UK CMA saw over 150 data breaches last 2 years
The UK’s competition regulator has revealed that it was targeted by more than 150 data breach incidents in the past two years.
Despite online cybersecurity hitting headlines on a daily basis, many organizations in the private and public sectors continue to suffer cyberattacks. Now, the Competitions and Markets Authority (CMA) in the UK has confirmed that across 2019 and 2020 there were 81 cases of unauthorized disclosure of information, while 40 devices were lost or stolen.
Given the role that the CMA plays within the UK business landscape, any information that falls into the wrong hands could be hugely damaging for the organizations concerned. In its regulatory role, the CMA handles internal business reports, email communications, and other sensitive data, which malicious actors could ultimately profit from.
Defending your data
Despite the sensitive nature of the information handled by the CMA, it seems that its data loss prevention safeguards are not working as well as they could be. The number of breaches that have taken place over the last two years is more than the 145 recorded across 2017 and 2018, indicating that its defences are in need of improvement.
Fortunately, there has been no indication that any of the CMA’s investigations were compromised by the breaches, although five of the incidents were reported to the UK’s data regulator, the Information Commissioner’s Office. Three of those even lead to procedural or technical changes being implemented to prevent similar incidents from occurring in the future.
The admission suggests that government agencies need to strengthen their data breach protection policies in the face of increasingly sophisticated cyberattacks, as no matter how security-conscious an organization is, data breaches can and will occur.
Often they are accidental, with personnel being tricked into sharing sensitive information or misplacing company data. Using security hardware keys or secure USB drives can be helpful in some cases, but often employee security training is the best method for bolstering cyberdefences.