Last week, phishing attacks expose protected health information, hackers hijack a shoe company’s email list, patients are upset about healthcare data breaches, and Twitter comes under fire for data misuse.

 

United States – UAB Medicine

Exploit: Phishing attack
UAB Medicine: Academic medical center based in Birmingham, Alabama

Risk to Small Business: 1.666 = Severe: A phishing attack tricked several employees into providing their email credentials to hackers, which subsequently exposed the protected health information for thousands of patients. The email purported to originate from a hospital executive, asking employees to participate in a fake business survey. Executives believe that hackers were trying to access the healthcare provider’s payroll system, but they were prevented from reaching this information. Regardless, the August 7th breach will have a significant impact on the patients whose data was compromised and on UAB Medicine, as they will bear the cost of credit monitoring and identity theft protection services as well as the increased regulatory scrutiny because of the nature of the information involved.

Individual Risk: 2.571 = Moderate: Hackers had access to patients’ protected health information, including names, medical record numbers, dates of birth, dates of service, location of service, and other medical-related information. Some patients also had their Social Security numbers compromised. UAB Medicine is encouraging anyone impacted by the breach to closely monitor their accounts and benefit statements for fraudulent activity. In addition, they should enroll in the year of free credit and identity monitoring services provided by UAB Medicine.

Customers Impacted: 19,557

How it Could Affect Your Customers’ Business: Despite your best efforts, phishing attacks will likely make their way into your employees’ inboxes at some point. Fortunately, comprehensive awareness training can empower employees to sidestep ongoing efforts at gaining access to your network and compromising your data. Given the growing costs associated with a data breach, the ROI on cybersecurity best practices is remarkably clear and should be required for every employee with an email account.

---

United States – TOMS

Exploit: Unauthorized database access
TOMS: Designer and producer of shoes, eyewear, coffee, apparel, and handbags

Risk to Small Business: 2.333 = Severe: In an unusual cybersecurity incident, a hacker hijacked the mailing list for TOMS and sent a message encouraging customers to log off their devices and enjoy the outdoors. The message was not malicious in nature, but the hacker admitted that he accessed the platform for a significant time period before sending the email. The hacker also ridiculed bad actors, describing their actions in obscene language sent to TOMS customers. Fortunately, the hacker didn’t disrupt any other elements of TOMS’ IT infrastructure, but his actions highlight the company’s weak cybersecurity standards, which could negatively impact the company on many fronts.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: When it comes to protecting customer data, speed and precision are your best friends. Unfortunately, too many companies don’t have the IT capabilities to identify a data breach or to adequately investigate an event after it happens. As a result, customer data can virtually linger indefinitely before protective action can be taken, such as changing passwords or otherwise ensuring data integrity. This incident serves as an important reminder that every business needs to enlist in services that help proactively monitor and protect customer data.

---

United States – Methodist Hospitals

Exploit: Phishing attack
Methodist Hospitals: Community-based healthcare system located in Gary, Indiana

Risk to Small Business: 1.222 = Extreme: A successful phishing attack against two employees compromised the private health data for thousands of patients. The incident occurred in June, but the healthcare provider didn’t finish investigating the breach until August. It’s unclear why the company waited two months before making the breach public. Regardless, Methodist Hospitals will face intense regulatory scrutiny due to the nature of the information involved.

Individual Risk: 2.142 = Severe: The compromised data was accessed on June 12th or between July 1st and July 8th. It included patient names, addresses, health insurance information, Social Security numbers, government ID information, passport numbers, financial account numbers, payment card information, electronic signatures, usernames, and passwords. This incredibly expansive data set has a great value on the Dark Web, as it can be used to perpetuate additional cybercrimes. Therefore, those impacted by the breach should take every precaution to protect their data, including contacting their financial institutions and enrolling in credit and identity monitoring services.

