Why The Data Breach Decline Is Bad News For Businesses

The Interstate Technology & Regulatory Council (ITRC) released new data on the state of cyberattacks and data breaches with some surprising news: data breaches were actually down in 2020 year-over-year.

But the findings aren’t necessarily cause for optimism, warns ITRC President and CEO Eva Velasquez.

“While it is encouraging to see the number of data breaches, as well as the number of people impacted by them, decline, people should understand that this problem is not going away,” she said in a statement. “Cybercriminals are simply shifting their tactics to find a new way to attack businesses and consumers. It is vitally important that we adapt our practices, and shift resources, to stay one step ahead of the threat actors.”

Indeed, the latest research suggests that increasingly, cybercriminals are becoming more aggressive in their attacks on businesses and their finance departments.

At the same time, as this week’s B2B Data Digest reveals, fraud can come from many sources, not only outside of the enterprise. From commercial card misuse to invoice fraud, internal employees can be the bad actors, too.

40 legitimate email accounts of company executives have been compromised in a phishing campaign targeting businesses, according to Gov Info Security reports. The scam involves sending a phishing email claiming to be a Microsoft Office 365 update. Cybercriminals are using the tactic to steal company credentials, including executive email addresses, which are then sold on the dark web. The campaign is targeting businesses across the U.S., U.K., Canada, Australia and Europe, reports said.

19 percent fewer data breaches occurred in the U.S. last year, according to new data from the ITRC. But the statistic is no cause for celebration: according to the report, the decline in data breaches can be attributed to the fact that cybercriminals are instead turning their attention toward Business Email Compromise (BEC) scams that target company accounts payable departments. At least 44 percent of the 2020 data breaches examined in the report involved phishing or BEC scams, while 694 businesses reported having been impacted by cyberattacks on their supply chains last year.

$727,000 was defrauded from a Missouri trucking company in an employee expense scam, reports in FreightWaves said. An individual has pleaded guilty to wire fraud, bank fraud and money laundering charges. Reports said the person served as a bookkeeper at the trucking company and misused company credit cards to pay for hundreds of thousands of luxury goods over two years. The scam also reportedly involved having the trucking company’s bank issue a new company credit card to the person, as well as forging the company owner’s and employees’ signatures on checks from a variety of bank accounts.

$4.2 million was stolen by a National Australia Bank (NAB) ex-employee in an invoice scam, reports in ABC.net said. The person is said to have conspired to approve deliberately inflated invoices sent to NAB by one of its vendors, an event management company. Reports said the individual colluded with another individual from that event management company to submit fraudulently inflated invoices, and then pocket the difference. The former NAB employee was found guilty and sentenced to eight years in prison.