Cybercriminals don’t take a holiday. In fact, the coming holidays are the busy season for hackers to wreak digital mischief. Black Friday and shopping online go hand in hand during today’s mostly online purchasing behaviors. Whether it’s Black Friday or Cyber Monday, many malicious threats can take advantage of your network’s security and therefore your personal data. 
From a personal perspective, staying alert with your own personal data is always a good thing to keep in mind when doing your online shopping, however, as business owners we must also protect ourselves and our employees during the holidays. Before your employees start sorting through all of the online deals for tech-themed gear or the next popular item for the kids, you might want to improve your network and their cybersecurity awareness. Take a few precautionary measures in the next few weeks to keep your company’s network safe.

Keep Software Up to Date

The new year is right around the corner, and although you may be thinking “New Year, New Network Security” it’s never a good idea to put off ways to bolster your defenses. Before taking off for a holiday break, take the precautions you need and install any updates you might have been putting off. Don’t wait until the new year to keep a clean house. Organizations that don’t install the latest updates leave themselves vulnerable to cyber attacks.

Set Up Firewalls 

Give a hacker a way in and they will take it, no questions asked. There are different ways for your business to stay safe and the most efficient is to set up a firewall. Firewalls work by protecting your internal networks from threats, which is why we recommend installing them not only on your servers, but on all office laptops, computers, and mobile devices too. This should keep your data safe and make a real difference in your security, but you will have to be proactive and keep them up to date – an alert that must be passed on to your employees.

Educate Your Employees on Cyber Safety 

Although you may have the most sophisticated security that you can buy, top dollar security is no match for the bottom of the rung foolishness from employees. Be threat protective and educate your employees on the advantages of your security and how they can truly affect the system – positively and negatively. Having all of this technology at your disposal is no good if your team may put your business at risk by clicking infected pop-ups or falling for phishing scams. Teach your employees the safest ways to use the internet, and you’ll be at an advantage when the holiday shopping begins.

Strengthen Wireless Network Passwords

A few individuals on your team may not be as technologically savvy as you would like and may not know what an open network is. Around the holidays it’s even more important to secure your wireless network with extremely strong passwords that the average person has no hope of guessing. These should naturally protect your network with the strength of the passwords including both letters and numbers. However, some employees may find it harder to keep up with the difficulty of the password. Instead of jotting open passwords down on a sticky note in plain view, we would suggest you encourage your team to make a password a phrase. Something that is memorable but includes a length that may trip up potential threats. Also, train your employees to make frequent password changes to keep the team strong.
Despite our best efforts, cyber-attacks and data breaches do happen. Before heading out for the holidays, make sure that you and your employees are doing what they can to be alerted to suspicious sites during their online shopping that may put your business, and your data, at risk. 
The bottom line: you should never take cybersecurity for granted, no matter the season. During the holidays, it pays to be even more vigilant and never let your guard down. Before you purchase too many items this season, contact Kobargo to schedule an assessment of your system’s security, and ask about any gadgets on your holiday gift list. In fact, it may be best to just casually remind everyone that online shopping isn’t meant for browsing at work, but as we know it’ll most likely happen anyway.
Kobargo Technology Partners delivers managed IT solutions and is a leader in authentication and security, to protect your data and brand from cybercriminals. Leverage our 50 years of experience to protect, manage, and support your network, data, and users.  Visit us to learn more, about what we can do for you!

 Last week, healthcare data targeted by cybercriminals, lax security compromises PII, and Google has access to personal health information of millions.

United States – InterMed 

Exploit: Compromised email account
InterMed: Maine-based physician group

Risk to Small Business: 1.777 = Severe: Hackers gained access to four employee email accounts that contained patients’ protected health information. The first employee account was accessed on September 6th, and the subsequent accounts were available between September 7th and September 10th. Although InterMed did not report the specific vulnerability that led to the breach, credential stuffing and phishing attacks were likely the culprits. The company’s slow response time and the sensitive nature of the compromised data will result in regulatory scrutiny that will amplify the post-breach impact.

Individual Risk: 2.428 = Severe: Patients’ protected health data was compromised in the breach. This includes names, dates of birth, health insurance information, and clinical data. In addition, some Social Security numbers were exposed to hackers. This information has a ready market on the Dark Web, and those impacted by the breach should take every precaution to protect their identity.

