Skip to content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Organizations Have No Idea of a Data Breach’s Root Cause in 42% of Reported Cases

    New data shows how poorly organizations are at identifying – let alone removing – an attacker’s foothold, putting themselves at continued risk of further attacks and data breaches.

    We’d like to think our security stance includes some really great abilities to detect, investigate, detect, and remediate an attack. But new data from the Identity Theft Research Center’s Q1 Data Breach Analysis report shows that many organizations simply don’t know how to find the root cause of an attack resulting in a data breach.

    Q1 saw 445 reported data breaches, down from 512 the previous quarter. Despite the lower number of breaches reported to the ITRC, they did notice an increase in the percentage of breaches where there was no actionable information about the root cause of the compromise. In 42% of data breaches in Q1, organizations had no indicators of where the initial compromise occurred. To make matters worse, of the top ten data breaches reported, 60% of them could not identify a root cause.

    Not knowing how threat actors got in leaves the door open for continued leverage of the likely persistence established to either attack again or sell off the access to another threat group.

    According to the report, 378 of the data breaches were cyber attacks, with the top three attack types being phishing, ransomware, and malware. Cyber attacks in total affected over 85 million victims – the lion’s share of all the reported data breaches, representing 95% of all victims impacted within data breaches of all types in Q1.

    Even without knowing the root cause, there are really only three major initial attack vectors to address: RDP access (simple fix: get rid of any external remote access), vulnerabilities (a bit tougher, but patch and scan for vulnerabilities), and phishing attacks (addressed with a layered set of security solutions matched with a user base that is enrolled in continual security awareness training to ensure any malicious content that gets pass security solutions is spotted by users before they unwittingly help the attacker).


    The world’s largest library of security awareness training content is now just a click away!

    In your fight against phishing and social engineering you can now deploy the best-in-class simulated phishing platform combined with the world’s largest library of security awareness training content; including 1000+ interactive modules, videos, games, posters and newsletters.

    You can now get access to our new ModStore Preview Portal to see our full library of security awareness content; you can browse, search by title, category, language or content topics.

    The ModStore Preview includes:

    • Interactive training modules
    • Videos
    • Trivia Games
    • Posters and Artwork
    • Newsletters and more!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top