Cyber breaches have become the norm across the United States and in many parts of the world. Regardless of the size of your company or your budget for security, your company could be at risk. This has caused rapid growth in the cybersecurity industry. According to Forbes, this market will reach 170 billion dollars by the year 2020.
Some of this growth is being fueled by the advancement of new technology in cloud-based applications, the Internet of Things, and the increase in the number of computers and mobile devices. However, much of it is being initiated by the constant onslaught of cyber-attacks at home and at work.
During 2017, there were actually hundreds of data breaches in the US, though the public only heard about a fraction of those.
The Equifax hack topped the list with a devastating breach that affected 145 million customers. It stunned the public, proving once again, that no one is out of reach of hackers. With each passing breach, hackers refine their techniques so that more consumers are affected and even more extensive damage is done.
The financial data for over 3 million customers was compromised in the Hitachi Payment Services malware hack. This was reported in February 2017 and eventually led to a massive decline in credit card use. Hitachi suffered damage to their reputation and loss of profits and revenue.
Regardless of how many attacks there are, they continue to have the same effect on the public. Cyber breaches cause consumers to be leery of doing business with the company. People stopped buying products from Target stores right after that breach. The cost to Target was substantial. Breaches damage a company’s brand name and cost millions to resolve in many cases.
The largest leak in the world, known as the Big Asian Leak, exposed the personal information of 185 million customers. Though the names, addresses, passcodes and some financial information was stolen by hackers, most of the Asian companies who were hacked refused to admit they’d been breached and most refused to comment as well. The stolen data was eventually offered for sale on the dark web by an online vendor known as “DoubleFlag.”
In the US, consumers expect companies to be fully transparent when a breach does occur. They expect certain steps to be taken to avoid future attacks. Sometimes this happens and sometimes it doesn’t. Company leaders tend to think that if they’ve already been hacked once, there’s very little likelihood that it will happen again. There’s no solid proof to indicate that this is true. Hackers search for easy targets; companies with weak, ineffective cybersecurity.
The last few years have shown a few definite trends. For instance, in 2015 and 2016, businesses were targeted 40.1 percent of the time with the healthcare industry a close second at 35.4 percent. In 2017, there were a total of 868 cyber breaches with businesses and health care agencies the main targets.
Major businesses across the country have stepped up their security on every level and yet 2018 has already proven to be a busy time for hackers. A new trend involves cyber thieves looking beyond computers and phones for targets. They’ve discovered a whole world of unsecured devices, such as medical devices, educational and government organizations, and other vulnerable technology.
A new study shows that only 51 percent of all companies monitor and analyze their security information on a regular basis. About 45 percent subscribe to some type of intelligence service, while only 52 percent said they used high-tech intrusion detection systems. These numbers indicate a troubling trend. Only about half of all American companies are actually taking their cybersecurity seriously enough.
Ransomware attacks are on the rise as well. In some cases, the cyber thieves do not ask for much money. They demand smaller amounts like $1900 or $4,500. This strategy makes it far more likely that a business will pay the ransom. It’s just more prudent to pay those smaller amounts than to call in the authorities or security experts to resolve the issues. Below are a few of the major cyber-attacks that have occurred for 2018.
Several Indiana hospitals reported ransomware attacks. In one instance, the hospital paid $55,000 to thieves but reported that no data was stolen. The San Diego Office of Education reported a breach of employee retirement data. It was discovered that an unknown number of email addresses were leaked from MailChimp. National Stores, Inc. reported that some financial data from an unknown number of its credit card users was leaked.
WordPress continued having major issues with cyber thieves who were secretly placing crypto-mining code on the computers of its users. This code is designed to run in the background on a user’s computer without their knowledge for the purpose of mining cryptocurrency. A major embarrassment to Kansas officials, it was reported that the Kansas Secretary of State website accidentally leaked the last four digits of hundreds of Kansas state government workers.
The City of Allentown, PA was crippled by a malware attack that has to date cost at least one million dollars. Both financial and public safety systems were attacked. In a phishing attack, 50,000 Snapchat users had their log-in credentials stolen. A hospital in Tennessee revealed that 24,000 of its past patients may have been exposed to crypto-mining attacks. Both Chase and Hometown Banks revealed that customer data may have been compromised due to skimming/shimming devices placed at ATM machines. A dangerous T-Mobile bug was responsible for hackers being able to highjack the accounts of T-Mobile customers.
In March, the city of Atlanta reported various government systems were down due to a ransomware attack. Several schools and hospitals reported malware and ransomware attacks that shut down their systems for indefinite periods of time. Some data was compromised in these attacks. Other hospitals reported that employee email accounts were hacked leaking confidential patient information. Even the National Lottery Association reported the loss of log-in info for over 10 million players. Emails were sent out instructing players to change their passwords. A point-of-sale breach occurred at some Applebee’s Restaurants exposing the credit card information of its patrons.
April was a busy month for hackers. Over 72 million records were leaked in a long string of ransomware, malware and data breaches. The most notable included Sears Stores, Delta Airlines, K-Mart and Panera Bread. A service that connects handymen with customers called TaskRabbit had to shut down its website and suspend use of its app due to a massive data breach. SunTrust admitted that a former employee had stolen the customer data of 1.5 million customers. A data search service called LocalBlox reported that 48 million records were left accessible on the Internet. The data included personal info, as well as psychographic data used by marketing agencies.
Though the numbers are not out yet for May, experts believe that there will continue to be massive data leaks, ransomware attacks, malware attacks, and cyber breaches. Cyber thieves refine their strategies with each passing month. Consumers and business owners must stay on top of the activities of cyber thieves. Experts recommend hiring security experts to gauge how effective your cybersecurity is and recommend methods to improve it. The best defense continues to be a strong offense.
Scott Gallupe of 403Tech Discusses Cybersecurity Threats in Business in Calgary Article
The COVID-19 pandemic sent businesses scrambling to pivot from an office-based environment to a remote workforce. A recent issue of Business in Calgary featured 403Tech President Scott Gallupe, who advised on how local businesses can protect their IT systems from cybersecurity threats. He explained that passwords and video collaboration tools are possible entryways for viruses and malware. The article, Alright, Stop, Collaborate and Listen, features several local IT leaders, describes the issues faced by business owners during the pandemic and provides guidance on ways to protect business data from ransomware and other types of cyberattacks.