Customers Impacted: 68,039

How it Could Affect Your Customers’ Business: Today’s digital landscape is replete with threats, but companies are not defenseless. Phishing scams require employees to actively compromise their credentials, and comprehensive awareness training can equip team members to identify and report fraudulent communications, effectively rendering them useless and creating a safe environment for your customers’ data.

---

Canada – TransUnion 

Exploit: Unauthorized database access
TransUnion: Consumer credit reporting agency

Risk to Small Business: 2.111 = Severe: Using compromised user credentials, hackers accessed the personal information of Canadian TransUnion customers. The breach, which occurred between June 2019 and July 2019 and detected in August, shines a spotlight on the company’s delayed breach response and notification process. Although the company’s IT infrastructure wasn’t at fault, their inability to account for a holistic vulnerability that allowed hackers using stolen credentials to access their customers’ information, will bring negative media scrutiny and public attention to the company.

Individual Risk: 2.857 = Moderate: TransUnion did not release a specific overview of the compromised data; however, the sensitive nature of their business means that personally identifiable information was likely included in the event. Notably, the company acknowledged that credit report data was exposed in the breach. This can include individuals’ names, dates of birth, current and former addresses, information on existing card and loan obligations, social insurance numbers, and other sensitive data.

Customers Impacted: 37,000

How it Could Affect Your Customers’ Business: The deluge of data breaches in the past several years have made login credentials widely available to bad actors. Therefore, today’s companies should be proactive about identifying compromised credentials and taking intentional steps to limit accessibility using this information.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

---

In Other News:

Twitter Uses Two-Factor Data for Targeted Advertising 

Implementing cybersecurity best practices is critical for today’s companies, especially in regard to securing infrastructure throughout an increasingly complicated threat environment. Unfortunately, in many cases, organizations rely on their customers to adopt these priorities in order to effectively protect their data. 

These protocols include initiatives such as using strong, unique passwords to secure accounts and implementing two-factor authentication to further secure this information. Of course, companies undermine user adoption when they use that information to serve up targeted advertising.

This week, Twitter acknowledged that it used the phone number and email address data from its two-factor authentication protocol to developing targeted advertisements. The information was used by the company’s tailored audiences program that allows companies to create targeted advertisements by matching their own marketing lists with Twitter user data. The company resolved the issue on September 17th, but it’s unclear how long companies benefit from this security-centered information.

More importantly, this misuse of personal data might discourage users from adopting these security protocols in the future, a decision that would put both parties at risk for a data breach.

 Last week, hackers make a sport of exploiting online gamers’ data, unauthorized database breach affect software firm, and business leaders lament today’s data landscape.

United States – Zynga 

Exploit: Unauthorized database access
Zynga: Social game development company

Risk to Small Business: 2 = Severe: Hackers gained access to the company’s database, which exposed the personally identifiable information (PII) for millions of customers. The company discovered the breach in September, and they responded by hiring an external investigator to determine the scope and severity of the breach. Unfortunately, by the time they responded, hackers uploaded user data to various hacker forums.

Individual Risk: 2.428 = Severe: The data breach applies to all users of the platform’s popular Words with Friends gaming app on Android and iOS who registered on or before September 2, 2019. In addition, some users of Draw Something, another mobile game produced by Zynga, were compromised. The exposed information includes names, email addresses, login IDs, hashed passwords, password reset tokens, phone numbers, Facebook IDs, and other Zynga account details. Since this information is already available to bad actors on the Dark Web and will be used to perpetuate additional cybercrimes, those impacted by the breach should carefully monitor their accounts while being especially watchful for other fraudulent communications.

Customers Impacted: 218,000,000

How it Could Affect Your Customers’ Business: Data security is increasingly top of mind for consumers. For companies operating in a highly competitive marketplace, it can mean the difference between keeping your customers happy while increasing revenue or losing them forever. Therefore, businesses of every size need to meet the moment by understanding their vulnerabilities, embracing best practices for cyber defense, and building a breach response action plan.

