According to reports, UniCredit has uncovered a data breach involving the personal records of 3 million domestic clients, it said on Monday, the third security incident at Italy’s top bank in recent years.
Commenting on this, Rosemary O’Neill, director – customer delivery at NuData Security, a Mastercard company, said “All customer information is valuable to fraudsters, even if it doesn’t include financial information such as bank account details or credit and debit card numbers. Personal information, combined with other user data from other breaches and social media, builds a complete profile. In the hands of fraudsters and criminal organisations, these valuable identity sets are usually sold to other cybercriminals and used for myriad criminal activities, both on the Internet and in the physical world. Every hack has a snowball effect that far outlasts the initial breach.
“Spending money in itself isn’t enough. You need to spend it wisely. Especially in cybersecurity, where the amount of ways an attacker can get to you are huge and budgets for an average organization are finite. Spend it where it will matter most, where you get the best bang for your buck (or in this case Euro..). Around 91% of all successful data breach hes happen through the use of Social Engineering. They manipulate the human to gain entry to what they want. This is by far more than any other type of attack. This means that if you want to spend your money wisely, think about securing the human factor of your organization. You still need to spend money on a solid perimeter defense, and a up-to-date monitoring system such as a a SIEM. But forgetting about the human factor is like locking all the doors on your house, but leaving all the windows wide open.
“And the most efficient way to safeguard the human factor is by training them what is wrong and how they can make smarter security decisions. teach them, through proper security awareness training, to recognize when someone is trying to get confidential information from them. Also, teach users the value of information. In this instance, a file from 2015 was stolen. Under GDPR, itt still counts as a data breach, since probably most of the data in their is still valid. People tend to forget the value of data over time. especially if they are confronted with large amounts of it every day. information fatigue is a real thing. In this case, training the users the value of data wouldn’t have been enough. They would take it in, and forget it after a while. That is why User Awareness training should always be a continuous process. This way, we keep the things that matter top of mind.”