Job search and retail websites in APAC compromised: Group-IB

Source: Group-IB. Distribution of ResumeLooters' compromised websites by country and sector.

Group-IB, a creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has identified a large-scale malicious campaign primarily targetting job search and retail websites of companies in the Asia-Pacific region.

The cybercriminal group, dubbed ResumeLooters by Group-IB’s Threat Intelligence unit, successfully infected at least 65 websites between November and December 2023 through SQL injection and cross-site scripting (XSS) attacks. Most of the gang’s victims are in India, Taiwan, Thailand, Vietnam, mainland China, and Australia.

Group-IB said ResumeLooters has stolen 2,079,027 unique emails and other records, such as names, phone numbers, dates of birth, as well as information about job seekers’ experience and employment history. The stolen data has been offered for sale by ResumeLooters in Telegram. Group-IB has notified identified victims.

Operating since the beginning of 2023, ResumeLooters has been using penetration testing frameworks and open-source tools to inject malicious SQL queries into 65 job search, retail and other websites and retrieve a total of 2,188,444 database rows of information. Of these rows, 510,259 were user data from employment websites.

Over 70% of the known compromised websites are in the Asia-Pacific region. The gang is primarily focused on India (12 victims), Taiwan (10), Thailand (9), Vietnam (7), mainland China (3), Australia (2), the Philippines (1), South Korea (1), and Japan (1). However, compromised websites have also been identified outside of the region.

Group-IB’s researchers have also identified two Telegram accounts associated with the threat actor. Both accounts have been used to offer the stolen data for sale in Chinese-speaking Telegram groups dedicated to hacking and penetration testing.

“In less than two months, we have identified yet another threat actor conducting SQL injection attacks against companies in the Asia-Pacific region,” said Nikita Rostovcev, Senior Analyst at the Advanced Persistent Threat Research Team, Group-IB.

“It is striking to see how some of the oldest yet remarkably effective SQL attacks remain prevalent in the region. However, the tenacity of the ResumeLooters group stands out as they experiment with diverse methods of exploiting vulnerabilities, including XSS attacks. Additionally, the gang’s attacks cover a vast geographical area.”

According to Group-IB, cybercriminals have been increasingly interested in the Asia-Pacific region. In December 2023, Group-IB reported on GambleForce, a cybercriminal group which conducted over 20 SQL injection attacks against gambling and government websites in the region. Unlike GambleForce, which focuses solely on SQL injections, ResumeLooters has a more diverse modus operandi.

In addition to SQL injection attacks, ResumeLooters successfully executed XSS scripts on at least four legitimate job search websites. On one of these websites, the attackers implanted a malicious script by creating a fake employer profile. As a result, the attackers were able to steal the HTML code of the pages visited by the victims, including those with administrative access. Malicious XSS scripts were also intended to display phishing forms on legitimate resources. It is believed that the attackers’ main goal was to steal admin credentials. However, no evidence of successful theft of administrative credentials was found.

To protect against injection attacks, Group-IB suggested that companies implement comprehensive input validation and sanitisation on both the client and server sides. Performing regular security assessments and code reviews will help to identify and mitigate injection vulnerabilities.

The comprehensive examination of ResumeLooters’ malicious infrastructure, tools, and tactics, along with the full list of indicators of compromise, is available in Group-IB’s latest blog post.

Quora announces security breach

Adam D'Angelo, CEO of Quora, has disclosed in a blog post that the question and answer site has suffered a security breach that could affect as many as 100 million users.

"We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future," D'Angelo said in the post.

Victims may have had their data compromised. This includes information such as their name, email address, encrypted (hashed) password, as well as data imported from linked networks when authorised by users.

In addition, public content and actions on Quora, such as their questions, answers, comments, and upvotes, might have been stolen. Non-public content and actions, including answer requests, downvotes, and direct messages - which D'Angelo says are rare - could also have been compromised.

Questions and answers that were written anonymously are not affected by this breach as Quora does not store the identities of people who post anonymous content.

The facts:

- The unauthorised access was discovered on 30 November. 

- Quora is still investigating.

- Quora's internal security teams are involved, together with a leading digital forensics and security firm. 

