It’s a sad fact that many companies aren’t doing enough to prevent hackers from gaining access to their systems and things are about to get even worse.
The truth is, tremendous damage has already been done to the country and world as a result of the following four hacks:
- OPM Hack of government employees and others consisting of 22.1 million people!
- Equifax affected 143 million people!
- Marriott affected 500 million people!
- Yahoo email breach resulted in 3 billion accounts being hacked!
Assuming an organization is able to cross-reference this massive amount of data – the results could be disastrous for national security and your organization.
OPM stands for Office of Personnel Management and this U.S. federal government entity hold records including infinite amounts of sensitive information such as extra-marital sexual partners and family members. Once again, we are talking about more than 22 million people! Equifax gave up driver’s license and social security numbers for over 100 million. Marriott added hotel stays and passport numbers and finally, Yahoo gave up reams of personal communication.
Using any or all of this information, hackers can put together detailed profiles of just about anyone to then target them via social engineering to gain access to their current accounts.
This means spear-phishing and regular phishing attacks will only get worse.
Hackers have been extremely successful these last few years. They have been even more successful this past weak sending bomb scare emails throughout the country and as a result, bringing many companies to their knees.
They are emboldened and their success has rewarded them financially and through notoriety.
Every company must do the following to help ensure they keep operating:
1. Cybersecurity training should be performed every six months. It should ideally be live and interactive. Human error is one of the greatest risks to customer data.
2. Auditing and documentation must be performed regularly to ensure systems are secure. This should be done by personnel who don't run the day-to-day operations.
3. Anomaly detection should be running constantly to detect threats as they emerge.
4. Penetration testing (pen testing) shows if systems can easily be reached and breached. Annual or more frequent pen testing is optimal.
5. An action plan to follow if a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched its response in what is being called a PR catastrophe.
There has been a tremendous increase in cybersecurity incidents. In addition to individual hackers and organized crime syndicates, terrorist groups like ISIS and nation-states like Iran, Russia and North Korea are targeting U.S. corporations and government agencies.
No company can be complacent about protecting customer data and remain in business as the threat is becoming greater, cybersecurity insurance rates are growing and government fines are increasing. The longer an organization waits to deal with these issues, the more peril they will likely be in.
As we've written before, investments in cybersecurity and business continuity are investments in profits as companies can't make sales or work if systems are down.
Contact Apex Technology Services with questions on how to protect your business.
· Fairfield, Greenwich, Westport, Most Business-Friendly Connecticut Cities
· The Latest Apex Cybersecurity Webinar
· Apex Tapped as Cybersecurity Expert in TV News Story About Police Ransomware
· Comcast Xfinity Just Had a Major Outage; How to Prepare for The Next One
· Look at Cybersecurity as an Investment in Profit, not an Expense
· Legal Costs May Soon be the Biggest Cybersecurity Breach Expense