Biggest Cyber Security Risks of 2022 | One in Five UK Employees in Data Breach | Ubisoft Breach Update
Article by Christopher Lauder, Delegate Relationship Executive, Rela8 Group
Biggest Cyber Security Risks of 2022
To begin, Forbes has spoken to Equifax CISO Jamil Farshchi about what he believes are the top ten most serious cyber security threats faced by industries and society in 2022, and how the industry should evolve to meet these threats.
According to Jamil, the top ten most serious threats for 2022 are as follows:
- The threat of quantum computing in attacks
- Director and board liability in security incidents
- The reliance on digital supply chains
- The risk of identity theft owing to consumer and business behaviour
- Lack of talent
- Cloud incompatible
- New entrants into the threat actor market
- Limited coverage by insurance
- Lack of headway in government cyber security legislation
- “Winging it”
The full list with context for each point can be found by checking out Jamil’s post on LinkedIn, or by checking out the full interview by Forbes linked below.
Source - List of Threats for 2022 - Forbes
One in Five UK Employees in Data Breach
According to data from Impero, one in five employees in the UK have been directly involved in a security breach or loss of sensitive data, showing the sheer scale of risk for companies of all sizes.
The report also found that more than half (56%) use personal devices to access company data and systems - on average, three times a week - opening the door to threat actors.
The research, based on a survey of 2,000 employees about their cyber security behaviours and experiences, reveals that almost half (42%) of those workers using personal devices to access workplace data claimed their employer had no security policies controlling how these items devices can interact with sensitive information. This is obviously an incredibly dangerous move, with 91% of the employees who had been involved in a security incident saying that they used personal devices to access sensitive data while at work.
The average UK worker accesses company and customer data four times a week and employee data two times a week, with a third using between three and five different Internet-connected devices at any one time. The research also reveals:
- A quarter (24%) of employees lack confidence in recognising cyber security threats while at work, while a similar number (26%) agree that their company could improve the quality of its cyber security training
- Four in 10 employees would consider leaving their job if their company was involved in a major cyber security incident or data breach.
- Nearly half (47%) said remote working has made them more concerned about the security of their work devices
- A quarter (26%) are worried about being involved in a cyber security incident or data breach in the future
- Only around half (or less) of employees have access to crucial tools such as multi-factor authentication (45%), web filtering (47%), laptop encryption software (50%) and virtual private networks (52%)
Justin Reilly, CEO of Impero said:
“Employees shouldn’t need to be worried or threatened by the prospect of security breaches – their employers should provide the tools and training they need to feel secure. This is especially important at a time when the competition for talent is intense and ‘The Great Resignation’ looms large. A truly secure, connected working environment can only be achieved by harmonising people, processes, and technology.”
Ubisoft Breach Update
Gaming giant Ubisoft, who fell victim to a cyber attack at the start of this month, have provided updates on the attack. The company has admitted that they had to order a password reset across the entire company following the breach. They still maintain their position that no personal information of their users was compromised.
In a statement, Ubisoft said:
“Our IT teams are working with leading external experts to investigate the issue. As a precautionary measure we initiated a company-wide password reset. Also, we can confirm that all our games and services are functioning normally and that at this time there is no evidence any player personal information was accessed or exposed as a by-product of this incident.”
The Lapsus$ Group has claimed responsibility for this attack. You may remember the name from when they claimed responsibility for the recent NVIDIA and Samsung Electronics breaches. Ubisoft is yet to confirm whether it was indeed Lapsus$ behind the attack.
Source - Ubisoft Breach Update - PC Gamer