ever more common, we need to remind ourselves that our personal data is only as safe as the company holding it. This month’s data infringements may have been on a smaller scale, but we at Banklesstimes.com decided to take a deeper look into the world’s largest data breaches around the world.
With many well-known companies on the list, these breaches seem to have done little to affect the overall perception of the brand. While it is difficult to garner reliable comment on sites of a sensitive nature such as Cam4, we know that the site boasted 2 billion visitors a year at the time of the breach in 2020. In 2022, this number shows no sign of waning.
This may be down to the fact that it was a security firm that discovered Cam4’s exposed database, rather than cybercriminals. Should the sensitive information have fallen into the wrong hands, the outcome may have been very different.
Of the nine companies included within the largest data breaches, there is only one that has closed down since details of the breach came to light – verifications.io. This breach exposed 763 million records, and, as with Cam4, was discovered by a security firm. However, in the case of verifications.io it is still unclear if anyone else accessed the data during the exposure window and whether the data was combined with information from other sources to aid in identity theft schemes.
One such scheme is ‘email spoofing’, a process by which fraudsters pretend to be someone or something else in order to gain trust. This usually takes the form of a recognised brand, and 2022’s list of the top companies being spoofed includes some of the largest names in tech.
In the past year, we’ve seen threat actors move away from finance and e-commerce and instead are focussing their efforts on larger technology brands. This is due to the fact that phishing kits are getting more intelligent and the brand being spoofed can be altered by changing a simple parameterJonathan Merry, CEO of BanklessTimes.com
Asia-Pacific is the Most Cyber Attacked Region
The top ten spoofed brands for both 2022 and 2021 are exclusively made up of companies that have their headquarters in the United States. However, it was Asia-Pacific that took the top spot as the most attacked region in the world for the second year running. Asia is accountable for 31% of all data breaches, growing year-on-year from 26% in 2021. In 2022, 91% of all the attacks in the Asia Pacific region were targeted at Japan.
Europe was the second most attacked region in the world, and 43% of all the cases in Europe occurred within the United Kingdom. Europe’s most attacked industries were professional, business and consumer services, each accounting for 25% of the cases within the region.
In 2022, there was a slight increase in the proportion of attacks occurring in North America, rising from 23% in 2021, to 25% in 2022. The most attacked industry in the region was the energy industry, which saw 20% of all attacks.
Brazil was the most attacked country in Latin America accounting for 67% of all cases in that region.
The Middle East and Africa has the lowest proportion of attacks (4%), a number which has dropped drastically from 14% in 2021. The most common attack in the region was the deployment of backdoors, with Saudi Arabia bearing the brunt, with two-thirds of all attacks.
How Can Companies Recover From Data Breaches?
With no region or locale safe, how do the general public feel about the brands responsible for data breaches? In a recent study, 64% of people in the United Kingdom admitted that they were unlikely to trust a brand again after a data breach, whereas 23% felt that they still would.
44% believed the firm should give a detailed explanation of what happened and how it will be prevented in the future to gain trust. However, 22% felt that an apology wouldn’t be enough and that the firm should offer compensation, while 9% wanted to see credit monitoring or identity theft protection services in place.
4% went even further, wanting to see the employees responsible for the breach fired or disciplined, while 1 in 10 simply wouldn’t be able to regain trust again.
While data breaches are unfortunate, it is unavoidable that they will sometimes happen. With the majority of the public looking for a solution rather than a scapegoat, we at BanklessTimes.com feel it is important for companies to prioritise transparency and to come clean when mistakes happen.
Contributors