- Law enforcement officials have been notified.

- Quora is emailing users whose data has been compromised.

- All Quora users who may have been affected are also logged out, with passwords invalidated.

"While the investigation is still ongoing, we have already taken steps to contain the incident, and our efforts to protect our users and prevent this type of incident from happening in the future are our top priority as a company," D'Angelo said.

"We believe we’ve identified the root cause and taken steps to address the issue, although our investigation is ongoing and we’ll continue to make security improvements."

D'Angelo also said users should not reuse the same password across multiple services, and that passwords should be changed.

"It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We recognise that in order to maintain user trust, we need to work very hard to make sure this does not happen again.

"There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private.

"We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust," he said in the blog post.

In mid-2017 D'Angelo said Quora had 200 million monthly unique visitors.

Details:

Quora has prepared a FAQ for users. The page includes instructions on how to receive a copy of all Quora data about a user, and also how to delete a Quora account.

Explore:

The Quora breach comes soon after the Marriott breach, which WorkSmart Asia blogged. Security firm Sophos' comments on the Marriott breach are likely to hold true for the Quora breach as well.

Marriott announces security breach could affect up to 500 million guests

On November 30, Marriott announced that it is investigating a data security incident involving the Starwood guest reservation database.

The company has determined that there was unauthorised access to the database as of November 19, 2018. The database contains guest information relating to reservations at Starwood properties* on or before September 10, 2018. Starwood brands include: W Hotels, St Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, as well as Four Points by Sheraton and Design Hotels. Starwood branded timeshare properties are also included.

On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database in the US. Marriott engaged security experts to help determine what occurred, and learned that there had been unauthorised access to the Starwood network since 2014. 

"The company recently discovered that an unauthorised party had copied and encrypted information, and took steps towards removing it. On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database," Marriott said in a statement.

The company estimates that the encrypted information affects a maximum of 500 million guests who made a reservation at a Starwood property. "For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. 

"For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128). There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken. For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information," the company said.

“We deeply regret this incident happened,” said Arne Sorenson, Marriott’s President and CEO. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.

“Today, Marriott is reaffirming our commitment to our guests around the world. We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call centre. We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.”

Marriott reported this incident to law enforcement and continues to support their investigation. The company has already begun notifying regulatory authorities. Marriott has also taken the following steps to help guests monitor and protect their information:

Dedicated website and call centre
A dedicated website and call centre has been set up to answer questions about the incident. A set of frequently-asked questions on the site may be supplemented over time.

The call centre is open seven days a week and is available in multiple languages. There are numbers on the website available for Australia, China, India, Japan, South Korea and the UAE. Call volume may be high, Marriott said.

Email notification
Marriott has been sending emails since November 30, 2018, to affected guests whose email addresses are in the Starwood guest reservation database.

Free WebWatcher enrollment
Marriott is providing guests the opportunity to enroll in WebWatcher free of charge for one year, but only in the US, UK and Canada. WebWatcher monitors Internet sites where personal information is shared and generates an alert to the consumer if evidence of the consumer’s personal information is found. Due to regulatory and other reasons, WebWatcher or similar products are not available in all countries, Marriott explained.

"Don't Google WebWatcher," said John Shier, Senior Security Advisor, Sophos, warning that hackers will already be capitalising on the incident. "If you Google 'WebWatcher' you won't find the monitoring service, you'll find lots of links to spyware of the same name. Don't sign up for that. Do follow the links to country-specific versions of the official breach site. You cannot sign up for monitoring from the main breach page, you have to go to the all-but-identical versions of the page for the US, UK or Canada."

"The potential fallout from the Marriott’s Starwood data breach should be alarming to anyone who has stayed at a Starwood property in the last four years. Not only are guests at risk for opportunistic phishing attacks, but targeted phishing emails are almost certain, as well as phone scams and potential financial fraud. 

"Unlike previous breaches, this attack also included passport numbers for some individuals who are now at increased risk for identity theft. At this point, however, it's unclear what level of exposure each individual victim has been subject to. Until then, all potential victims should assume the worst and take all necessary precautions to protect themselves from all manner of scams," he added.

