In the past few years, the subject of cybersecurity has come to the fore with all manner of organisations – from businesses to governments – becoming the victims of high-profile cyber attacks. Many of which have resulted in the theft of data and losses in the millions of dollars.
With so many high-profile attacks coming to light, why is it that so many organisations still fail to mitigate against the risk of cybercrime?
Perhaps it’s because we all assume that it will never happen to us, that we are somehow immune from being targeted?
With that in mind, let’s take a look at three very high-profile attacks from recent years and lessons learned.
In the summer of 2015, the website Ashley Madison suffered a security data breach when a hacking group known as The Impact Team copied information from the site’s user base and threatened to release it to the public.
For any website a data breach of this nature is a serious concern, but for the Ashley Madison website, it was nothing short of a disaster. Why? Because Ashley Madison is an extra marital dating website – with a serious requirement for the need to protect their users’ personal data at all times.
Ashley Madison had a policy of not deleting users’ personal information. This included real names, home addresses, search history and credit card transactions. As a result, many users of the Ashley Madison website feared being exposed publicly.
While all websites need to be vigilant when it comes to protecting their users’ data, it’s worth any organisation considering which data they truly need to retain, and which data can be safely deleted after a certain period of time. IT solution providers and managed service providers (MSPs) can help their customers implement archiving solutions with clearly defined retention periods that help potentially prevent critical older data from being leaked.
One of the biggest hacks in UK history happened in 2015 when Telecomms Service Provider TalkTalk was hacked, the subject of a security breach that resulted in the theft of the personal details of some 20,000 customers. The culprits behind this theft? Teenage hackers.
As a result, TalkTalk had millions wiped off its share value, and is facing damages in lawsuits from customers and investors. Earlier this year, TalkTalk admitted it had lost almost 100,000 customers since the breach damaged its reputation, at a cost of around £80million.
Taking preventative measures towards cyber security is no longer a “nice to have”, it’s an essential step for any organisation. If the TalkTalk debacle doesn’t present a compelling business case for why any business needs to invest in regular vulnerability checks, then IT Solution Providers and MSPs aren’t doing their job in explaining the financial impacts of such security breaches.
The August 2015 report “A Breach of Trust” – a free PDF download from the Big Brother website – found that between 2011 and 2014, UK local authorities committed an average of four data breaches a day. The majority of these were as a result of human error.
Examples included sending letters to the wrong recipients or leaving sensitive documents on public transport, proving that no piece of technology can circumvent best practices.
Most organisations invest money in firewall and cybersecurity solutions, as well they should, but any IT business needs to take the time to educate their clients that in addition to technological mitigation, they need to build robust IT policies to protect their data. Furthermore, they then need to educate their staff on why these policies are needed to keep the organisation safe.
Hacks, data breaches and cybercrime are no longer something that happens to other people. As any IT solution provider or MSP will tell you, everyone now knows a client or someone within their business community who has been affected.
The costs to an organisation's reputation, including actual measurable dollar losses as well as sometimes insurmountable reputation losses, should be enough that businesses and organisations of all shapes and sizes invest in mitigating against cybersecurity threats.
As IT solution providers, our role is to educate our clients that cybersecurity is no longer a “nice to have”, but something that they must invest in. In short, protecting against cybercrime is the new normal.