---

United States – Zendesk 

Exploit: Unauthorized database access
Zendesk: Customer service software company

Risk to Small Business: 1.888 = Severe: More than three years after the event, Zendesk acknowledged a data breach after a third party notified the customer service software company of unauthorized data access. The breach impacts Support and Chat accounts, and it includes personal data from all categories of Zendesk users, including customers, agents, and end-users. The company is resetting all passwords for users that registered before November 1, 2016. However, the platform touts many high-profile companies as clients, which means that the breach could have far-reaching repercussions for all stakeholders involved.

Individual Risk: 2.285 = Severe: The personal details of customers, agents, and end-users were compromised in the breach. This includes names, email addresses, phone numbers, passwords, and other technically-oriented data. The company is contacting all customers who could be impacted by the breach, and those affected should reset their Zendesk passwords and any redundant passwords used on other platforms.

Customers Impacted: 10,000

How it Could Affect Your Customers’ Business: When it comes to protecting customer data, speed and precision are your best friends. Unfortunately, too many companies don’t have the IT capabilities to identify a data breach or to adequately investigate an event after it happens. As a result, customer data can virtually linger indefinitely before protective action can be taken, such as changing passwords or otherwise ensuring data integrity. This incident serves as an important reminder that every business needs to enlist in services that help proactively monitor and protect customer data.

---

Canada – The National Basketball Association 

Exploit: Unauthorized database access
The National Basketball Association: Men’s professional basketball league in North America

Risk to Small Business: 2.111 = Severe: An unauthorized user accessed a server managed by the NBA for its Canadian business efforts. The league quickly identified the intrusion and took the server offline, began an investigation, and hired cybersecurity experts to make further recommendations. However, these measures can’t retroactively restore users’ data integrity, nor will it negate the reputational damage that always accompanies a privacy breach.

Individual Risk: 2.428 = Severe: The exposed user data includes names, addresses, email addresses, phone numbers, and other account-related information. Although the breach is limited to those who recently entered an online contest in Canada, this information is especially sensitive, and those impacted by the breach should take every precaution to ensure the long-term integrity of their credentials.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Digital platforms can be a great way to engage customers, but when data integrity is compromised, these initiatives can quickly become a liability. Therefore, cybersecurity needs to be the bedrock of any online engagement to ensure that such marketing efforts meet customers where they are secure, as opposed to manifesting into self-inflicted wounds on your company’s reputation and customer engagement.

---

The United Kingdom – EA Sports 

Exploit: Accidental sharing
EA Sports: Developer and publisher of sports video games

Risk to Small Business: 2 = Severe: EA Sports inadvertently leaked the personal data of 1,600 gamers who participated in a competition on the company’s website. The breach is related to the company’s FIFA 20 Global Series competition. Aside from becoming a PR nightmare for EA Sports on social media, the leak occurred just hours after the company’s announcement of new security features and promotional events related to the UK’s National Cyber Security Month. The webform was removed after thirty minutes, and the competition was temporarily canceled.

Individual Risk: 2.142 = Severe: The leaked data includes email addresses, account ID numbers, usernames, and dates of birth. Those impacted by the breach should monitor their accounts for suspicious or unusual activity.

Customers Impacted: 1,600

How it Could Affect Your Customers’ Business: Even relatively small data breaches can have a sizable impact on a company’s reputation and future earnings potential. Even apart from the bad press and media scrutiny that often accompanies a breach, customers are quick to take to social media to voice their concerns. Taken together, a data breach can quickly escalate into a PR disaster. To protect your brand’s reputation, prioritize customer data security.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

---

In Other News:

U.S. Senate Passes Ransomware Response Law 

Ransomware is making a devastating comeback in 2019, impacting SMBs, government agencies, and educational institutions with frightening regularity and at great cost. 

The scourge of attacks has been so profound that a bill governing ransomware response tactics actually elicited bipartisan support from a divisive U.S. senate.

