The news that has broken today about the scale of the Yahoo hack has surprised everyone, officially coming in as the largest internet hack on record at half-a-billion users. That is a sizeable proportion of the entire world’s population!
What has also surprised some people is that Yahoo has identified the hack as the work of a state sponsored actor, whilst not identifying the state itself. The company has said that such state sponsored attacks have become increasingly common across the technology industry. Yahoo claim to have alerted 10,000 individual users that their accounts have been targeted by state sponsored actors since last December.
No-one in the cyber security industry will argue with this claim. Cyber warfare is replacing tanks and missiles as the arena of choice for former cold-war rival states. The resources available to such cyber actors are of course massive, meaning that is it becoming increasingly hard to protect yourself if you are identified as a company or website of interest, as clearly Yahoo was.
The threat comes from both outside, penetration attacks on the corporate security perimeter, and inside, the so-called social engineering threat, where employees are targeted as the weakest point in the corporate security chain.
Research that Transputec has commissioned from the well respected Business Continuity Institute highlights this growing threat of cyber attack. 66% of respondents to the survey reported that their companies had been affected by at least 1 cyber security incident over the last 12 months, with 6% reporting annual costs of more than €500,000.
The BCI research shows clearly that phishing and social engineering is now the single top cause of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months and 37% hit by spear phishing.
The research has also confirmed that to effectively counter this threat companies now need behavioural threat detection, provided by a cyber security network monitoring solution. 63% of companies already have network monitoring software in place.
The scale of the cyber threat can feel overwhelming at times. But educating your own employees about the nature of the threat and then putting in place the right solutions can go a long way towards mitigating the social engineering threat and significantly enhancing your corporate cyber resilience. Act now before it is too late.