If you’re a business owner in Columbus, you’re aware of the threat to your business’s data security. Despite increasing awareness, many business owners are not prioritizing cyber defense. With much to lose in revenue, client defection and impending lawsuits from a data breach, larger corporations have allocated substantial resources to secure their networks.
As with brick-and-mortar businesses, thieves look for the unlocked door or window to get inside. Small business owners are typically are immersed in staffing, accounting and revenue generation. Often cybersecurity is put on the back burner until a client calls to question erroneous charges or the breach is discovered by IT.
Here is a look at the top business hacks and where they went wrong (and right) with their cybersecurity:
Back in March, the Department of Justice indicted 9 Iranian hackers over a spree of attacks on more than 300 universities in the United States as well as abroad, along with 47 private companies, and other targets such as the United Nations, and the US Federal Energy Regulatory Commission. According to The DOJ says the hackers stole 31 terabytes of data that was estimated to be worth a staggering $3 billion in intellectual property. The attacks used emails to trick professors and other affiliates into clicking on malicious links and entering their network login credentials. Of the 100,000 accounts targeted, the hackers were able to gain credentials for approximately 8,000 of them. The campaign traces back to a hacker group based in Tehran who calls themselves the Mabna Institute.
Rampant Data Exposures
Data breaches are a very scary prospect for anyone, but their quiet cousin, data exposure, was prominent in 2018 as well. A data exposure is when data is stored and defended improperly becomes exposed on the open internet and can be easily accessed by anyone who stumbles across it. This often happens when cloud users misconfigured a database or other storage so that it requires minimal or no authentication to access. This is exactly what happened in the case of the marketing firm Exactis, which left about 340 million records exposed on a publicly accessible server. The trove comprised 2 terabytes of very personal information about hundreds of millions of US adults. Exactis has since protected the data, but it is now facing a class action lawsuit over the incident.
Under Armour’s MyFitnessPal app had a major hacker breach in late February, compromising everything from usernames and passwords to email addresses from the app’s 150 million plus users. It seems Under Armour did a good enough job setting up its data protection, the hackers weren’t able to access valuable user information like location or credit card numbers, even though they had login credentials. As it turns out, the company protected the passwords by hashing them or converting them into unintelligible strings of characters. Pretty smart. While this was not an all-time-worst data breach, it was still a frustrating reminder of the unreliable state of security on corporate networks.
Cybercrime awareness is a running theme that’s constantly promoted and while there have been noticeable improvements during the year, cybercrimes like those cited are proof that they continue to be an ongoing problem. Nevertheless, we have to do our best to make sure our sensitive information is being safely stored online.