The new legislation calls for dedicated teams tasked with providing organizations with best practice advice for protecting against and responding to ransomware attacks. These resources will be available for SMBs, government agencies, and schools, which were specifically addressed by the senate minority leader, Chuck Schumer.

The practical effects of such legislation are unclear, but the more prescient fact is that the law exists at all. It underscores the incredible need for more companies to adopt a best practice defensive posture and the chasm between those that are ready to defend themselves and those that remain vulnerable.

However, the law alone won’t solve SMBs problems. They need to understand the ways that their IT infrastructure might be vulnerable, and they need to make addressing those concerns a top priority.

---

A Note From Kobargo

UK Business Leaders Believe Data Breaches Are the New Normal 

The majority of UK businesses have suffered some form of a data breach in 2019, and C-suite business leaders view this reality as the “new normal.” 

This information was derived from the latest Carbon Black study, which surveyed 250 C-level business leaders from the UK. In total, 84% indicated that they endured a data breach in the past year, and the same amount indicated that cyber attacks were becoming more sophisticated.

This new reality is especially notable among smaller businesses, which reported a 57% increase in cyber attacks. While the financial repercussions varied significantly, 75% of executives noted that reputational cost is one of the most problematic results of a data breach.

Interestingly, two of the most prominent threats identified by executives, malware and phishing attacks, are defensible. By implementing comprehensive awareness training, companies of all sizes can neutralize a persistent and problematic threat group.

In a cybersecurity landscape that’s increasingly defined by continuous attacks, controlling some of the variables can give any organization a leg up on the best efforts of bad actors.

---

Contact Kobargo Technology Partners to schedule a free consultation today!

Last week, hackers gain access to data from popular delivery service, ransomware diverts ambulance services, and few employees report sufficient cybersecurity training.

United States – Thinkful

Exploit: Unauthorized database access
Thinkful: E-learning website for developers
Risk to Small Business: 2.333 = Severe: By leveraging an employee’s stolen credentials, an unauthorized third party was able to access the company’s database. While sensitive data, such as social security information, was not exposed, it’s possible that other personal information was accessed. In response, Thinkful has notified its users of the data breach and is requiring password resets on all accounts. While the company wrote to its users that it is taking additional steps to enhance security, these efforts will not help those whose credentials were already compromised in the breach. This incident follows on the heels of the company being acquired by Chegg.
Individual Risk: 2.857 = Moderate: Users’ Social Security numbers were not compromised in the breach, but other personal information could have been accessed by hackers. Users should create unique passwords, enroll in multi-factor authentication, and monitor their accounts for suspicious activity in the wake of the attack.
Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Thinkful’s data breach announcement is especially problematic since it immediately followed news that the company was being acquired by Chegg. It’s unclear how this cybersecurity incident will impact the deal, but cybercriminals often target small companies before an acquisition, hoping to infiltrate their IT infrastructure before coming under the protection of the larger, more robust system of their new parent company. Therefore, businesses must consider cybersecurity as both a moral imperative and financial necessity, especially in the realm of mergers and acquisitions.

---

United States – Campbell County Memorial Hospital

Exploit: Ransomware
Campbell County Memorial Hospital: Healthcare provider operating as part of the Campbell County Health Department
Risk to Small Business: 2.111 = Severe: A ransomware attack on Campbell County Memorial Hospital forced the healthcare provider to divert ambulance services, cancel surgeries, and stop admitting patients. The hospital’s emergency room remains operational, but many services are curtailed. Hackers did not send a ransom demand, leaving hospital IT administrators grappling for a solution. Campbell County Memorial Hospital reports that no patients were harmed because of the outage. However, with no solution in sight, patient care remains dubious and the long-term financial ramifications of the incident could be extensive.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Unfortunately, once a ransomware attack infects your network, there are usually no get-out-of-jail-free cards. Ransom demands themselves often cost companies hundreds of thousands, whereas restorative services can be even more expensive. Moreover, the opportunity costs associated with interrupting business processes only makes matters worse. In this case, patients’ lives could have been put at risk, which is a worst-case scenario for any cybersecurity incident.