Victims should be on alert for spearphishing, Shier noted. "This creates the perfect scenario for cybercriminals to actually spearphish consumers because they have this type of detailed information," he said.

And while Marriott has said it will email Starwood Preferred Guests who may be impacted, he said that recipients should not click on links in emails or other communication that seem to have come from Marriott or Starwood hotels. "It’s possible that criminals will try to take advantage of this by sending malicious tweets or phishing emails that look like they’ve come from the company. Hover over URLs and links to see the address before you click. Look at the email address to see where it is from," he advised.

Credit cards should be monitored for suspicious activity as well. "As a safety precaution, change the password to your online credit card account. If you use the same password for similar financial management websites, immediately change the password on those websites. As a best security practice, always choose a different, strong password for each sensitive account," he said.

He also suggested changing passwords to Starwood Preferred Guest accounts.

Beware the insider in data privacy protection: Infowatch

Internal violators are the most serious threat to data privacy in Southeast Asia.  Data leaks in ASEAN countries are mainly caused by the negligence of top-level executives and employees with access to sensitive and confidential data, according to the latest research by cybersecurity and data leak prevention expert InfoWatch Group.

Just over 56% of Southeast Asia incidents of compromised data were caused by executives, employees, IT administrators and other authorised personnel, the company said. The other 44% were the result of external attacks and former employees. The global figure is higher at nearly 60%.

Source: Infowatch. Up to 56% of Southeast Asia incidents of compromised data were caused by executives, employees, IT administrators and other authorised personnel.

“It is a disturbing sign to see that a relatively high percentage of leaks stem from top managers and system administrators who fall into the category of ‘privileged users’,” said Vladimir Shutemov, Chief International Business Development Officer of the InfoWatch Group.

Shutemov, who also heads InfoWatch SEA operations based in Kuala Lumpur, added, “Leaks due to blunders, intentional violation of rules or malicious activities of privileged users are the most destructive as they have more access to sensitive data compared to rank-and-file employees.”

Shutemov was citing the latest findings of InfoWatch research unit InfoWatch Analytics Center, on data leaks reported by governments and commercial and non-commercial organisations in Southeast Asia, South Korea, India and Bangladesh. The research was based on information sources in the media and other public domains between July 2016 and July 2017.

Shutemov said users with advanced permissions either unwittingly or deliberately cause the leakage because they were “unhappy” with any attempt by their organisations to control their PCs, laptops and mobile phones.

By industry category, the research also pointed out that up to 43% of leaks in Southeast Asia stemmed from public institutions including government, military and law enforcement agencies, compared to only 13% worldwide.

Source: Infowatch. Southeast Asia stood out for the number of leaks stemming from the public sector. 

In Southeast Asia, South Korea, India and Bangladesh, the report found that personal data comprised almost 77% of the leaks, followed by payment details at 15%, trade secrets or knowhow at 5%, and state secrets contributing 3%.  In comparison, 62% of data leaked globally was personal data, while up to 31% of data stolen were of payment details.

Source: Infowatch. Almost 77% of leaks were around personal data in Southeast Asia.

“In line with global trends, Southeast Asia and other Asian countries are striving to improve cybersecurity. Their governments have toughened up personal data laws, while enterprises more and more often use information security tools against external and internal intruders. But more needs to be done as technology advances and the intruders become more sophisticated,” said Shutemov.

In terms of channels, browsers and cloud storage turned out to be the most common places where data is leaked, accounting for almost 74% of all cases, while equipment loss, such as stolen laptops, and the popular use of instant messaging apps together caused 14% of leaks. Globally, browsers and cloud storage figured in 61% of data leaks, followed by email (23%), and paper documents (8%).

InfoWatch currently serves more than 1,500 large customers worldwide with its proprietary and patented cybersecurity technologies. Its suite of data leak prevention and cybersecurity solutions can analyse content in Asian languages for the prevention of data leaks, including in Malay, Bahasa Indonesia and Vietnamese.

Established by Natalya Kaspersky in 2003, InfoWatch pioneered the data leak prevention (DLP) market. InfoWatch products are available in the Middle East, India and Southeast Asia.

