Cyber security news roundup: July 2022

Published on: 1 Aug 2022

We're rounding up some of the biggest cyber security stories of the past few weeks. In July, IBM's latest annual report revealed how data breach costs are leading to higher prices, the NCSC warned security pros of the risk of burnout, and new research highlighted how employees remain the weakest link in many organisations' defences.

Cost of data breaches hits all-time high, with consumers paying the price

The average cost of a data breach has reached a new high in the last 12 months, with a typical incident now costing firms $4.35 million (£3.58 million). What's more, the impact of this is translating directly to higher prices for customers as firms struggle to keep cyber attacks under control.

This is according to the 2022 Cost of a Data Breach report from IBM. It found that expenses related to cyber security incidents have increased by 13 per cent over the last two years. As a result, 60 per cent of surveyed companies admitted to raising their product or service prices due to the breach.

IBM's report also wanted firms not to pay in the event they are hit by ransomware, as this does little to mitigate the cost of a data breach. However, it did find companies that fully deploy security AI and automation incurred costs that were $3.05 million less than average, suggesting this technology is proving highly effective at keeping breaches manageable.

NCSC warns cyber security pros to 'prepare for the long haul'

The National Cyber Security Centre (NCSC) has issued a warning to security pros that they need to be prepared for an extended period of heightened risk as the war in Ukraine continues to pose threats to the UK's cyber defences.

As a result, organisations need to take care to focus on the welfare of their cyber security employees and ensure they do not succumb to burnout due to long periods of working under pressure. To assist with this, it has published a new set of guidance on how to protect staff without compromising on security.

Paul Maddinson, NCSC director for national resilience and strategy, said: "From the start of the conflict in Ukraine, we have been asking organisations to strengthen their cyber defences to help keep the UK secure. It's now clear that we’re in this for the long haul and it’s vital that organisations support their staff through this demanding period of heightened cyber threat."

1 in 3 employees 'don't appreciate' the importance of cyber security

Efforts by cyber security professionals to improve their organisation's defences may be undermined by poor practices from other employees, as new research has suggested a third of workers do not care about cyber security.

This is according to a report from Tessian, which found that while 99 per cent of business leaders recognise the importance of maintaining a strong security culture, there was a clear disconnect with the attitudes of employees. Andrew Webb, senior content manager at Tessian, said: "A significant percentage of employees are simply not engaged with the organisation's cybersecurity procedures and how they play their part in keeping their company secure."

The report also noted that only 39 per cent of employees say they’re very likely to report a security incident, with two-fifths (42 per cent) of employees saying they wouldn’t know if they had caused an incident, while a quarter admit to not caring enough about cybersecurity to mention it. This could therefore cause further headaches for security teams by making it harder to spot security breaches quickly.

Twitter probes alleged data breach affecting 5.4m users

Twitter has said it is investigating reports of a data breach after a hacker claimed to be selling the personal details of up to 5.4 million users of the social networking site on the dark web.

Information supposedly compromised includes names, phone numbers and email addresses, including those of celebrities, companies, and accounts with highly desirable usernames, as well as ordinary users. It is said to have been obtained by exploiting a seven-month-old vulnerability that was identified and fixed in January as part of Twitter's bug bounty programme.

A spokesperson for Twitter told the Register: "We are reviewing the latest data to verify the authenticity of the claims and ensure the security of the accounts in question ... We received a report of this incident several months ago through our bug bounty programme, immediately investigated thoroughly and fixed the vulnerability."