Cybersecurity often seems like a moving target. The bad guys have a seemingly endless supply of spammy servers, plus all the time and budget in the world, whereas those charged with protecting companies from cybercrime face normal business constraints in terms of resources. But it’s helpful to remember that fighting cybercrime often starts with adherence to the simplest of best practices. Many of the biggest data breaches of all time were caused by common cybersecurity sins.
Yahoo — Approximately 3 billion users affected
To say Yahoo has had issues with data breaches would be an understatement. Yahoo has the unfortunate claim to the two biggest data breaches to date, and the issues started when an employee clicked on a link in a spear-phishing email. That gave a Latvian hacker the access necessary to find Yahoo’s user database and account management tool. A “state-sponsored actor” was behind the attack, and the FBI’s March 2017 indictments included two Russian spies.
Equifax—Estimated 145.5 million consumers affected
The Equifax breach announced in late 2017 struck fear in the hearts of consumers because no one knows more about you than the credit bureaus. A credit bureau breach hands criminals all of your personal data on a silver platter — which they sell as a “fullz” on the dark web. A fullz is a dossier of stolen identity information and can sell for as little as $15. Hackers gained access to the Equifax network when the IT team failed to install the Apache Struts security patch.
Anthem — Up to 80 million policy holders affected
Anthem — the parent company of Blue Cross and Blue Shield — experienced a cyberattack in February 2015 when five employees fell for a phishing email. When faced with a duplicitous email, they unknowingly downloaded a Trojan with keylogger software, giving hackers access to passwords protecting unencrypted data.
Whether your company has 3,000 customers or 3 billion, it pays to exercise good cybersecurity habits.
Photo: sdecoret / Shutterstock.