Security breaches have serious repercussions for customer loyalty

Source: Gemalto infographic. Consumers are willing to take legal action against companies which suffer security breaches of consumer data.

Nearly two-thirds (64%) of consumers worldwide say they are unlikely to shop or do business again with a company that had experienced a breach where financial information was stole​n, and almost half (49%) had the same opinion when it came to data breaches where personal information was stolen. This is according to a recent global survey* by Gemalto. a digital security provider, titled Broken Trust: 'Tis the Season to Be Wary, which surveyed 5,750 consumers in Australia, Brazil, France, Germany, Japan, the UK and the US.

Six in 10 people surveyed (59%) believe that threats to their personal information increases during the festive season, while two in 10 (18%) believe that they are likely to be a victim of a breach during the holiday season.

A quarter of all respondents feel that companies take the protection and security of customer data very seriously. More than twice as many respondents feel that the responsibility of protecting and securing customer data falls on the company (69%) versus the customer (31%). Of the employed respondents, only around two fifths (38%) feel that their employer takes the protection and security of employee data very seriously.

The survey revealed that 31% of respondents have already been affected by data breach in the past. Around four in 10 state the most likely causes for being a victim of a breach are visiting a fraudulent website (42%), phishing attacks (40%) or clicking a fraudulent web link (37%). The emotional impact of data breaches has also created apprehensive feelings towards businesses with nearly one fifth surveyed (19%) feeling they are likely to be a victim of one within twelve months to three years.

Ninety percent of surveyed consumers feel that there are apps and websites that pose significant risks to the protection and security of their personal information. Fifty-five percent believe that social media sites expose them to the greatest risk, and around two in five respondents believe adult content and torrent apps/websites carry the greatest risk to the security of personal information.

Around a quarter (23%) of respondents who have been a victim of a data breach, either have, or would, consider taking legal action against the breached company involved in exposing their personal information. Almost half (49%) of respondents said they would take or would consider taking legal action against any of the parties involved in exposing their personal information.

However, the consumer may also be at fault. The survey also found that more than half (54%) of respondents are using the same password for all or some of their online accounts. Of the respondents who actively use social media accounts, only a quarter (25%) use two-factor authentication to secure all of their social media accounts.

Of the respondents who actively use online/mobile banking, around six in 10 (58%) say that all of their banks use two-factor authentication to secure their Internet banking. This is not as widespread amongst retailers, however. Of the respondents who actively use online retail accounts, just a quarter state that all of the online retail apps/websites they use require two-factor authentication to secure online transactions.

"The media coverage of massive data breaches has done little to instil consumers' confidence in how well companies, big and small, are protecting their data," said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. "The fact that employees don't even feel that their employers are taking the protection of their personal data security very seriously rings alarm bells. Either companies need to increase their security measures or, assuming that they already have these in place, they need to communicate this to their customers."

Source: Gemalto infographic. The websites which pose the greatest threat to customer data theft.

"As companies collect ever-increasing amounts of customer data and as our digital interactions become more diverse, more data about what we do, who we are and what we like is being stored online," continued Hart. "The survey proves that the traditional data security mindset needs to evolve, this goes for companies and consumer adoption of advanced security measures like two-factor authentication. Otherwise, an increasing numbers of consumers will cut ties with companies who aren't taking data protection seriously, and take their business to someone they can trust."

Interested?

Read the Customer Loy​alty and Data Breach Report
View the complete infographic​​

*Independent technology market research specialist Vanson Bourne was commissioned by Gemalto to undertake the research, for which 5,750 consumers were interviewed during October and November 2015. Seven hundred and fifty interviews were conducted in each of the following countries: UK, Australia, Japan, France and Germany, and 1,500 interviews in the US, plus 500 in Brazil. To qualify for the study, consumers had to actively use online/mobile banking, social media accounts or online retail accounts.​​

Asia Pacific to see more cyberattacks in 2015

An annual prediction report from cybersecurity leader Trend Micro reveals that retail and financial institutions outside of the US will be increasingly targeted by cybercriminals in 2015.