---

Canada – DoorDash

Exploit: Unauthorized database access
DoorDash: Food delivery service
Risk to Small Business: 1.555 = Severe: Hackers infiltrated a DoorDash server, providing them with access to user and driver data. In response, the company is encouraging all users to reset their passwords. Although the breach was discovered in early September, it’s unclear why they waited nearly a month before notifying users. Now, DoorDash will likely face legal and reputational blowback that will damage its standing in an already competitive market.
Individual Risk: 2.285 = Severe: Hackers accessed personal data for both DoorDash users and drivers, including names, email addresses, delivery addresses, phone numbers, hashed passwords, and the last four digits of payment cards. However, full payment card data was not accessible. In addition, the breach does not include DoorDash users who joined after April 5, 2018. The platform is encouraging all users to reset their passwords and to monitor their financial accounts for unusual activity. Moreover, those impacted by the breach should know that this data can be used to facilitate additional cyberattacks, including phishing scams, that can further compromise personal information.
Customers Impacted: 4,9000,000

How it Could Affect Your Customers’ Business: In 2019, companies can’t afford to spare any expense when it comes to protecting their data. With the initial cost of a breach soaring and the long-term damage becoming clearer, the big-picture threat is a tangible reality for every company. Rather than hoping to avoid being caught in the crosshairs by hackers, every business should take steps to identify vulnerabilities and to apply best practice solutions to mitigate the risk of a devastating data breach.

---

In Other News:

Cyber Insurance Rises 5% in 2019 
Despite a significant uptick in cybersecurity lapses, the average cost of cyber insurance only rose by 5% in 2019, according to a recent report.
In some ways, this is good news for companies as cyber insurance has become an important commodity in today’s dangerous digital environment. However, the report also found that the insurance industry is getting more adept at controlling its own losses by imposing high deductibles and offering limited payouts.
For instance, the sub-limit on a $1 million ransomware policy can be as low as $25,000, and deductibles often exceed $10,000.
At the same time, the cost of a data breach is escalating quickly, and insurance payouts aren’t adjusting to this new reality, meaning that, even with insurance reimbursement, companies often incur significant direct losses from a data breach.
Taken together, it underscores the importance of a strong defensive posture when it comes to cybersecurity risks as there are no helpful or affordable options once a data breach occurs.

---

A Note From Kobargo

Few Employees Receive Cybersecurity Training 
The precipitous rise in phishing scams and malware attacks has made employee cybersecurity training a critical component of any cyber defense strategy. However, a recent report by Chubbs indicates that many businesses aren’t providing cybersecurity training to their employees.
The report found that only 31% of employees receive cybersecurity training, while 70% of companies claim to have “excellent” or “good” cybersecurity standards.
These divergent claims contradict one another as companies with disengaged or ignorant employees pose a serious cybersecurity threat to their cybersecurity posture.
As data breaches continue to make headlines and to damage businesses’ bottom lines, it seems that too many organizations are unnecessarily putting themselves at risk. Comprehensive employee awareness training is an affordable way to bolster your defensive posture, and it can make a significant impact on the most prescient threats facing businesses today.

---

Contact Kobargo Technology Partners to schedule a free consultation today!

[/mp_span]
[/mp_row]

DATA BREACH, CYBER ALERT MONDAY: 

Last week, data breaches threatened future government contracts, PII was exposed online, and cybersecurity incidents were projected to reach an all-time high.

United States – Carle Foundation Hospital 

Exploit: Phishing attack

Carle Foundation Hospital: Regional, not-for-profit healthcare provider

Risk to Small Business: 2.111 = Severe: Three company employees fell victim to a phishing scam that gave hackers access to their email accounts containing patient data. Although the hospital immediately secured the accounts, the easily preventable incident will expose Carle Foundation Hospital to intense regulatory scrutiny and cascading costs related to the breach.

