Understanding (and Avoiding) Data Breaches at Mid-Size Companies

Understanding (and avoiding) data breaches is a necessary step for businesses of all sizes if they are to recover from these costly growing threats.

Businesses of all sizes are susceptible to data breaches, but mid-size companies are especially vulnerable. Throughout 2020 and 2021, the number of cyberattacks against midsize businesses in every industry examined jumped by at least 50%, with 2021 setting a record for the most data breaches on record, according to non-profit organization Identity Theft Resource Center (ITRC). And in the first quarter of 2022, the organization reported that data breaches were up 14% over the same time period in 2021. What’s alarming about that? Typically Q1 has the lowest number of data compromises each year.

Attacks against companies in the healthcare and transportation sectors were the highest, rising by more than 125% between October 2020 and October 2021, according to a report by Coro. Incidents leveled against retail, manufacturing and professional services companies increased between 86% and 90%.

In its report, “The Great Cyber Security Market Failure and the Tragic Implications for Mid-Sized Companies,” Coro analyzed information on more than 4,000 midsize companies (defined as those with between 100 and 1,500 employees) across six industries, including retail, manufacturing, healthcare, and education.

Why are mid-size companies more vulnerable? Unlike larger, high-profile companies like MediBank and Uber, both of which have been subject to attacks in 2022, they typically lack the budgets, staff and resources to protect themselves against cyber attacks.

The pandemic also shifted workers to more remote working arrangements, growing the number of devices connecting to networks and greatly expanding the use of the cloud. Cybercriminals adapted as well, expanding their techniques to include ransomware via the cloud and email, endpoint malware, Wi-Fi phishing and insider threats. 

Midsize businesses can take steps to better protect themselves from data breaches and cyber attacks. Coro CEO Guy Moskowitz offers the following advice:

  1. Make sure you secure your email and cloud applications against malware, ransomware and account takeover. Such protection is not typically covered by email or cloud service providers.
  2. Antivirus products offer only a small chunk of the protection you need. Look beyond standard antivirus solutions toward full-fledged ransomware protection and device security tools.
  3. Install phishing prevention and protection for your email, Wi-Fi connectivity, and cloud applications.
  4. If you store private information for customers or employees, be sure to set up insider threat detection and data loss prevention across your endpoints, cloud applications, cloud storage and email.

Businesses can also incorporate safety measures such as installing Identity Theft Protection Software. While there are many types of white label identity protection on the market, the important thing is to take action before it is too late.