Trend Micro Security Predictions for 2015 and Beyond: The Invisible Becomes Visible says that in 2015 there will be a rise of targeted attack campaigns across the Asia Pacific (APAC) region. Such attacks focus their efforts on infiltrating a specific organisation. 

Noteworthy cases in the US and China show that targeted attacks have become the preferred means of intelligence gathering for cybercriminals. The motivations behind these campaigns include obtaining financial information, personal data, top secret classified government data, and intellectual property (IP) such as industry blueprints. 

Trend Micro threat defense experts have already noted attacks against organisations in Vietnam and India, and recently in Malaysia and Indonesia. Attacks in other APAC countries can be expected. In particular, social media will increasingly be abused as infection vectors. Social media can be used to carry suspect links, and also as a reference to personalise the content used to dupe a user into visiting a malicious site or downloading malware.

“What we are seeing today is not a huge surprise. Cybercriminals have increased their velocity and the brutal measures they use to steal information,” said Dhanya Thakkar, Managing Director, Asia Pacific, Trend Micro. “Following the success of targeted attacks from Chinese and Russian cybercriminals, many attackers from other countries will regard cyberattacks as a more practical method to grab a foothold in an organisation.”

Trend Micro Security Predictions for 2015 and Beyond: The Invisible Becomes Visible makes several predictions for 2015:

Targeted attacks will become as prevalent as cybercrime.

A security threat could focus on getting 'command and control' access, such as issuing a command to the hard disk to destroy itself, criminal purposes, hacktivism, espionage, or just destruction. 

David Siah, Singapore Country Manager, Trend Micro likened network protection to Mentos, a popular candy with a hard exterior and a chewy interior. While enterprises invest in hardening the external perimeter, the network inside is still 'soft'. "If someone wants to get in, he will get in, and can do anything within the castle walls," he said. 

Attacks will target Android

The increased adoption of mobile devices will also increase the risk for mobile users. Android—the top mobile platform in APAC, making up an average of 71% of total impressions—has a fragmentation problem. This means the mobile device user has to rely on the device provider to protect the software.

Cybercriminals can take advantage of this fragmentation problem by developing exploits for existing device vulnerabilities that have not yet been patched. This can be done easily using exploit kits similar to the infamous Blackhole Exploit Kit.

Trend Micro also found that companies still believe that they are unlikely to be targeted, or that trusted environments are safe. A survey by Trend Micro found that 35% of companies in APAC are sure they have escaped attacks, whereas more than a quarter (26%) actually said they do not know. The remainder either suspect, or know that they suffered breaches.

Siah.

The reality is that more malicious detections were detected and blocked in Singapore over Q314 than in Q214. Siah said that in Q3, than 7 million attempts were made by Singapore-based users to access malicious websites, with 611,000 attempts trying to get to malicious URLs hosted in the country.

Siah highlighted that common malware like WORM_DOWNAD.AD, codenamed 'Conficker', are still making it to the top 10 in Singapore, implying that Singapore users are not updating their systems regularly, or using an operating system that is no longer supported by Microsoft, such as Windows XP. 

A vulnerability termed CVE-2012-0158 is a favourite means of attack, followed by CVE-2010-0188. The first was discovered in 2012, and the second in 2010, Siah added, showing that victims have not patched their systems against them since 2012 and 2010 respectively. 

Microsoft Office accounts for 53% of targeted attacks, and another 46% are through Adobe Reader. "We live so much with documents today. If there is an attachment I might just click on it, it could present itself as a legitimate document that talks about my work, or a report about the industry that I'm very interested in," noted Siah. 

While lax user practices help the online cybercriminal community, and well-known malware like Zeus is offered free to the community, it may seem like updating systems regularly will be enough protection; but Siah said such updates depend on bugs to be publicly announced by others, after which 'signatures' can be created to detect them. This leaves a window of opportunity in between the announcement of the bug and the availability of the patch for cybercriminals to target users. 

In addition, known vulnerabilities are just the tip of the iceberg. Existing bugs like Shellshock were only announced after decades, while malware can mutate to the point where they are essentially signatureless. "Traditional cybersecurity defences cannot detect such signatureless threats," Siah warned. "Exploiting a vulnerability will be as easy as creating an app."

