So many big, expensive cyber attacks have taken place in the last few years that it’s hard to remember them all – when will we learn our lesson?
Cyber attacks are common ground these days. There was the Chase Bank breach of 2014, which exposed the financial information of 76 million Chase customers. This attack was set to target 10 major financial institutions in total, but only one other company reported that data had been stolen. This company was Fidelity Investments. Though the attack caused serious repercussions for Chase Bank, the damage could have been much worse. Four hackers (two from Israel) were eventually arrested.
Hacking Isn’t Just About Stealing Data
In the Sony Pictures data breach of 2014, over 100 terabytes of data was stolen by North Korea. This attack was about more than just getting the personal information of consumers. The attack occurred because of a movie that Sony Pictures was set to release called “The Interview”.
The movie, starring Seth Rogen and James Franco, was a fictional story about two journalists who go to North Korea to interview Kim Jung Un. The two men actually work for the CIA and are planning to assassinate the very well-known but unpopular leader. It was believed that North Korea’s leader ordered the cyber attack on Sony Pictures to show his displeasure and disapproval of the film. In addition to the personal information of Sony executives and other employees, hundreds of photos and emails were released to the public. These highly personal items caused a massive amount of embarrassment to Sony’s top executives.
No One Is Safe from Hackers
Proving that no one is immune from cyber hackers, Equifax, one of the nation’s largest credit reporting agencies, was infiltrated by hackers in mid-2017. The company estimated that approximately 143 Americans were affected. In addition, an unknown number of consumers from Canada and the UK were affected by this breach. Were there any signs that an enormous data breach like this might occur?
A report issued in October of 2017 by Motherboard, found that Equifax had certain vulnerabilities due to an online portal created for employees. Researchers discovered that the Equifax website was highly susceptible to a basic forced browsing bug. A researcher from Motherboard said that he didn’t even have to do anything special to infiltrate the system. It was far too easy to get in.
“All you had to do was put in a search term and get millions of results, just instantly—in cleartext, through a web app,” the researcher said.
In spite of this information being available to Equifax, it took them six months to close the portal and shut down these vulnerabilities. In this day and age, it’s unthinkable that organizations as sophisticated as Equifax might be so lax in their data security.
The Final Cost of Cyber Breaches
Target Stores lost millions of dollars when they had to reimburse customers for their losses after their 2013 data breach. In addition to that, a class action lawsuit was settled for roughly $10 million. As if that wasn’t enough, 20-30 percent of Target shoppers said they were worried about shopping online at Target stores after the breach.
Are We More Vulnerable Than We Believe?
Many data security experts believe that cyber weaknesses like this are far more common than the public believes. In an era when everyone should be fully aware and taking every precaution to prevent a data breach, numerous large corporations remain at risk.
After all is said and done, most people would expect any organization that has experienced a cyber theft to drastically improve their cybersecurity. Large, expensive data breaches leave an organization open to legal action, plus they’re embarrassing. Consumers say that they are less likely to do business with any company that has been a victim of a cyber breach.
But has that really happened? A new study performed by CyberArk reveals that 46 percent of all companies who have experienced a cyber breach have not substantially updated their security policies.
This failure to learn from past mistakes has the public truly baffled. In some cases, IT professionals have been interviewed and asked why they haven’t greatly improved their cybersecurity. Over 30 percent of these pros said that they did not believe it was possible to prevent all cyber-attacks. This indicates that even security experts aren’t sure what to do to stop future attacks from occurring. But, should we simply make the decision not do anything at all?
New Report Sheds Light on the Problem
A 2018 report from CyberArk called, “Global Advanced Threat Landscape Report”, indicates that at least half of all businesses and organizations have only taken the basic security measures required by law. Though their public relations department may say they are taking every precaution to protect customer data, this is probably not true. In addition, 36 percent of respondents in the report said that administrative credentials were currently being stored in Excel or Word docs. These documents would be easy to obtain by any hacker with average skills.
The Global Advanced Threat Landscape Report also reveals that the number of users with administrative privileges has jumped from 62 percent to 87 percent over the past few years. This points to the fact that many companies are opting for employee convenience over data security best practices. This is an alarming statistic given the soaring cost of cyber breaches.
Moving Into the Future with Better Cyber Security
The new AT&T Global State of Cybersecurity highlights many of the critical gaps that remain in our cybersecurity strategies. IT infrastructure and critical data must be fully protected, including credentials and security answer keys. In most organizations, those in higher positions are given greater access and authority to online data and this equates to heightened risks of a cyber breach.
According to Alex Thurber, Senior Vice President and General Manager of Mobility Solutions, “If 2017 has taught us anything, it is that every device needs to be secured because any vulnerability will be found and exploited”.
The company is set to sign a deal with Punkt Tronics to install better security on smartphones, Blackberry devices, and other electronic devices. With consumers spending more and more time browsing on their cell phones, all mobile carriers are searching for ways to better protect their customers from hacking.
What Consumers Can Do
A great increase in the sale of anti-virus software and password managers demonstrates a strong resolve by consumers to incorporate stronger security measures into their everyday lives. Innovative technology is producing a new generation of security software that combines threat defense techniques and other more conventional means of cybersecurity. Though some of these techniques are having an impact, experts believe there’s much more to be done.
As our society becomes more aware and more prepared, even stronger security for IT systems will be developed. Until then, security experts urge the public to be more cautious about clicking on links. Employees at any company need regularly scheduled security meetings where they are educated and reminded to utilize best practices when using smartphones and computers. All programs should be updated regularly with software updates and fixes to known bugs. Create difficult passwords and change them every 90 days. These are just a few of the ways that consumers can stay safe while surfing on the internet.
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.