ESET cybersecurity researchers have found that phishing has been the most significant type of incident for businesses of all shapes and sizes over the past four years.
Of all the incidents reported in the ICO’s Data Security Incident Trends report, phishing was by far the most reported, with nearly 2,700 incidents (2,694), about twice as many as the unauthorized access in second position.
With just over 1,000 incidents, ransomware was the third most reported type of incident, followed by verbal disclosure of personal data and hardware/software misconfiguration.
Over the past two years, the number of reported cybersecurity incidents has skyrocketed from 573 reports in Q1 2019 to 714 in Q2 2022. Most reported incidents – 737 – occurred in Q2 2020, which ESET says could be due to Covid-19. restrictions forcing people to work remotely.
All sectors have been hit by cyberattacks, but the media industry seems to have suffered the worst. It had a relatively low number of data security incidents overall, ESET says, but it also had the highest share of cyber incidents.
Retail and manufacturing recorded the highest number of cyber incidents overall with 943, followed by general business (858) and finance, insurance and credit (788).
Analyzing cyber incidents as a whole, “Data emailed to wrong recipient” is the most common (3,719 since Q1 2019/20), followed by “Data emailed or faxed to wrong recipient” and “Loss/theft of documents or data left in an unsecured place” (2,806 and 1,931 incidents).
With attackers becoming more skilled and using better tactics, verifying genuine emails has never been more important, says Jake Moore, Global Cybersecurity Advisor at ESET.
“Criminals continue to use email as the number one attack vector in hopes that they can install malware or take over email accounts, posing as someone known to the victim to siphon off sensitive information.
Having safeguards in place, such as a firewall, is a must, he continues.
“Organizations should ensure they are prepared for phishing emails by implementing robust controls such as spam filters and multi-factor authentication, however, user awareness and training remains the best defense. against these growing attacks.”