June was another busy month for data records incidents, with more than 14 million records breached across 79 incidents. The three biggest attacks accounted for more than 13 million breached records – almost the entirety of June’s total.
This compares to 98 million in May, 4.3 million in April, 42 million in March and 29.5 million in February, but it still doesn’t come close to the astounding 277.6 million records breached in January.
The MOVEit software vulnerability has wreaked havoc globally in recent weeks with OFCOM being one of several UK businesses affected.
Here’s the other top stories you need to read:
National Cyber Security Centre response to the MOVEit ransomware attack
Following news of the ransomware compromise at OFCOM, the National Cyber Security Centre (NSCS) has released guidance on applying the latest vulnerabilities fixes.
MOVEit is one of the fastest growing ransomware threats currently circulating, leaving businesses vulnerable.
British businesses provide crucial support in removing over 235,000 scams, new figures reveal.
The sixth annual report from Active Cyber Defence (ACD) revealed astonishing statistics with 7.1 million suspicious emails and websites being reported to cyber authorities in 2022, that’s one every 5 seconds!
The Suspicious Email Reporting Service (SERS) enables businesses to quickly and easily report suspicious emails and websites to the NCSC.
Hacking group publishes personal data online
Hacking gang BlackCat says it stole a wealth of personal information from a UK hospital group. This latest breach in healthcare targeted the five hospitals that Barts Health NHS Trust manages in London, with a trove of confidential data published online.
Swiss Government targeted by series of cyber attacks
The websites of several Swiss Government agencies and state-linked companies were rendered inaccessible due to a cyber attack in early June. The pro-Russia ‘NoName’ hackers group claimed responsibility. They specialise in attacks against European organisations.
The security implications of ChatGPT
For every new technology, there’s a threat to its integrity. The growing popularity of ChatGPT has led to many UK businesses experimenting with the technology but it poses potential reputational and security risks for companies.
81% of those surveyed by Malwarebytes are concerned about possible security and safety risks and 63% don’t trust the information it produces.
NCSC marks 20th anniversary of first response to state-sponsored cyber attack
In June 2003, GCHQ experts were involved in responding to a cyber attack against the UK Government for the first time. The Government response to the malware attack led to the (eventual) creation of the National Cyber Security Centre in October 2016.
How cyber incidents are affecting business risk
Each year Verizon releases a data breach investigations report analysing thousands of cyber incidents to identify business risk. In 2022, business email compromises doubled with system intrusion, social engineering and basic web application attacks accounting for 92% of SMB breaches.
Humans are still the weakest link in cyber security, with the main method of entry into victim networks being stolen credentials (49%), followed by phishing (12%) and exploitation of vulnerabilities (5%). Training is crucial for businesses and can reduce your organisation’s risk by as much as 70 percent.
NCSC and international partners shine a light on Lockbit ransomware threat
UK businesses have been warned about the ongoing threat posed by the Lockbit ransomware operation. Organisations of all sizes in the UK and globally have been targeted since 2022 with it continuing to present the highest ransomware threat to UK organisations.
PCI Compliance update
Does your business need to be PCI compliant for card payments? There’s been an update to the legislation to make it more specific. The focus is on cardholder data and making it more difficult for threat actors to compromise.
Businesses will need to ensure that they are up-to-date on the regulation and have taken all the steps required by the legislative updates.
Microsoft outages from cyber attack
Disruptions to Outlook and Microsoft Cloud Platforms in early June were the result of a cyber attack. A hacktivist group claimed responsibility, utilising DDoS attacks to cause the disruption.
Whilst there is no evidence that customer data was accessed or compromised, the outages impacted businesses, potentially leading to financial losses due to the amount of time lost to downed systems.
Getting worse at cybersecurity
More SMEs now believe they need to improve their cybersecurity, but research highlights that SME capability has actually declined in the last twelve months, with over half (51%) of SMEs believing their cybersecurity requires extra development to be futureproof. This is up from 40.5% in 2022.