As the custodians of sensitive employee data, HR is proving to be a high-value target for cybercriminals.
In May, the Ministry of Defence (MoD) fell victim to a Chinese state-backed cyber attack, which hacked into the government department’s payroll, compromising the personal data of 270,000 current and former military personnel. Similarly, Sweden’s central bank was subject to a ransomware attack that targeted its human resources and payroll systems in February.
HR is a target primarily because data held by the function is highly sensitive, says Rex Booth, CISO of identity management software company SailPoint.