Are your employees the chink in your armor when it comes to data breaches? Based on findings surrounding an increase in cyber-attacks in the first half of 2020, it may be the case.
As a business owner or executive, you are responsible for a lot of things…including protecting the sensitive data that is at the core of your business, whether internal or customer data. What could happen if that data fell into the wrong hands?
With many businesses transitioning to online activities during the COVID-19 pandemic, there has been a dramatic increase in data breach activity. According to one security research firm, 80% of data breaches have occurred either because of stolen credentials or brute-force attacks.
In just the first half of 2020 various Fortune 500 companies had been victims of massive data breaches where hackers sold account credentials, sensitive data, confidential and financial information of these organizations in cybercriminal forums.
Probably just a few though right? I mean we hear about it often on the news, but really, how many people/businesses are exposed?
16 billion records have been exposed this year, 8.4 billion records were exposed in the first quarter of 2020 alone. This number is a 273% increase in comparison with the first half of 2019 during which 4.1 billion records were exposed. (Source: Security Boulevard)
Does this still all seem abstract – like it only happens to other people? Well let’s discuss the Top 5 breaches so far this year:
- Twitter – several targeted accounts of public figures got conned into changing their passwords and the hackers gained access to their accounts and posted fake tweets with the intent to get people to send bitcoin…result: approximately $121,000 in bitcoin for the hackers from about 300 transactions.
- Marriott – by getting the login information of TWO employees, hackers were able to retrieve data of 5.2 million guests. These hackers had the data for about a month before the breach was even discovered, which was the second security breach in two years. The first security breach in 2018, cost the company $123 million in fines the first time in the UK alone. They are still tallying up the totals from the latest security breach, and with this company already experiencing a significant revenue drop due to COVID-19 restrictions this year, more fines will not help their bottom line.
- MGM Resorts – This breach really happened in late 2019; however, it was reported in February of 2020. It was first reported that hackers leaked the info of 10.6 million hotel guests, but that number was later increased to a staggering 142 million. MGM says that they do not believe any financial information was stolen; however, according to the Las Vegas Review-Journal, personal data including some guests’ driver’s license and passport information — was stolen. MGM customer John Smallman alleges the company failed to protect his personally identifiable information or implement “adequate and reasonable” cybersecurity procedures and protocols. He believes he and other guests will have to spend a significant amount of time and money protecting themselves from fraud, according to a lawsuit filed in U.S. District Court in Nevada. This suit has since morphed into a class-action lawsuit. Mr. Yanchunis, a lawyer with the Florida firm that filed the lawsuit said: “I expect to discover that the company’s cybersecurity system was not up to par and not utilizing the best practices.”
- Zoom – Made a very well-used platform by the COVID-19 pandemic, in April 2020 it was reported that login credentials, personal meeting URLs and HostKeys were available for sale on the dark web. The leaked accounts’ details belonged to financial institutions, banks, colleges, and various organizations…over half a million accounts were compromised. “So what if a financial company’s Zoom credentials get hacked, how does that affect me?” Simply put, sensitive data is being discussed on these Zoom calls and if it is a virtual board meeting where they discuss non-public financial information, the bad guys now have insider information. They can make money in stocks by cheating the system, etc… According to Law Street, in April alone, Zoom was sued 17 times, ranging from securities fraud to breach of contract for privacy violations, and for false and misleading statements about its security and privacy practices.
- Magellan Health – This Fortune 500 company was a victim of Ransomware specifically as well as a secure data retrieval attack; however, we will discuss ransomware in one of our next articles. Over 365,000 patients were affected by this attack. A class-action lawsuit has been filed against Magellan Health, siting that information compromised in the breach included names, contact information, employee ID numbers, W-2 or 1099 information (such as Social Security numbers or taxpayer ID numbers), treatment information, health insurance account information, member IDs, email addresses, phone numbers, physical addresses, and other health-related details, per the complaint.
These are just some of the most reported attacks. Small businesses get attacked constantly but those go largely unreported in the media and many times undetected at all. We are watching all of the legal activity regarding security breaches and it has become very apparent that companies are being held accountable for “reasonable” cybersecurity protection and implementing “cybersecurity best practices” as a core responsibility of the company holding their customers’ and employees’ data. Do you know if you have implemented best practices?
The COVID-19 pandemic has given more opportunity to cybercriminals to launch highly sophisticated cyberattacks. Is your business next? Have you taken the proper precautions to ensure that you and your organization’s employees are protecting your sensitive data?
Make sure that your critical data is protected from both inside and outside. For a free preliminary Cybersecurity Analysis, fill out this quick questionnaire, and we can help to make sure that your data is secure: https://www.cloudnexusit.com/