Customers Impacted: 30,000

How it Could Affect Your Customers’ Business: Data breaches are becoming increasingly costly, so sufficiently addressing defensible threats should be a top priority for every organization. Employee email accounts are often a top target for hackers who use phishing campaigns and credential stuffing attacks to gain access to their account data. Comprehensive awareness training and Dark Web services that provide advanced notification when credentials are compromised can position companies to protect this easy access point from bad actors.

---

United States – Brooklyn Hospital Center

Exploit: Ransomware
Brooklyn Hospital Center: Full-service community teaching hospital

Risk to Small Business: 2.111 = Severe: A ransomware attack struck Brooklyn Hospital Center, making some patient data inaccessible while deleting other information entirely. The ransomware originated with unusual network activity in July, but it wasn’t until September that the hospital determined that certain data would never be recoverable. However, it’s unclear why it took another month to notify the public of the disabled or missing data. As healthcare providers both big and small face the threat of ransomware attack, this lengthy reporting delay can compound the problem as it ushers in the opportunity for more hostile consumer blowback.

Individual Risk: 2.285 = Severe: Brooklyn Hospital Center declined to identify the specific data compromised in the breach, but healthcare providers are often a target for cybercriminals because of the sensitive nature of this information. Therefore, anyone impacted by the breach should take the necessary steps to ensure their data security, including enrolling in identity monitoring services and closely evaluating their accounts for unusual or suspicious activity.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: This incident is a reminder that ransomware attacks can have ominous outcomes for any organization. While some are cut and dry transactions, others can be more damaging, resulting in permanent data loss or information exposure. Once your company’s data is in the hands of bad actors, there is no script for determining what happens next. With that in mind, preventing ransomware attacks proactively with proper cybersecurity measures must be a top priority for businesses of every shape, size, and sector.

---

United States – Utah Valley Eye Clinic

Exploit: Unauthorized database access
Utah Valley Eye Clinic: Utah-based eye clinic

Risk to Small Business: 2.333 = Severe: A cybersecurity vulnerability at a third-party affiliate compromised personal data for thousands of the clinic’s customers. The incident resulted in patients receiving fraudulent emails indicating that they received a payment from PayPal. The breach was only recently discovered, originally occurring on June 18, 2018, so patient data has been exposed for a significant duration. As a result, the company will likely face legal penalties and lost revenue due to exposed protected health information (PHI).

Individual Risk: 2.142 = Severe: The clinic confirmed that patient email addresses were compromised in the breach, but it also conceded that other personally identifiable information, including names, addresses, dates of birth, and phone numbers, may have been exposed. The prolonged time to the detection means that this information has been available for misuse, and they should be especially vigilant to evaluate online communications and credentials for suspicious or unusual activity.

Customers Impacted: 20,000

How it Could Affect Your Customers’ Business: Third-party partnerships are becoming increasingly important in today’s business environment, yet also capable of inviting potential cybersecurity vulnerabilities. It’s estimated that more than 60% of data breaches involve third-party exposure. Consequently, cybersecurity should be a top priority when considering partnerships, information sharing, or other collaborative opportunities.

---

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

---

In Other News:

Google Has Access to Personal Health Information of Millions of US Patients 

Recently Google partnered with Ascension – one of the largest health systems in America – but did so quietly. This partnership allows Google access to all of Ascension’s patients’ data. Ascension operates 150 hospitals in 21 states.

The effort was code-named “Project Nightingale,” and has allowed some Google employees access to data including names, birth dates, addresses, family members, allergies, immunizations, radiology scans, hospitalization records, lab tests, medications, medical conditions, and even some billing records.

The current agreement does not appear to be a violation of HIPAA (Health Insurance Portability and Accountability Act). Google has been looking to expand its health information efforts, including plans to acquire Fitbit. However, Google has responded to the news of the partnership to say the data will not be used other than to assist Ascension medical providers.

---

A Note From Kobargo.

Australian Cybersecurity Personnel Are On the Verge of Burnout 

For companies around the world, the threat of a data breach is becoming ever-present. This reality is especially pronounced in Australia, where cybersecurity professionals are reporting fatigue and burnout as they battle the litany of threats facing their companies. According to the 2019 Asia Pacific CISO Benchmark Study, the burnout rate among Australian organizations is more than double the global average of 30%. 

In total, 69% of Australian organizations are receiving more than 100,000 cybersecurity alerts every day, significantly higher than the global average. At the same time, the survey, which polled 2,000 information-security professionals, found that Australian organizations were slower to respond to data breaches than companies in other countries. Such behavior compounds costs, as 84% of Australian businesses that experienced a data breach admitted that the expenses exceeded $1 million, a significantly higher sum than other countries in the region.

