A hack on your systems and data may feel very unlikely for your business – yet every company that holds data on customers or employees is vulnerable. With thousands of attacks and billions of dollars lost each year, your organization needs to be constantly vigilant.
In the USA, the average data breach costs $9.44 million, according to IBM. You can keep your company out of that data by learning from the mistakes of those that go before you.
To help keep you safe from potential data breaches, we’re going to look at:
- Four recent data breaches across different industries;
- How the data breach was able to happen;
- What you can do to make sure your company isn’t a victim.
4 Recent Hacks You Need to Know About
#1. Activision falls prey to phishing
Game developer Activision was hacked in December 2022, and the company confirmed it in February this year.
The developer was a victim of ransomware, where hackers accessed company data and demanded money to not release it. The stolen information included a content schedule for one of the biggest titles, Call of Duty, along with employee data.
This confirmation came that the breach occurred when an employee responded to a phishing attack that came through as an SMS.
While it can be hard to control everyone in your company, it’s important to ensure every team member gets good cybersecurity training. It should mitigate most of the risk.
#2. PayPal’s credential stuffing attack
Credential stuffing is when hackers get a list of compromised user data and use it in a brute-force attack to access accounts and secure information. This is exactly what happened to PayPal between December 4 and 6, 2022.
A total of 35,000 customer accounts had unauthorized logins due to previously compromised usernames and passwords. According to PayPal’s statement on the issue, no transactions were completed, but there was a lot of personal information made available.
There has been no statement made about how the login information was initially accessed, but it is confirmed that a bot was used to carry out the “stuffing” of login forms.
To prevent credential stuffing, you should implement 2-factor authentication for your customers and your employees. With a second layer of security in place, credential stuffing becomes obsolete.
#3. ODIN’s unsecured app
ODIN Intelligence is a software company that provides technology solutions to US police and other law enforcement agencies. Its main product is an app called SweepWizard.
In January 2023, there was a public warning that the app wasn’t secure and that data could be leaked from it. When the CEO dismissed the claims, hackers decided to expose the faults and leaked copious amounts of data, including the app’s source code.
The hack was due to inherent vulnerabilities in the app. It led to reams of personal data about suspects as well as intel about imminent police raids becoming available online.
The lesson here is to listen to warnings about your app, site, and system security. Complacency can be one of the biggest risk factors that let hackers gain access to your valuable data.
#4. Yum! Closes down UK operations
In January 2023, Yum! faced a major cyberattack. The parent company of KFC, Pizza Hut, and Taco Bell had its systems compromised and masses of data stolen.
The hacker/s demanded ransom, and 300 stores under various brands closed down for the day. Initial reports stated that customer data potentially leaked during the attack.
A deeper investigation led to the conclusion that it was only employee data that was revealed. While still egregious, it made the breach easier to deal with, and affected employees were given appropriate support.
Yum! has yet to disclose exactly how the ransomware made it onto its systems. General data and system security should always be a priority to help investigations – the fewer entry points, the easier it is to know what happened.
How to Avoid A Hack on Your Business
Cybersecurity may not be 100% foolproof, but you can certainly control it and do everything you can to prevent the attack. Some ways you can ensure you have the best defenses possible include:
- Get a VPN download for your work machines and any devices colleagues use for work.
- Keep software tools updated and push updates out to all devices to keep up with security patches.
- Ensure the right level of monitoring in your systems to alert you to attacks at the earliest opportunity.
- Train your team regularly on cyber attacks and how to prevent them.
Even the biggest companies can and do get attacked. Having the right tools, monitoring, and training should prevent all but the most determined hackers from destroying your business reputation.