Article Preview
Top1. Introduction
The risk of Data breach is becoming one of the major concerns of the US and global corporations, especially with the remote work environment. With more companies allowing the employees to work from home, ensuring data privacy is much tougher given the employees could be working from public spaces such as coffee shops using public Wi-Fi networks that often do not follow the prescribed encryption standards and other security controls, thereby posing a greater threat for data breaches. A report by Interpol Interpol (refer Figure 1 for details) in 2020 reported an alarming rate of cyberattacks especially during the Covid-19 pandemic. Key findings highlighted by the Interpol assessment of the cybercrime landscape noted the three main types of cyber-attacks that has been on the rise, during the last few years are Malicious domain, malware and phishing frauds. (Interpol, 2020).
Figure 1.
Main Cyber-attacks as per Interpol report
The IBM Data breach report notes that (IBM, 2021):
- -
Data breach costs rose from USD 3.86 million to USD 4.24 million
- -
The average cost was USD 1.07 Mil higher in breaches where remote work was a factor in causing the breach
- -
The most common initial attack vector, compromised credentials, was responsible for 20% of breaches at an average cost of USD 4.37 million.
This paper compares five of the major breaches in US history Equifax, Desert Sands, Target, Yahoo, and City of Atlanta & Not Petya Case Study Reports using the Cyber Kill Chain analysis approach of Lockheed Martin (2022). Based on this analysis the paper discusses the common lessons learned and also proposes a cyber-attack mitigation plan/checklist based on the learnings from these attacks as well as industry best practices