Breaches: Part 3
We’ve talked about some of the more common threats that all businesses need to be careful of, but how dangerous is the web and how much of a risk is the current landscape?
Today we’ll talk about a few of the most widespread threats that need your attention.
Marriott’s Data Breach
Don’t think hackers only target little old ladies on 15-year-old computers. It appears that Marriott Hotels, one of the largest chains in the world, is going to be fined the equivalent of $123 million for a breach that exposed the private information of over 332 million customers. Even though it can be argued that the hotel chain was the victim, they are the ones who are responsible for what happens on their servers.
What makes this even scarier is that while the company spends quite a bit on their security, they still didn’t detect the breach for nearly four years. This goes to show that the amount spent on a security system doesn’t mean anything unless it is well implemented and monitored.
This year, one of the biggest trends in ransomware is the targeting of specific industries. Why is this so scary? Well, the most dangerous enemy is someone who knows how to hit you where it hurts most. In the case of LockerGoga, this particular software is designed to cripple manufacturing firms, specifically, by causing their automation systems to go offline. This disruption is key to the firm’s efficiency. As of this writing, LockerGoga has already affected industrial manufacturing facilities in two continents, nearly shutting down production completely. And it also seems that hackers are upping the ante, demanding ransoms in the hundreds of thousands of dollars.
While not excusable, it’s still understandable why someone would want to hack business: money. But if you’re a medical or charitable organization, you should be fine, right? Not so fast! For reasons that are not always clear, this year has been especially difficult for data breaches in this sector. In Europe and Asia, tens of thousands of records have been compromised for organizations range from charities for abused children to HIV clinics. Here in the US, at least 145,000 individuals who were seeking treatment for addictions at various facilities had their information stolen from a single server in April. One would think that even hackers would have some sense of decency, but as the saying goes, “There’s no honor among thieves.”
Your Staff is your Biggest Risk
We all know that Hackers and other criminals are working hard, finding ways to break into your business. But their job gets more difficult if your employees are trained in the dangers of cybersecurity. Employees who open the wrong attachments on emails cause about 70% of all malware infections. Up to 50% of your sensitive data, along with your client’s data, can be breached through your employee’s smartphones, tablets, and laptops. And don’t get me started on poor password management.
Not Even Your Donuts Are Safe
Earlier this year, Dunkin Donuts experienced its second hack in six months. In this case, the information wasn’t that sensitive — mostly related to their DD Perks program — but it just goes to show that very little information can be considered untouchable. What is odd about this particular instance is that the information went right onto the Dark Web for the highest bidder to purchase. This may not seem like a problem until you read between the lines. This information contained usernames and passwords, which wouldn’t matter unless someone really wanted that free cup of coffee you earned. However, since many of us reuse the same username and passwords for various accounts, it could be just a matter of finding out what other services you use — or even which bank you do business with — before the thieves gain access to your most critical information.
Unfortunately, we don’t live in a safe world. It seems that at every corner someone is trying to breach computer systems to mine any tiny morsel of value. The most important lesson we can learn is to not let your guard down. As a business owner or someone who works within an organization, don’t feel that there’s something special about you or your system that would make you invulnerable or unattractive to a potential data pirate. As long as there is a single penny to be made, it seems that someone is willing and able to jump at it.
Invest in the best cybersecurity you can get. Don’t be the next company to have your data sold on the Dark Web.