SMBs are already struggling to hire sufficient cybersecurity personnel, so supporting IT professionals is a critical component of any company’s cybersecurity initiatives. Fortunately, they don’t have to do it alone. The supportive services of an MSP can augment capabilities, lightening the load on in-house cybersecurity professionals.

---

Contact Kobargo Technology Partners to schedule a free consultation today!

Last week, a third party compromises user data, hackers attack digital points of sale, and SMBs struggle to hire top cybersecurity talent.

United States – Web.com

Exploit: Unauthorized database access
Web.com: Domain name registration and web services provider

Risk to Small Business: 2.111 = Severe: An unauthorized third party accessed Web.com’s network, which compromised their customers’ personally identifiable information. The intrusion took place in August 2019, but IT personnel were not able to identify the breach until October 16th. Data breach notifications went out this week, but the significant detection delay will certainly compound the damage for both the company and its customers.

Individual Risk: 2.285 = Severe: The breach compromised names, addresses, phone numbers, email addresses, and service information. Security experts believe that the breach extends beyond Web.com and includes users of Network Solutions and Register.com. This information often makes its way to the Dark Web where it can be repurposed for additional cyber-attacks or identity fraud. Anyone impacted by the breach should scrutinize their online communications, as hackers will use compromised data to orchestrate spear phishing attacks

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Survey after survey reveals that customers are increasingly wary of doing business with companies that can’t protect their personal information. This reality is only exacerbated when companies are slow to detect or respond to security incidents.
As a result, data security and response protocols are an integral part of doing business. In 2019, cybersecurity isn’t just for the IT department to consider. It needs to be a top-down priority that impacts every facet of the company.

---

United States – sPower

Exploit: Cyber-attack
sPower: Renewable energy provider

Risk to Small Business: 1.444 = Extreme: sPower was the victim of a cyber-attack that brought down its services and disconnected its hardware from the electrical grid. Although the attack occurred in April, the details are emerging as part of a Freedom of Information Act filing by reporters covering the energy sector. Hackers were able to leverage a vulnerability in the company’s firewall that allows outside entities to access their network. The event could significantly harm the company’s reputation within the energy industry, impacting its ability to land future contracts and compete with other companies.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Reputation management can mean the difference between earning the next contract and losing out to a competitor. In that regard, ensuring that your organization’s most prescient threats are accounted for can help avoid the bad press and brand erosion that follow in the wake of a cyberattack. While every industry’s threats are unique, every consumer or collaborator wants the same thing: sufficient cybersecurity to meet the moment.

---

United States – City of San Marcos

Exploit: Cyber-attack
City of San Marcos: Local government municipality

Risk to Small Business: 1.666 = Severe: Hackers accessed the city’s computer systems and restricted access to significant portions of their IT infrastructure. The attack, which began on October 24th, brought down email accounts and other communication services. As a result, messages sent to city employees were not delivered, though government facilities remain open. Recovering from the attack is proving especially difficult, as the services are still restricted for more than a week after the initial event. To prevent further attacks, employees are being asked to change their passwords and enable two-factor authentication on their accounts.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Many cybersecurity vulnerabilities can be mitigated by adopting adequate preventative measures. For instance, using strong, unique passwords and two-factor authentication can prevent hackers from using stolen credentials to access accounts and dig deeper into your company’s IT environment. As the costs associated with breach continue to pile up, the ROI on implementing cybersecurity defense becomes easily apparent.

---

Italy – UniCredit 

Exploit: Exposed database
UniCredit: Banking and financial services company

Risk to Small Business: 1.555 = Severe: UniCredit recently discovered an exposed database containing personal information for millions of the company’s customers. Shockingly enough, the database had been accessible since 2015. This is the company’s third data breach in recent years, and it sent their share price down by 4%. The bank is spending a significant amount of money to update its IT infrastructure to prevent such an event in the future, but that is unlikely to alleviate the reputational damage and regulatory repercussions heading their way.

Individual Risk: 2.428 = Severe: The exposed database contains email addresses and phone numbers for the banks’ clients. Hackers did not have access to login credentials, but that doesn’t mean that those impacted by the breach are out of the woods. Personal details can be used to facilitate additional cybercrimes that can compromise even more sensitive information.