Individual Risk: 2.428 = Severe: The compromised email accounts belonged to three physicians, and they included data from patients that received cardiology or surgery services at Carle. The data includes patient names, medical record numbers, dates of birth, and clinical information. Fortunately, patients’ Social Security numbers and financial data were not included in the breach. However, personal data is a widely accepted currency on the Dark Web, since personally identifiable information(PII) can be used to facilitate additional cybercrimes. Therefore, those impacted by the breach need to closely monitor their accounts for usual activity while being mindful of other malicious uses of that information.

Customers Impacted: Unkown

How it Could Affect Your Business: Data breaches bring a host of complications to any company, including reputational damage and ancillary recovery costs. Altogether, it can cause significant financial distress to any organization. Neutralizing defensible threats, like phishing scams, is a simple and affordable solution that can play a prominent role in protecting your company’s reputation and bottom line.

---

United States – Miracle Systems

Exploit: Malware attack

Risk to Small Business: 1.555 = Severe: Using stolen credentials, hackers gained access to several databases that store company data related to the US military. The breach, which occurred on three separate occasions between November 2018 and July 2019, was enabled by a malware attack that was distributed via a malicious email attachment. Although the stolen data was years old, the company was closely scrutinized by the Secret Service, and company leaders estimate that they’ve lost as much as $1 million because of the breach. Of course, this doesn’t include the opportunity costs associated with a loss in trust and business with the government.

Individual Risk: 2.428 = Severe: Several email account credentials were stolen during the breach, and their accessibility was broadly advertised on the Dark Web. Although the company believes that this information is outdated, all employees should reset their password and follow best practices for creating unique credentials.

Customers Impacted:Unknown

How it Could Affect Your Business: For many companies, protecting their data should be an extension of protecting their bottom line. The Miracle Systems breach is a reminder of the steep price that many companies pay in lost revenue and reputational damage that can have far-reaching consequences for their financial viability and future business model.

---

United States – Restaurant Depot

Exploit: Spear phishing attack

Restaurant Depot: Commercial food service wholesaler

Risk to Small Business: 1.666 = Severe: Restaurant Depot’s customers are receiving phishing emails requesting payment for invoices, purportedly from the company. In response, customers began lashing out on social media, and the company was forced to issue a statement on its website discrediting the email content. The emails are personalized so cybercriminals likely purchased company data from a Dark Web marketplace, which could suggest the possibility of an even more expansive data breach at Restaurant Depot.

Individual Risk: 2.142 = Severe: Any recipient who paid a fraudulent invoice has compromised their personally identifiable information and their payment data. However, even for those that delete the message, it’s likely that their information was obtained through a different data breach, and they should closely examine their credentials for other potential misuses. In some cases, credit or identity monitoring services might be required to ensure their data’s long-term integrity.

Customers Impacted: Unkown

How it Could Affect Your Business: Having your company co-opted as a tool for cybercriminals is bad for business, and companies that are victimized in this way face an expensive, up-hill battle to restore their customer’s confidence. Preemptively knowing if your employee or customer data is compromised can help prevent this scenario by giving your business an opportunity to respond before hackers wreak havoc on your system.

---

In Other News:

DATA BREACH, CYBER ALERT MONDAY: 

Last week, phishing scams continued to trap employees, weak passwords put company data at risk, and the consequences of a breach were higher for SMBs.

United States – Metro Mobility

Exploit: Unauthorized email account access

Metro Mobility: Shared ride public transportation service for riders with disabilities and health complications

Risk to Small Business: 1.333 = Extreme: An unauthorized party gained access to two employee email accounts that contained customers’ personally identifiable information. The data from one account was available between February 4th and March 12th, and information from the second account was available for several hours on March 12th. The company hired a third-party cybersecurity firm to audit their security standards, and they’ve made changes to prevent a similar breach in the future. However, it’s unclear why the company waited so long to notify customers, and future reparations will not be able to recover the damage of the data that’s already stolen.

