The Worst Breach Detection and Data Storage Mistakes of 2019
In 2019, as the volume of cyber attacks continued to spike, cybercriminals were increasingly successful in infiltrating corporations’ sensitive data and information. A lot of these attacks, however, were the result of outdated cybersecurity systems and ineffective handling and encryption of sensitive data. As a result, companies around the world lost millions of dollars and spent countless hours working to clean-up the aftermath of costly data-breaches and malware attacks. As the cybersecurity landscape continues to advance in 2020, companies must have a comprehensive security suite that includes breach detection, EDR, email security and privileged access management software.
Last year, Capital One had to announce that it had suffered a breach that impacted over 100 million people in the US and Canada. More specifically, the hacker was able to access personal credit card applications to steal the names, addresses, birthdays and income information of millions of applicants. The same hacker was able to steal credit information from Capital One customers, like credit scores, limits and balances. This data breach was executed through a method called a ‘Server Side Request Forgery,’ an attack in which a server is tricked into executing unauthorized commands. Capital One wasn’t even aware of the breach until after the attacker boasted about her hack online, meaning it went under the radar for much longer than it should have and put the confidential information of millions at risk.
American Medical Collection Agency
By infiltrating the American Medical Collection Agency’s (AMCA) systems, hackers were able to steal the names, social security numbers and credit card information of over 20 million US citizens. This large-scale attack lasted from August 1, 2018 until March 30, 2019, making it an almost yearlong breach in which the stolen data was sold on underground web forums. Even after the infiltrated data-portal was closed down, AMCA and its corporate partners saw significant declines in business, had class-action lawsuits filed against them, needed to cut down their workforce and the AMCA ultimately filed for bankruptcy. With the proper endpoint security and breach detection software in place, the AMCA could have detected this breach, saving themselves and others from losing time, money and consumer trust.
Los Angeles Police Department
This past summer, the Los Angeles Police Department (LAPD) suffered from its largest and most sensitive data breach to date. An unidentified hacker was able to steal the names, social security numbers, email addresses and credentials of 2,500 LAPD officers and trainees and 17,500 department applicants. It wasn’t until the hacker emailed the LAPD directly with samples of the information, that they even realized they had been hacked. With the proper suite of security products, they could have patched system vulnerabilities and avoided the attack.
Voova, a software company in the U.K., experienced an attack from an increasingly prevalent type of cybercriminal: a disgruntled former employee. After this employee was fired from Voova, he stole a former coworker’s AWS login information and deleted over 20 of the company’s AWS servers. As a result, Voova lost out on big contracts and was never able to recover the deleted data. If Voova had proper privileged access management software and practices in place, the company could have recognized the abnormal behavior from the login and stopped the attack from causing as much damage as it did.
Many companies suffered serious losses due to cybercriminals throughout 2019. Many of these attacks might have been prevented had the affected companies implemented the correct cybersecurity solutions in the first place. Every type of business is at risk of cyber attack, but small businesses need to stay especially vigilant, as 43% of attacks are geared towards them. As 2020 progresses and cyber threats continue to increase in volume and sophistication, every company should ensure that the proper breach detection, EDR, email security and privileged access management systems are in place.
It’s a common misconception that the only threats to an enterprise’s security come from external actors. Whether intentional or not, 47% of organizational data breaches are the result of internal human error, such as a misplaced device or document. Moreover, some employees present an even larger risk than others. According to recent reports, younger employees are more likely to bypass security protocols that are viewed as an impediment to their productivity. When it comes to onboarding new employees, young or old, enterprises must have proper security awareness & anti-phishing training, in addition to a strong privileged access management solution, to guard against the different types of human error that could create security vulnerabilities.
Although email phishing has taken many forms throughout the years, the most common type of email scam is also the oldest. Since 2003, black-hat hackers have created domain names and web pages that look virtually identical to actual websites and have linked these copycat sites to vulnerable users via emails. It is increasingly difficult to tell the difference between a real web page and a fake one, especially for companies without sophisticated anti-phishing tools. For all companies, it's important to have the best anti-phishing solutions in place to ensure all data is protected and downtime is avoided.
Have you ever received an email that looks totally legitimate, links to a website that looks real, and asks for personal information? It is becoming harder and harder to know who and what can be trusted. Phishing is the practice of trying to get an unsuspecting email user to engage with an email in some way (opening, clicking, downloading an attachment, sending money, etc.).