The threat of corporate email addresses and other employee data being stolen and exploited by cyber criminals still not being taken seriously, despite the potential damage such a hacking incident could do.
Researchers at cybersecurity company Terbium analysed how companies approach security risks and found that many are underestimating the damage which could be done if employee data was stolen and leaked to the dark web or wider internet.
According its Underrated Risks of Data Exposure report, just 11% of those surveyed believe corporate email addresses could be at high risk of exposure on the internet and even fewer believed social security numbers, names, bank accounts and payroll records of employees are the sorts of data which cyber criminals are interested in.
“People are generally concerned about their customer data being exposed. But when they look at employee data, no one cares, ” Emily Wilson, VP of research at Terbium Labs told ZDNet.
Companies are more worried about customer data being exposed by hackers – and while that does create loss of revenue and reputation, ignoring the potential cost of corporate data being stolen could make falling victim to an attack which exposes customer data much more likely.
“Corporate employee data is the skeleton key to whatever you want in the organisation,” Wilson explained.
“If you have employee email addresses then you engage in phishing and business email compromise. It’s a broad entry point into a company’s systems and having access to employee data gives you the run of the place,” she said.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
It isn’t as if corporate data hasn’t been stolen and leaked before – remote desktop logins can be purchased for just a few dollars – so this is an area which provides a great amount of risk to organisations. But for some reason it isn’t high on the radar when it comes to analysing potential cyber risks.
“They’re not stepping back and worrying about how attackers could get to customer data – they’re yet to realise that corporate data exposure is the linchpin that leads to all of these security issues that businesses are worried about day to day,” said Wilson.
“The fact you don’t really hear about corporate data as the headline story doesn’t mean it didn’t play a role early on in the delivery mechanism for whatever security issues you’re facing,” Wilson continued.
“It’s the data we use everyday: it’s not sexy, it’s just the data we rely on to run businesses and our everyday lives. It’s fundamental but people just seem to miss the connection there and cyber criminals love that,” she said.
READ MORE ON CYBER SECURITY
The latest dark web cyber-criminal trend: Selling children’s personal data
How to protect yourself in a data breach if your bank gets hacked CNET
Ransomware: Why we’re still losing the fight – and the changes you need to make, before it’s too late
Nearly 60% of businesses suffered a data breach in the past 3 years TechRepublic
Cybersecurity: Is your boss leaving your organisation vulnerable to hackers?