Customers Impacted: 3,000,000

How it Could Affect Your Customers’ Business: The path to restoring customer confidence after a data breach is one that is not well-charted. However, companies are testing their customers’ limits when they endure multiple cybersecurity incidents. Each episode forces businesses to restart the restoration process. Knowing what happens to exposed or stolen customer data is the first step to a swift response that can revive customer confidence.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

---

In Other News:

Small Businesses Struggle to Acquire Top Cybersecurity Talent 

Few institutions are at more risk of a cyber-attack than SMBs. Unfortunately, these same companies are struggling to compete with major corporations for the IT and cybersecurity talent that can keep their infrastructure and data security. 

In general, this trend reveals a growing chasm between escalating cybersecurity threats and the availability of affordable, qualified professionals who can defend against them. In Canada alone, it’s estimated that organizations will need to fill 3,600 cybersecurity positions alone, meaning that the market forces of supply and demand are inextricably working against SMBs with more modest budgets.

Moreover, today’s cybercrimes are becoming increasingly sophisticated and exponentially more expensive. For instance, credential stuffing and ransomware attacks often require specialized personnel to adequately defend against these threats.

However, SMBs don’t have to bring all of this talent under their own roof. Instead, they can partner with qualified cybersecurity specialists (Like us!) to augment their capabilities and ensure their data security in a dangerous digital environment.

---

A Note From Kobargo.

Data Breaches Are Pushing SMBs Into Bankruptcy

A recent survey by Zogby Analytics confirmed what many people already knew: data breaches are wreaking havoc on SMBs. In particular, the financial implications of a data breach are overwhelming their capacity and forcing them to take drastic action. 

The survey, which questioned more than 1,000 small business leaders, found that 37% of SMBs that experienced a data breach suffered financial loss and 25% filed for bankruptcy. Ultimately, 10% of SMBs went out of business following a data breach.

At the same time, leaders understand the threat. 88% of respondents indicated that their company was “somewhat likely” to experience a data breach, while nearly half believe that they are “very likely” to be the victim of a data loss event. As today’s world continues to grow increasingly aware of the costs and prevalence of data breaches, the responsibility for leaders to defend against them has never been greater.

---

Contact Kobargo Technology Partners to schedule a free consultation today!

Last week, ransomware takes business infrastructure offline, spear-phishing campaign costs local government thousands, and executives continue to ignore spooky cybersecurity risks.

United States – Billtrust 

Exploit: Ransomware attack
Billtrust: B2B billing service provider

Risk to Small Business: 2.333 = Severe: A ransomware attack crippled Billtrust’s customer-facing systems, forcing them to bring all infrastructure offline to stop the malware’s spread. The company discovered the attack on October 17th, and it’s taken nearly a week just to begin recovery efforts. Fortunately, Billtrust maintained backups that were unaffected by the attack, which made it possible to avoid paying the ransom demand. Nevertheless, the lost revenue, reputational damage, and recovery expenses will definitely chip away at the company’s bottom line.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Whether in the form of ransomware payments to regain access to their networks or interrupted processes due to downed servers, the costs associated with ransomware can quickly escalate. With such attack vectors on the rise, businesses must take responsibility and protect their valuable IT infrastructure.

---

United States – Kalispell Regional Healthcare

Exploit: Phishing attack
Kalispell Regional Healthcare: Family healthcare provider

Risk to Small Business: 1.555 = Severe: Several employees fell for a phishing campaign that compromised their login credentials and patients’ personally identifiable information. Hackers accessed the data between May 24, 2019, and August 28, 2019. As a result, the company will bear the cost of identity and credit monitoring services for all victims, and they will face intense regulatory scrutiny. Brand reputation is also jeopardized, as the hospital was formerly recognized as a highly-ranked healthcare provider for their cybersecurity practices.

Individual Risk: 2 = Severe: Personally identifiable information that may have been compromised includes their names, Social Security numbers, addresses, medical record numbers, dates of birth, phone numbers, email addresses, and medical history. The healthcare provider is offering victims a year of free credit and identity monitoring services, and those impacted by the breach should enroll in these programs. Cybercriminals can use the data to facilitate additional attacks, so they should carefully scrutinize unusual or unexpected messages or account activity.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Before the breach, Kalispell Regional Healthcare was acknowledged for its distinguished data security readiness standards. Unfortunately, the lack of employee awareness training led to a phishing scam that made the entire network vulnerable. In today’s digital landscape, comprehensive phishing scam awareness training should be a routine requirement for any employee with an email address.

