DATA BREACH, CYBER ALERT MONDAY:
LAST WEEK, A DATA BREACH CAUSED TRAVEL DELAYS, RANSOMWARE COMPROMISED THE FIRST DAY OF SCHOOL, AND SMALL BUSINESSES ENDURED AN UNPRECEDENTED NUMBER OF DATA BREACHES.
LAST WEEK’S HACKS, ATTACKS, DATA BREACHES AND MORE…
City of Naples: Local government serving residents in Naples, Florida
Exploit: Phishing attack
Risk to Small Business: 2 = Severe: Spear phishing campaigns have evolved in sophistication, often relying on previously stolen credentials and inflicting greater damage than ever before. Therefore, awareness training is a critical element of any organization’s cybersecurity defense, since it can equip employees to successfully defend against all types of phishing campaigns that threaten company data and resources.
Individual Risk:No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Business: The cost of a data breach is higher now than ever before, which makes a preventable data breach even more egregious. Consequently, awareness training should be a top priority for every company. The expense of credit and identity monitoring services, reputational damage, and IT upgrades far exceeds the awareness training that can prevent phishing scams from compromising customer data.
Broken Arrow Public Schools: Public school district in Broken Arrow, Oklahoma
Exploit: Ransomware
Risk to Small Business: 2.555 = Moderate Risk: A ransomware attack compromised the school district’s network, making it briefly inaccessible to all personnel. Fortunately, the school district maintained comprehensive backups that were not impacted by the data breach, and they were able to restore normal operations without paying a ransom. The attack came as school was preparing to begin, and it temporarily put critical services like scheduling, bus routes, and even the first day of school at risk.
Individual Risk:No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Business: A ransomware attack can come at any time, which means that a comprehensive response plan is an immediate and necessary element of every business or organization’s cybersecurity strategy. By planning for a ransomware attack, which could include everything from data backups to ransomware insurance, every business can put its best foot forward to thwart these increasingly common attacks.
Presbyterian Health Services: Private, not-for-profit healthcare system and provider
Exploit:Phishing attack
Risk to Small Business: 1.777 = Severe: Beginning on May 9th, hackers gained access to employee email accounts that contained copious amounts of patient data. The employees fell for a phishing scam that compromised their accounts, which criminals accessed for nearly a month before the healthcare provider discovered the breach. While Presbyterian Health Services secured their employee accounts after discovering the unauthorized access, cybercriminals had plenty of time to exploit this vulnerability. Healthcare data breaches are incredibly expensive, and Presbyterian Health Services will incur the immediate cost of identity and credit monitoring services as well as increased regulatory scrutiny because patient data was involved.
Individual Risk: 2.142 = Severe: Hackers accessed patients’ names, dates of birth, Social Security numbers, and other healthcare related data. This information can quickly spread on the Dark Web, and those impacted by the breach need to attain the services necessary to protect this information.
Customers Impacted: 183,000
How it Could Affect Your Business: Every organization wants to avoid the high cost of a data breach, so succumbing to defensible attacks like a phishing scam is uniquely frustrating. Phishing scams are cheap and easy to execute, and they are frequently making their way into employees’ inboxes. Therefore, comprehensive awareness training is a must-have element for every organization’s cybersecurity initiatives.
Earnin: Mobile finance app offering cash advances on paycheck deposits
Exploit: Malware attack
Risk to Small Business:Risk to Small Business: 1.555 = Severe: A group of white hat hackers accessed Earnin’s network and discovered significant security vulnerabilities, including customers’ financial information stored in plain text. Although the data breach was limited to the white hat hackers, the company’s subpar security standards are producing significant bad press that could hinder their development moving forward.
Individual Risk: 2 = Severe: There is no indication that personal information was misused in this data breach, but significant amounts of user data was accessed, including names, bank account numbers, routing numbers, and payment statements. Because of Earnin’s poor security standards, users should closely monitor their accounts for unusual activity, and they should carefully consider their participation in platforms that don’t prioritize data security.
Customers Impacted: Unknown
How it Could Affect Your Business:In the past, tech startups operated with near impunity as they developed new platforms and services to meet our modern moment. Today, shifting consumer sentiments toward data privacy and a cadre of new privacy laws make this proposition more perilous. Instead, startups need to make cybersecurity a top priority from day one because failing to protect customer information can undercut their financial, regulatory, and customer-facing viability.
Indian Prairie School District 204: Public school district providing educational services in Aurora, Illinois
Exploit: Unauthorized database access
Risk to Small Business: 2 = Severe Risk: A data breach at Pearson Clinical Assessments has trickled down to Indian Prairie School District, compromising the personal information of tens of thousands of staff and students. The district believes the information was put up for sale the Dark Web, and they are offering free credit monitoring services for everyone impacted by the breach. In this case, a security vulnerability at a third-party contractor requires the district to pick up the heavy cost of credit monitoring services for thousands of former students. In a sector already strapped for cash, this expense alone is reason enough to prioritize cybersecurity initiatives pertaining to the contract work and beyond.
Individual Risk: 2.428 = Severe Risk: The data breach includes data from staff and students from the years 2001 – 2016, and it includes first and last names, school email addresses, and birth dates. Personal data can travel quickly on the Dark Web, and those impacted by the breach should enroll in the credit monitoring services offered by the district.
Customers Impacted: 49,000
How it Could Your Customers’ Business: Data breaches that compromise people’s personally identifiable information are always concerning, especially when they involve minors. Providing the supportive services necessary to recover from a data breach is the most important, and identity and credit monitoring services is the first place to start. These programs provide people the peace-of-mind necessary to successfully navigate the recovery process.
In Other News:
UK SMBs Fend Off 10,000 Cyber Attacks Per Day
According to a recent report by the Federation of Small Businesses (FSB), UK-based SMBs are enduring significant cyber-attacks that total nearly 10,000 per day.
Respondents indicated that one in five small businesses were the victim of a data breach in the past two years, and the survey identified other ancillary consequences accompanying this incredibly high number. For instance, the threat landscape is both expansive and diverse with businesses reporting 530,000 phishing attacks, 374,000 malware incidences, and 260,000 ransomware attacks.
Moreover, the collective cost of these data breaches exceeds £4.5 billion with the average cost of an attack costing companies £1,300.
Interestingly, the survey found that many companies aren’t equipped to defend against these threats. The research found that 64% of small businesses don’t have a security team, and only 1/3 provided cybersecurity training to their employees.
A Note From Kobargo..
GermanWiper Ransomware Targets SMBs
German SMBs are the target of a new ransomware that’s wreaking havoc on company data.
The ransomware is delivered by a phishing campaign purporting to be from a potential job applicant, and the email contains an attachment that poses as a PDF resume from the sender.
When users click on the attachment, it unleashes a ransomware attack that demands payment in Bitcoin to decrypt the files.
Unfortunately, even if businesses pay the ransom, their files are unrecoverable. This particular ransomware, dubbed GermanWiper, erases the encrypted data, making it permanently inaccessible to users.
GermanWiper is a reminder of the precarious nature of ransomware attacks that are increasingly targeting businesses and government organizations to extract large payments. If companies are unprepared for a ransomware attack, there is no guarantee that they will ever recover their information by paying a ransom, and other restorative processes can be even more costly than the ransomware demands.
Therefore, defensive initiatives are business’s best bet for avoiding a ransomware attack, and, with security specialists (Like us!) ready to help out, now is the right time to ensure that your company is ready to defend against today’s always-shifting threat landscape.
Contact Kobargo Technology Partners to schedule a free consultation today!
