Published on March 26th, 2019 | by Bibhuranjan0
What Businesses Need to Learn From Biggest 2018 Data Breaches
The year behind us was marked by more than 2.5 billion hacked accounts. In just one week, Quora and Marriott, both disclosed breaches with a total of 600 million users. The breaches included names, mailing addresses, phone numbers, passport numbers, gender, age, flight info, user ID, IP, encrypted passport, and more. There was even some partial bank account info that was compromised, and it included data like bank name, currency type, and the last four digits of the account number.
In the last year alone, huge data breaches have compromised millions of people, and some of the companies involved are British Airways, Facebook, T-Mobile, My Heritage, and Ticketfly.
It is obvious that the number of cyber attacks is on the rise, and it is not difficult to become a target for hackers. Don’t think that the fact that large corporations like Facebook seem more appealing to hackers, that they will ignore your business. In fact, smaller enterprises are often more appealing because their level of security is often lower.
So, how can you make your business more resistant to cyber attacks? It’s easy: learning from other companies’ mistakes.
Facebook – no one is safe
Let’s start with the scandal that shook us all. In September 2018, the personal information of 50 million users was exposed due to an unparalleled security breach caused by an attack on Facebook’s computer network. Three software weaknesses in the company’s systems allowed hackers to break into accounts of million users, including those of the top managers Mark Zuckerberg and Sheryl Sandberg, said people familiar with the investigation. A couple of days after the announcement of the breach, news came from Facebook, and it said that the vulnerabilities are fixed.
However, it is clear that the users are now far more cautious and that their trust in Facebook has significantly fallen.
The lesson business should learn from this case is that no one is safe, not even a superior player like Facebook, with refined security solutions. Taking preventative measures and constantly updating your security system is a must if you want to stand a chance.
Panera Bread – flaws should not be ignored
In the first half of 2018 personal information of millions of Panera Bread’s customers leaked which left the customers’ names, addresses, birthdays, phone numbers, and the last four digits of their payment cards out for the taking. Panera did everything opposite of what a responsible company would do, and in their mistake, there are several valuable lessons to learn.
Panera’s management knew about the data breach for eight months, and they did nothing to fix it or warn the customers. It was later exposed by a journalist on his blog.
With regular scanning, penetration tests, and working with external researchers who are experienced and responsible in revealing security breaches, this problem can be prevented. If, in spite of all your efforts, a breach like this happen, don’t make the same mistake as Panera, and ignore the problem. It won’t go away.
Saks Fifth Avenue and Lord & Taylor – invest in the best malware protection
This incident was among the most unique security breaches. It happened when a syndicate of hackers stolen debit and credit card details of 5 million customers of the two luxury brands through a bug in the Point-of-Sale (POS) system. The investigation that followed revealed that the breach actually happened in 2017 and that in March 2018, the data was put on sale. The companies were not aware of the breach until they were notified by the investigators.
This breach comes with a message for all the businesses out there: you must continue investing in malware protection, for all the devices you are using, including computers and POS systems. You must always be up to date with what is happening in the cyber security market. Many companies using Agnitum.com must have woke up one morning to a “page not found” in 2017 when it stopped working. That’s why you need to track which anti-malware programs are the best for you.
Exactis – always secure sensitive information
Exactis, marketing, and data aggregation firm, has exposed a database with approximately 340 million individual records and close to 2 terabytes of data on a publicly accessible server. The data included information such as home and email addresses, phone numbers, age, names, habits, and interests.
Their mistake? Leaving the personal information of nearly 240 million people on a public server without any protection. Anyone who was interested to access it was able to do it without the need for authorization. What can you learn? When collecting sensitive data, always secure it with multiple authorizations, so that only people in charge of it can gain access.
UnityPoint Health – create a cybersecurity culture in your company
Records of 1.4 million patients were exposed in May 2018 when UnityPoint Health was attacked by hackers who sent phishing emails to the employees. These emails appeared as they came from the employees’ bosses, which tricked the people into sharing their passwords. This enabled the attackers to access health information from the attachments.
This was a human error that could have easily be prevented with good training programs for the employees. Unfortunately, when some employee falls victim to such trick, they will feel ashamed to admit it, and probably even try to cover it up. It is essential to create a positive attitude around cybersecurity in your company. For example, there are some platforms that are gamifying phishing attack detection which can be a fun way to increase the visibility of security threats and simplify the detection of such attacks.
Branch.io – be careful with third-party services
Branch.io is a mobile engagement platform used by some major social media players such as Reddit and Tinder. Last year, a huge cross-site flaw has exposed date of nearly 700 million users. While the breach still hasn’t had its epilogue in terms of exploitation of this vulnerability, this incident shows that businesses need to be careful when using third-party web-based services. Responsible businesses must focus on securing the browser-applications, regardless of the number of parties involved.
Avoiding breaches in 2019
Even though many scandalous data breaches have gained much attention in 2018, and some of them are still discussed among the experts, users, and the media (Facebook data breach especially), this does not mean that we have learned everything we can from their mistakes. Ultimately, it is imperative to realize that the more we learn, the better the hackers will get. This doesn’t mean that you should give up. On the contrary. It is important to work on cybersecurity every day. You must be vigilant about the threats and vulnerabilities, up-to-date with the new technologies, willing to share the knowledge with your employees, and proactive when it comes to securing sensitive information.