---

United States – Ocala City

Exploit: Spear phishing attack
Ocala City: Local municipality

Risk to Small Business: 1.666 = Severe: A spear-phishing attack convinced an Ocala City employee to transfer $640,000 to a fraudulent bank account. The account still had $110,000 left when the city identified the scam, but cybercriminals still walked away with over $500,000. To trick the employee, cybercriminals sent an email purportedly from one of the city’s construction contractors and requested payment to a bank account that did not belong to the contractor. While the email and bank account were fraudulent, the invoice was legitimate, which made this incident especially difficult to detect.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Spear phishing attacks are highly targeted and can be difficult for employees to identify. However, as more data becomes available to bad actors, businesses need to plan for this reality, training employees to spot small differences that often reveal a threat. Ocala City tells a cautionary tale that failing to adjust to today’s threats can be an expensive mistake.

---

New Zealand – Competitive Pest Services 

Exploit: Insider data theft
Competitive Pest Services: Pest control service

Risk to Small Business: 2.222 = Severe: Before leaving the company, a former employee downloaded customer data and shared it with his new employer. The information was then used to solicit business from Competitive Pest Services’ customers. In response, the company has updated its data security software to restrict access to sensitive company data and notify IT admins when information is downloaded. Unfortunately, reactive responses cannot secure customer data, and it likely won’t help restore consumers’ confidence in their data management practices.

Individual Risk: 2.142 = Severe: Personally identifiable information was limited to customer names, addresses, and phone numbers. However, this is more than enough information to perpetuate additional cyberattacks that could compromise even more sensitive data. Therefore, those impacted by the breach should carefully monitor their identity information, and they may want to consider enrolling in identity monitoring software to provide long-term oversight of their information.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Taking proactive measures to protect your customers’ data is the best way to protect against a breach. This requires that companies remain up-to-date on the most prescient threats and take steps to mitigate their exposure before a data loss event takes place. Too many companies choose to update their protocols after a breach, a step that won’t repair the damage that’s already been done.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

---

In Other News:

Australian CEOs Fail to Appreciate Cyberthreats

Today, data breaches are top-of-mind for companies and consumers alike; however, those concerns appear don’t appear to have made it all the way to the C-suite. 

According to a recent survey of Australian executives, those in leadership positions significantly overestimate their company’s cybersecurity capabilities, exposing a serious disconnect between decision-makers and those charged with securing a company’s data.

For example, 63% of CISOs surveyed said that their company experienced a data breach in the past 12 months, but only 6% of CEOs shared this viewpoint. Similarly, 44% of CEOs thought that their company was prepared to respond to a cyberthreat, while only 26% of CISO’s were confident in this assertion.

This disparity doesn’t just relate to technological capabilities. 69% of CISOs view cybersecurity as an integral part of their business plan and only 27% of CEOs saw it as a bottom-line issue.

Other surveys have shown that cybersecurity professionals are quickly becoming overwhelmed by their jobs, and many are considering leaving the field altogether. Without support from top-level executives, this problem will only get worse, which means that data security will become more problematic.

---

A Note From Kobargo.

Consumers Will Stop Engaging with Brands Online After Data Breach 

After years of high-profile data breaches, consumers are fed up with companies that can’t protect their data, and they are increasingly willing to cut off brands that fail in this regard. 

In a recent survey by Business Wire, nearly 50% of respondents are more concerned about data security then they were a year ago. Notably, 81% indicated that they would stop engaging with brands online after a data breach, and 63% of consumers believe that the company is always responsible for data security.

These findings place a significant burden on companies to evaluate their cybersecurity posture. In today’s digital landscape, failing to protect customer data won’t just be inconvenient. It could be the beginning of the end for many businesses.

Rather than leaving it to chance, get the support that you need to ensure that your company is ready to address consumer demands as the costs of failing to meet the moment is incredibly steep.

---

Contact Kobargo Technology Partners to schedule a free consultation today!

 Last week, ransomware will cost companies critical revenue, repeat offenders put customer loyalty at risk, and businesses fail to account for the risks of compromised employee credentials.

 

United States – Alphabroder

Exploit: Ransomware attack
Alphabroder: Promotional product supplier

Risk to Small Business: 1.555 = Severe: A ransomware attack temporarily halted Alphabroder’s processing and shipping platform. Since the ransomware prevented the company from executing orders, Alphabroder was forced to make a statement on social media and interrupt most business processes. Alphabroder did subscribe to cybersecurity insurance to help offset the costs, but the reputational damage and long-term infrastructure costs can be difficult to quantify and are capable of significantly dampening the company’s financial prospects in the near term.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Cybercriminals are always looking for new ways to profit from businesses’ IT vulnerabilities. Unfortunately, these bad actors only have to execute their strategy once to inflict incredible long-term damage to a company. This complicated threat landscape makes it especially important that businesses regularly assess their cybersecurity stance to ensure that they are ready to defend whatever comes their way.

