As we reach the end of 2024, the last quarter has seen the expected spike in cybersecurity incidents. With much of the world preoccupied with Black Friday deals and Christmas shopping, individuals as well as organizations open themselves up for risks to their data and finances. Here’s some of the key cybersecurity incidents at the end of 2024:
The data breach at Intesa Sanpaolo, Italy’s largest bank, has been known about for some time now, having occurred at the start of this quarter. Unlike in many high-profile data breaches, this one is not an external cyberattack breaching the internal systems. Rather, an internal employee was flagged for irregular access of confidential customer information, perhaps of as many as 3000 individuals.
This highlights a part of data security that we have not stressed enough in recent months – that a potential avenue of threat is not only external malicious actors, but disgruntled or careless employees within your own organization. Data systems have to be capable of handling this manner of intrusion as well, through various features including simply gating access for those who have no business need to view that data in the first place.
Striking the balance between restricting access too much and creating a bottleneck at the system administrator (who has to review and approve individual access attempts) and maintaining security over end-user access to data management systems is a complicated question, and requires good internal processes as well as a software system capable of enabling the policies you set.
Norway fines University of Agder for data handling
In a similar vein, the Norwegian Data Protection Authority (or Norwegian SA) has issued a hefty fine to the University of Agder for improper data handling and exposing individuals’ private information.
The root cause of this breach was an improper use of Microsoft Teams; the data in question was stored in a Microsoft Teams folder, and thus became discoverable through search for employees who had no business need to view or access this data. This represents a major risk and a data handling failure, resulting in the Norwegian SA stepping in.
We have spoken in past years about how Microsoft Teams, in becoming the largest co-working and chat platform for enterprises, has begun accumulating enough data to need to be treated with caution and care. This case illustrates the point perfectly; critical business communications and sensitive data is now being shared over the platform, necessitating the platform being treated like email or any other classical form of communication. This means archiving the data transmitted through it, ensuring it is recoverable, and making sure it is compartmentalized and secure in compliance with data protection regulations.
Your Data In Your Hands – With TECH-ARROW
