Data Breach, Cyber Alert Monday 11-11-2019

Last week, a third party compromises user data, hackers attack digital points of sale, and SMBs struggle to hire top cybersecurity talent.

United States – Web.com

Exploit: Unauthorized database access
Web.com: Domain name registration and web services provider

Risk to Small Business: 2.111 = Severe: An unauthorized third party accessed Web.com’s network, which compromised their customers’ personally identifiable information. The intrusion took place in August 2019, but IT personnel were not able to identify the breach until October 16th. Data breach notifications went out this week, but the significant detection delay will certainly compound the damage for both the company and its customers.

Individual Risk: 2.285 = SevereThe breach compromised names, addresses, phone numbers, email addresses, and service information. Security experts believe that the breach extends beyond Web.com and includes users of Network Solutions and Register.com. This information often makes its way to the Dark Web where it can be repurposed for additional cyber-attacks or identity fraud. Anyone impacted by the breach should scrutinize their online communications, as hackers will use compromised data to orchestrate spear phishing attacks

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Survey after survey reveals that customers are increasingly wary of doing business with companies that can’t protect their personal information. This reality is only exacerbated when companies are slow to detect or respond to security incidents.
As a result, data security and response protocols are an integral part of doing business. In 2019, cybersecurity isn’t just for the IT department to consider. It needs to be a top-down priority that impacts every facet of the company.

United States – sPower

Exploit: Cyber-attack
sPower: Renewable energy provider

Risk to Small Business: 1.444 = Extreme: sPower was the victim of a cyber-attack that brought down its services and disconnected its hardware from the electrical grid. Although the attack occurred in April, the details are emerging as part of a Freedom of Information Act filing by reporters covering the energy sector. Hackers were able to leverage a vulnerability in the company’s firewall that allows outside entities to access their network. The event could significantly harm the company’s reputation within the energy industry, impacting its ability to land future contracts and compete with other companies.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Reputation management can mean the difference between earning the next contract and losing out to a competitor. In that regard, ensuring that your organization’s most prescient threats are accounted for can help avoid the bad press and brand erosion that follow in the wake of a cyberattack. While every industry’s threats are unique, every consumer or collaborator wants the same thing: sufficient cybersecurity to meet the moment.

United States – City of San Marcos

Exploit: Cyber-attack
City of San Marcos: Local government municipality

Risk to Small Business: 1.666 = Severe: Hackers accessed the city’s computer systems and restricted access to significant portions of their IT infrastructure. The attack, which began on October 24th, brought down email accounts and other communication services. As a result, messages sent to city employees were not delivered, though government facilities remain open. Recovering from the attack is proving especially difficult, as the services are still restricted for more than a week after the initial event. To prevent further attacks, employees are being asked to change their passwords and enable two-factor authentication on their accounts.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Many cybersecurity vulnerabilities can be mitigated by adopting adequate preventative measures. For instance, using strong, unique passwords and two-factor authentication can prevent hackers from using stolen credentials to access accounts and dig deeper into your company’s IT environment. As the costs associated with breach continue to pile up, the ROI on implementing cybersecurity defense becomes easily apparent.

Italy – UniCredit 

Exploit: Exposed database
UniCredit: Banking and financial services company

Risk to Small Business: 1.555 = Severe: UniCredit recently discovered an exposed database containing personal information for millions of the company’s customers. Shockingly enough, the database had been accessible since 2015. This is the company’s third data breach in recent years, and it sent their share price down by 4%. The bank is spending a significant amount of money to update its IT infrastructure to prevent such an event in the future, but that is unlikely to alleviate the reputational damage and regulatory repercussions heading their way.

Individual Risk: 2.428 = Severe: The exposed database contains email addresses and phone numbers for the banks’ clients. Hackers did not have access to login credentials, but that doesn’t mean that those impacted by the breach are out of the woods. Personal details can be used to facilitate additional cybercrimes that can compromise even more sensitive information.

Customers Impacted: 3,000,000

How it Could Affect Your Customers’ Business: The path to restoring customer confidence after a data breach is one that is not well-charted. However, companies are testing their customers’ limits when they endure multiple cybersecurity incidents. Each episode forces businesses to restart the restoration process. Knowing what happens to exposed or stolen customer data is the first step to a swift response that can revive customer confidence.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

Small Businesses Struggle to Acquire Top Cybersecurity Talent 

Few institutions are at more risk of a cyber-attack than SMBs. Unfortunately, these same companies are struggling to compete with major corporations for the IT and cybersecurity talent that can keep their infrastructure and data security. 

In general, this trend reveals a growing chasm between escalating cybersecurity threats and the availability of affordable, qualified professionals who can defend against them. In Canada alone, it’s estimated that organizations will need to fill 3,600 cybersecurity positions alone, meaning that the market forces of supply and demand are inextricably working against SMBs with more modest budgets.

Moreover, today’s cybercrimes are becoming increasingly sophisticated and exponentially more expensive. For instance, credential stuffing and ransomware attacks often require specialized personnel to adequately defend against these threats.

However, SMBs don’t have to bring all of this talent under their own roof. Instead, they can partner with qualified cybersecurity specialists (Like us!) to augment their capabilities and ensure their data security in a dangerous digital environment.


A Note From Kobargo.

Data Breaches Are Pushing SMBs Into Bankruptcy

A recent survey by Zogby Analytics confirmed what many people already knew: data breaches are wreaking havoc on SMBs. In particular, the financial implications of a data breach are overwhelming their capacity and forcing them to take drastic action. 

The survey, which questioned more than 1,000 small business leaders, found that 37% of SMBs that experienced a data breach suffered financial loss and 25% filed for bankruptcy. Ultimately, 10% of SMBs went out of business following a data breach.

At the same time, leaders understand the threat. 88% of respondents indicated that their company was “somewhat likely” to experience a data breach, while nearly half believe that they are “very likely” to be the victim of a data loss event. As today’s world continues to grow increasingly aware of the costs and prevalence of data breaches, the responsibility for leaders to defend against them has never been greater.


Contact Kobargo Technology Partners to schedule a free consultation today!

CATEGORIES

YOU MAY ALSO LIKE

sign up for our newsletter

Be the first to hear about our services, collaborations and online exclusive content. Join the Kobargo Family email list!

    [md-form spacing="tight"]

    [md-text label="E-mail"]

    [/md-text]

    [md-submit style="outlined"]

    [/md-submit]

    [/md-form]

    By submitting this form, you are consenting to receive marketing emails from Kobargo Technology Partners. You can revoke your consent to receive emails at any time by using the SafeUnsuscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact.