We’ve looked at some of the biggest data breaches of 2019 to provide insight into how they could have been avoided. Learn from these mistakes to make sure that you’re ready to defend against new threats. Here are key lessons to learn from last year’s incidents.
Cybercriminals love using targeted phishing attacks, delivered via well-crafted fake emails from official-looking addresses. That’s exactly what happened to nine staffers at the Oregon Department of Human Services. A spear phishing attack convinced them to provide their login credentials to the attackers. In the three weeks it took to detect the intrusion, 625,000 patient records and 2.5 million emails were compromised.
The lesson? Human error is the number one cause of cybersecurity incidents, and phishing attacks are the number one cause of a breach. Never stop testing and training your staff using software tools that have constantly update phishing kits, including training to resist COVID-19 scams, with video training available in multiple languages.
Monitoring Dark Web
When your essential information ends up on the Dark Web, it can be used in many more ways than you might think. Personal details like usernames, locations, and old passwords enable cybercriminals to attack companies in a variety of ways including credential stuffing. That’s what happened to Dunkin Donuts. Using credential stuffing, bad actors were able to breach their data and gain access to thousands of customer accounts.
The lesson? Thousands of passwords hit the Dark Web every day, and password lists are cheap. You don’t even have to suffer a breach to be in danger of one because of another company’s lax security. Stolen data from any source can become a data breach for your company. Add a solution like Dark Web Monitoring to monitor the Dark Web for suspicious activity 24/7/365. Monitoring the Dark Web so your company can know when your employee or customer passwords or data is compromised to take action sooner.
Have a Plan
Of course, the fastest way to get your data stolen is to not secure it at all. Companies of every size make this crucial mistake, and it’s always costly. Verifications.io, an email validation service, stored the personally identifiable data of millions of users in a database that wasn’t even password protected. Over 2 million people had their information exposed in that breach, ready to be sold or traded on the Dark Web.
The lesson? Laziness always comes back to bite you later. It pays to pay attention to detail and enforce proper data handling and storage procedures constantly because sloppy data handling is a fast road to a costly and troublesome breach. Search out simple vulnerabilities like this and make sure that you’re using a digital risk protection platform that is up to the challenge of securing today’s remote workforce.
Contact Sieve Networks today to find out more about your risk from our team and how we can help mitigate them.