Individual Risk: 2.143 = Severe: Impacted email accounts contained personal information, including customers’ names, dates of birth, contact information, drivers’ license information, financial information, medical record numbers, patient identification numbers, and treatment-related information. In addition, some users had their Social Security numbers compromised in the breach. Lyons is providing free credit monitoring and identity restoration services for everyone impacted by the breach. Since this information is incredibly valuable to cybercriminals on the Dark Web, breach victims should take advantage of these services to help ensure the integrity of their data.

Customers Impacted: Unkown

How it Could Affect Your Business: A data breach has far-reaching consequences for any company, which makes a preventable attack like a phishing scam especially problematic. Protecting customer data means protecting your bottom line, and cybersecurity training is a low-cost initiative to ensure that phishing threats are neutralized before they compromise customer data and put your company at risk.

 

United States – Premier Family Medical

Exploit: Ransomware
Premier Family Medical: Comprehensive family healthcare provider

Risk to Small Business: 2.111 = Severe: A ransomware attack on Premier Family Medical has significantly restricted employees’ access to patient data and company services, halting key business operations. In some cases, the opportunity cost associated with a ransomware attack can be more costly than the actual recovery effort, placing a multifaceted strain on a business’s finances.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: 320,000

How it Could Affect Your Business: Ransomware attacks have been on the rise in 2019, often targeting SMBs with limited resources for cybersecurity initiatives. Unfortunately, whether companies pay a ransom or restore operations using other recovery efforts, the implications can lead to lower ROI, or even worse, closed doors. When it comes to protecting your network against a ransomware attack, a strong defensive posture is the only option, and it’s one that every business should consider to be mission-critical in today’s digital environment.

 

United States – Entercom Communications

Exploit: Ransomware

Entercom Communications: Broadcasting and radio company based in Bala Cynwyd, Pennsylvania

Risk to Small Business: 2.111 = Severe: Hackers were able to spread ransomware across a company’s network using one company computer. The attack brought down email services, billing networks, and shared drives. While broadcasts continue uninterrupted, employees have been warned not to connect any devices to the company network, and Entercom expects several days of outages before services will be fully restored. Hackers are demanding $500,000 to decrypt the ransomware, but the company is choosing to use cybersecurity services to restore their network instead.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unkown

How it Could Affect Your Business: Regardless of the recovery methodology, recovering from a ransomware attack is incredibly expensive. In this case, hackers demanded $500,000 to restore Entercom’s network, a cost that comes without guarantees that bad actors will follow through on their promises. However, restoring a network often carries similar or even higher costs, meaning that there are no good solutions once an attack occurs. In a similar breach early this year, a station estimated that they lost up to $800,000 in revenue in addition to the $500,000 recovery charge. Consequently, it’s clear that every business needs to protect its bottom line by ensuring that its cybersecurity standards align with today’s emerging threat landscape.

---

In Other News:

Data Breaches Put Small Businesses at Risk 

Data loss events are a huge risk for any company, but the aftermath of a data breach can be especially problematic for SMBs, a recent study by Bank of America Merchant Services concluded. 

The survey, which included 522 small businesses and 409 consumers in the US, questioned consumers and small businesses about the cybersecurity risks underscoring today’s digital environment. In response, one in five SMBs reported a data breach in the past two years, a 17% increase in two years. Moreover, 41% of small businesses endured a data breach that cost the company more than $50,000.

This financial component is especially troubling for SMBs, which don’t have extravagant resources that large corporations can use to hasten their recovery efforts. Making matters worse, 30% of consumers indicated that they would never return to a small business that endured a data breach, a 20% increase year-over-year.

These trends are taking place as SMBs are increasingly moving online. 51% of SMBs run their own websites, and 70% have some form of e-commerce component to their business.

In total, it’s evident that SMBs have every reason to prioritize data security protocols as a foundational element of a successful, sustainable business model.