Have You Heard About these biggest Cyberattacks?
The news is rife with reports about security breaches and cyberattacks that have cost consumers their sleep, companies their reputations and billions of dollars. Unfortunately, without the benefit of cybersecurity training programs, IT staff are hamstrung in their ability to stop attacks, let alone prevent them. There are a great number of cybersecurity courses available now to help companies as they go forward with their cybersecurity strategies, but for the companies who have already been hit with their worst nightmares, it takes a long time to recover from a news-breaking breach.
What have been the biggest attacks? Which hackers have caused the greatest amount of uproar?
Interestingly, recent data breaches were caused by an internal source – an employee as opposed to an outside hacker – according to 40% of senior executives and small business owners who responded to a survey conducted by Shred-it in 2018. These issues could have been caused intentionally, but negligence and accidental issues were most often the root cause. This heightens the need for cybersecurity training programs that help lock down data and prevent issues.
This same study found that 36% of workers surveyed admitted they left sensitive information open on their desks after leaving for the day. About the same amount of executives (36%) noted that employees lost documents or had them stolen because they didn’t follow physical security protocols like keeping doors locked. This is alarming when combined with situations where cybersecurity is lacking and software or hardware can be breached internally, or worse, by external sources.
Could cybersecurity courses have prevented the biggest breaches? Yes, but unfortunately, this type of education wasn’t offered on a wide-spread basis when many of the biggest breaches occurred. Cybersecurity training programs are the best ways to prevent attacks like these:
1. Target 2013. In 2017 it was reported that Target would pay $18.5 million in a multistate settlement (the largest ever for a data breach) after the 2013 cyberattack that exposed 41 million customer payment accounts. The data was accessed through Target’s computer gateway by making use of the access credentials of a supplier in 2013.
The hackers were able to reach a customer-service database and install malware which in turn obtained full names, phone numbers, email addresses, payment card numbers, credit card verification codes and other details. It was a costly and lengthy issue for Target which required the company to hire an independent expert to conduct a security assessment. There was also the obvious need for Target to segregate customer data from the rest of the company’s network.
2. Equifax 2017. When a company reports your credit history, you expect that company to keep the information safe. Equifax failed to do so in 2017 when the personal information of 147.7 million consumers was exposed. Hackers had gained access to the company’s network and stolen names, social security numbers, birthdates and addresses of more than half of the US population – many of whom were never customers of the company. While Equifax hired a new chief security officer, there are no definitive answers as to who was responsible for the breach and which consumers were impacted.
3. Marriott International 2018. Hundreds of millions of records were accessed from the internal guest reservation database of Marriott’s Starwood brands from 2014 to 2018. The worst part of this breach was that it included extremely sensitive data such as credit card and passport information. The fact that the attack went undetected for four years is the most concerning part of this example. We know that it is impossible to keep hackers at bay, even with IT staff who have taken the best cybersecurity courses on the watch, but the breach really should have come to light in far less than four years. In December 2018, it was believed that hackers employed by a Chinese intelligence agency were behind the attack in an attempt to access data on US government employees as the Marriott is a provider of accommodation to the US government and military.
4. Facebook 2018. There’s no denying Facebook’s setup and format are addictive to many of its users. With the volume of people making use of Facebook, it’s a highly attractive target to hackers and they were successful in compromising accounts in 2018. Millions of users (at least 30 million) had their data exposed in what is known now as the Cambridge Analytica scandal. About half of the users impacted had names, contact details, gender, relationship status and check-ins exposed and Facebook created a website which allowed users to check if their accounts were part of the breach.
5. 7-Eleven 2009. While a 2009 identity-theft may not seem like news, 28-year-old Albert Gonzalez of Florida hacked into five separate company systems (including 7-Eleven) to commit wire fraud. He sold approximately 170 million credit and debit card numbers, which at the time was the biggest heist of its kind in history. This is one that should have been anticipated as Gonzalez hacked into NASA when he was just 14.
6. Yahoo 2013 and 2014. No wonder Yahoo is something of a distant memory. With all three billion accounts exposed in 2013 and another attack impacting at least 500 million users in late 2014, the company was sold to Verizon in 2016 but was fined for the failure to disclose the 2014 issue to consumers.
It’s almost impossible to stay ahead of hackers and cyber-attacks, but with the right security training programs and IT staff in place, there is a better chance for systems to be protected and hacks to be detected before serious damage can occur. Ensuring staff have the right cybersecurity courses under their belts will lead to better prevention and responses to what can be a crippling situation for most businesses.