It is a global problem, even if targeted attacks used to be associated only with countries like US or Russia, Siah further said. Trend Micro is aware of gangs in Brazil and China, and while the cybercriminals may base their operations in one country, they could be connected by the Internet to anywhere else in the world. 

Siah shared that Trend Micro sensors have found that attacks in APAC range across Taiwan, Japan, Indonesia, mainland China, Malaysia, the Philippines and Bangladesh, with Singapore being a relatively minor target. "If a US company has a Taiwan subsidiary, the attackers could go to the subsidiary and once they have gained control of the Taiwan servers they could then jump internally from country to country till they reach the main HQ," Siah pointed out. 

Users should expect that at least one of their accounts, whether on web services or online portals, will be compromised. The prevalence of social media usage in APAC – with about 970 million active social media users – will make users in the region viable targets. Given the predicted increase of attacks next year, cybercriminals will have more opportunities to steal user credentials. As a result, Trend Micro advises users to be more diligent when it comes to password use and online security.

Click here for the full report.

ESET champions two-factor authentication for SMB security

Security specialist ESET has warned that small to medium-sized businesses (SMBs) are easy prey for cybercriminals, as personal data can be stolen from them relatively easily. A recent study from Javelin Strategy & Research notes that stolen personal data is driving a multi-billion dollar industry.

"Cybercrime has evolved greatly over the last 30 years. It started with viruses and evolved to hacking and malware. Today, identity theft is one of the most damaging threats to businesses in the region," said Lukas Raska, COO of ESET Asia. "All it takes is a single breach to bring an entire business to its knees and cause a huge inconvenience for those who have trusted businesses to keep their data safe."

"More and more we are seeing SMBs being targeted by this kind of attack," said Parvinder Walia, Director at ESET APAC. "There are a number of reasons for this. Firstly, unlike their larger counterparts, SMBs generally have lower budgets for cybersecurity, making them a lot easier to penetrate for today's sophisticated and often well-funded attacker. They are also less likely to have personnel whose key role is to protect that data. SMB websites are also often less secure, making them an easy access point for cybercriminals."

Recent research from Verizon has revealed that two-thirds (67%) of breaches investigated occurred in smaller organisations (fewer than 100 employees), which were often small, independent franchises of larger firms.
 

"It might look like hackers have a lot less to gain from hacking small businesses; however, in many cases, SMBs are in fact low hanging fruit, offering an easier and quicker way to access a much larger pool of vendors, partners, customers and more," said Walia.

Two-factor authentication, also known as 2FA, is a dual-step verification process that requires users to input not only a password and username (something known) but also a one-time code from devices such as mobile phones or secure tokens (something owned).

While a strong password may go some way in resisting brute-force attacks, one-time passwords generated by a 2FA system are randomly generated and cannot be predicted or reused, effectively adding another layer of protection during login.

"Given the limitations of password-only systems for SMBs, 2FA is presently the most ideal option for SMBs to reduce the risk of having their data stolen without the need to break the bank. Unlike large, complex and costly security architecture, 2FA serves as a scalable and cost-effective way to protect SMBs and their customers from identity and data theft," added Walia.
"2FA remains one of the most cost effective options for SMBs and other businesses, to protect against the loss of critical personal data that can lead to identity theft. The real cost of each breach is immeasurable, especially when there is loss of intellectual property, damage to the brand or disruption to the business. It's also critical however for businesses to make sure they have the correct organisational structures and protocols in place to further enhance security levels, no matter the size of their organisation," agreed Raska.

Walia noted that there is no 'magic bullet' against attacks, however. He recommends that SMBs exercise additional precautions in combination with 2FA in order to minimise the likelihood of a data breach, including:

* Making sure employees, partners and vendors, who are an organisations' front line in security, are aware of the relevant protocols in keeping their network secure, including the responsible use of social media and enterprise applications 

* Installing an effective endpoint security system that includes antivirus and anti-spyware software and a robust endpoint encryption solution that scrambles data on USB and optical media, emails, attachments and laptop hard drives 

* Empowering a member of staff to take charge of data protection as part of their role 

* Ensuring that all security software is up-to-date