Data breaches have, at this point, impacted almost every single person in the USA. These great larcenies of private information via mainstream companies are not only alarming but they are estimated to cost $6 trillion dollars by 2021. But we can learn a lot about how to stop business interruption from these catastrophic data breaches.
Here we share 3 of the biggest breaches of all time and some ways to avoid them.
1. 2013 Target Data Breach
In 2013, Target suffered a catastrophic data breach, leading to the loss of 11 gigabytes of customer data. The stolen data included names, mailing addresses, phone numbers, email addresses, and payment information for 70 million people.
Obviously, 70 million unhappy customers are not good for business, especially when it costs the company $252 million dollars. How does that even happen? Actually, Target was hit the same way many businesses are attacked–through phishing.
Here’s what we now know happened:
A single employee at one of Target’s third-party vendors, Fazio Mechanical, was tricked by a phishing program that allowed a password-stealing program called Citadel to be installed on the Fazio server. From there, attackers breached the Target vendor portal, Ariba, and took over the servers. It was a short trip from there to the POS servers, where the attackers spent weeks stealing and selling customer information on the black market.
Phishing is a cyberattack that works by prompting users into volunteering sensitive information through deceptive emails containing malicious attachments or website links. Compromising corporate data really is this simple sometimes.
One way to prevent damage to your business from phishing scams is to educate your employees. On top of the common cybersecurity practices applied by your managed services provider, informing employees to never enter personal or protected information on strange websites, as well as to “think before clicking,” will help prevent successful phishing scams.
Make sure to combat phishing with a combination of regular education and sufficient cybersecurity measures in case someone forgets.
2. 2014 Home Depot Malware Attack
In 2014, Home Depot suffered data loss of email and credit card information for more than 56 million customers. Home Depot soon learned that the last thing you want to do is compromise data from 56 million people who enjoy swinging hammers and planting things deep in gardens.
The damage? In total, the breach cost Home Depot $179 million dollars, including legal class action. The lawsuit also demands that Home Depot invests in stronger cybersecurity measures.
The Home Depot Breach happened because attackers were able to access a weakness and install malware which stole the consumers’ credit card, debit card, and email information. Like Target’s incident before, the attackers accessed Home Depot’s network through a third-party vendor.
The lesson here is that you need proper cybersecurity so that an anomaly can be recognized and stopped in its track. If you are worried about how accessible your network is, speak to your managed services provider about your current cybersecurity efforts and mention the need for superior access control and malware protection.
3. 2017 Equifax Cybersecurity Breach
You’ve probably heard of Equifax. It’s one of the three big companies that track and analyze our credit activity and scores in the US.
Let’s face it, none of us really like the people who sit in their little rooms pumping out algorithms in a mass effort to rank our financial capability. That being said, we didn’t exactly want hackers to steal the personal and financial information of 143 million people from Equifax.
That’s exactly what happened in 2017. According to Equifax, the attackers “exploited a U.S. website application vulnerability to gain access to certain files.” Those certain files included credit card numbers, social security numbers, dates of birth, address information and more.
A company like Equifax is required to have cybersecurity solutions in place, but we’ve learned that even they are susceptible to large-scale attacks. The total financial damage is unknown at this time, as various lawsuits against the credit monitoring giant are in progress.
Take Action and Business Protection
According to a study by Verizon, a small data breach where only 100 records are lost would most likely cost an organization anywhere from $18,120 to $35,730, but could cost as much as $555,660. Your business is a constant target for cyberattacks. And just like the three companies we’ve talked about today, you could be hit with major financial losses if you experience a security breach.
The best way to protect your business from cyberattacks is to work with your managed services provider to create your own solid cybersecurity solution. Most of the time, this will involve analyzing your network for vulnerabilities and strengthening those points. Monitoring your network is also imperative for proactive, ongoing protection against incoming threats.
As your IT partner, GB Tech strives to deliver mission-critical support in a dynamic, constantly changing world, and we are ready to help you learn more about your current cybersecurity solutions. You can contact us any time.