---

United States – Stripe

Exploit: Phishing attack
Stripe: Online payment processing company

Risk to Small Business: 1.888 = Severe: Hackers are deploying fake and invalid Stripe support alerts to engage customers and procure user credentials. After clicking on the fictitious support alert, users are prompted to enter their bank account information and user credentials on a fake customer login page. This isn’t the first time that Stripe customers have been targeted in phishing attacks, and such attacks are becoming increasingly sophisticated and prevalent.

Individual Risk: 2.428 = Severe: Given that Stripe is an online financial platform, users can easily be tricked into providing their most sensitive personal data to cybercriminals. It’s unclear if any Stripe customers have fallen for this phishing scam, but any users who responded to one of these malicious messages had their personal data compromised. They should immediately report this to Stripe and their other financial institutions, and they should take steps to ensure their data’s long-term integrity.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Cybersecurity has taken center stage among customers and employees, and both are demonstrating an unwillingness to work with companies that can’t protect their information. Especially for companies operating in a crowded and competitive market, top-shelf cybersecurity standards are a prerequisite to a thriving business model

---

United States – Pitney Bowes Inc. 

Exploit: Malware attack
Pitney Bowes Inc.: Mail management company

Risk to Small Business: 2.111 = Severe: A malware attack prevented Pitney Bowes’ employees and customers from accessing critical services. The company, which specializes in mail management, lost business directly as a result of the attack. Customers were unable to refill postage or upload transactions on their mailing machines. In addition, news of the announcement sent the company’s shares down 4%, which underscores the many ways that a cybersecurity incident can negatively impact a company’s bottom line.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Regardless of the attack methodology, cybersecurity events are incredibly costly for companies. In this case, Pitney Bowes was punished by investors, lost revenue opportunities, and endured reputational damage that will have long-term implications for the company. Given the high cost of recovery, pursuing robust cybersecurity services is a bargain.

---

United Kingdom – Sonic Jobs

Exploit: Exposed database
Sonic Jobs: Job recruitment website

Risk to Small Business: 2.111= Severe: An exposed database revealed the personal information of thousands of job seekers. Sonic Jobs, which partnered with Amazon Web Services for its database, failed to change the database configuration to private, meaning that all users could view the details of job applicants and anyone who knew the locations of the servers could have downloaded the information.

Individual Risk: 2= Severe: The exposed data was provided by job seekers, and it includes their names, addresses, contact information, and work experience. This information can quickly be sold on the Dark Web, where it can be used to facilitate other cybercrimes including phishing and identity scams. To protect themselves, anyone impacted by the breach should enroll in identity monitoring services while also being especially critical of unusual or unexpected communications.

Customers Impacted: 29,202

How it Could Affect Your Customers’ Business: In its response, Sonic Jobs cited its limited resources as one reason that the database’s configuration went undetected. Unfortunately for the company, consumers and global regulators don’t look at this metric when deciding how to respond to a data breach. Given the enormous financial and reputational costs of a data breach, acquiring the services to assess and secure your cybersecurity landscape is a no brainer.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

---

In Other News:

Canadian Companies Victimized by Uptick in Ransomware 

2019 has seen a precipitous increase in the number of ransomware attacks reaching SMBs, government agencies, and educational institutions. These attacks, which consist of encrypting a company’s files and then demanding a ransom payment, are becoming especially common among institutions that lack the resources to continually defend against the devastating attack vector. 

Now, that reality is hitting Canadian businesses especially hard, a noteworthy development for a country that has often managed to avoid being victimized by such threats.

According to a recent survey, 88% of Canadian organizations experienced some type of data breach in the past year, and 82% noted an increased attack volume during that period. However, in that survey, ransomware only accounted for 14% of these breaches. Since then, a string of Canadian healthcare companies, small businesses, and government organizations have been targeted. Some are speculating that the malware’s success in other countries, including the U.S., has encouraged cyber criminals to broaden their horizons.

Regardless of the intention, with ransomware widely available for lease on the Dark Web, businesses shouldn’t expect these attacks to abate any time soon. Rather, they should continually review and update their cybersecurity posture to ensure that their infrastructure is capable of defending against the latest ransomware strains.