Acronis today drew attention to the results of recent research on cyber attack trends and corporate procedures in place, highlighting a potential global threat to the privacy and data security of organizations around the world. The company unveiled these findings on Data Privacy Day, to warn companies that they need immediate action to avoid potentially devastating attacks.
Recent research conducted by Cyber Security experts operating at the CPOCs (Acronis Operations Centers for Cyber Protection) reveals that 80% of companies has not yet enforced any password policy.
Between 15 and 20% of passwords used in business environments include the company name, a stratagem that simplifies its identification.
Two recent high-profile breaches exemplify the problem: Prior to the attack on its Orion platform, SolarWinds was notified of the presence of a weak password of one of the update servers: “Solarwinds123”; According to some information, the Twitter account of former President Donald Trump was hacked because the password “maga2020!” it was easily guessed.
In organizations that they have not enforced password policies, researchers find the use of default passwords; up to 50% of these are classified as weak.
The widespread use of weak passwords and the high number of employees working from home as a result of the ongoing COVID-19 pandemic make these teleworkers’ systems unsafe, and hackers take advantage of it. Throughout 2020, Acronis analysts have seen a substantial increase in the number of cyber attacks, with a strong incidence of password stuffing, in second place after phishing.
“The sudden rush to telework due to the pandemic has spurred the adoption of cloud solutions,” he explains Candid Wüest, Vicepresident Cyber Protection Research di Acronis. «In making this transition, however, many companies have not given due consideration to the needs of cyber security and data protection. Today these companies realize that guaranteeing data privacy is a crucial factor in a holistic Cyber Protection strategy that integrates data security and protection, and that it is essential to implement more stringent defense measures for those who work remotely “.
While the business world recognizes that one Advanced Cyber Protection can guarantee the privacy of its own data and those of customers, digital users are not yet sufficiently sensitive to the issue. A study reveals that 48% of employees admit a lower attitude to comply with data security rules when working from home.
According to analysts from Acronis CPOC centers, insufficient active password protection and a tendency to break Cyber Security procedures of teleworkers are among the causes of the increase in data leaks projected for 2021, which will have a heavy financial impact as criminals will be able to more easily access and steal valuable company information.
It is a trend already observed for ransomware attackers, who steal confidential or embarrassing data by threatening to publish it if the victim does not pay a ransom. In the past year, Acronis has identified more than 1,000 companies globally who have suffered data loss as a result of a ransomware attack.
To prevent a data breach from causing costly downtime, reputational damage, and administrative penalties, organizations need to strengthen authentication required to access company data.
“While Data Privacy Day 2021 is a tremendous opportunity to focus attention on potential data privacy risks, Acronis CPOC researchers identified other trends related to cyber threats, which this year pose great challenges to system administrators, managed service providers and Cyber Security professionals ».
La ricerca Acronis Cyberthreats Report, recently published, is available here.
