In any given month, thousands of organizations worldwide may suffer a data breach.
A study sponsored by the UK government estimates that 65% of large organizations are affected in any given year, and 25% of large businesses are targeted at least once per month. Not every data breach hits the news, but the organizations that gather media attention following an incident can offer invaluable lessons for the rest of us.
There's no question that data breaches are the epitome of a public relations disaster. Research conducted by OnePoll and Semafone in 2014 indicates that 86% of consumers are hesitant to make purchases from companies that have experienced a data breach. While a security incident isn't always a one-way ticket to bankruptcy, it can often lead to financial troubles and a loss of customer trust for months, if not years, following the incident.
To help you avoid being the subject of media interest and customer panic, we've curated a list of seven high-profile security incidents and what they can teach the rest of us.
What is a Data Breach? (And Why Even Major Brands Are at Risk)
A data breach is a cybersecurity incident in which unauthorized individuals access, copy, or steal sensitive information, such as customer records, financial data, or intellectual property. Common causes include phishing, malware infections, misconfigured systems, or compromised third-party vendors.
While small businesses are frequent targets, large enterprises are not immune. High-profile data breaches at global brands reveal that even organizations with mature security programs can suffer massive losses without real-time visibility into system changes or vulnerabilities.
1. Target
Target was not without security at the time of the well-known breach. There have been many theories suggesting malware. It was reported that the malware was installed on POS machines prior to discovery, with multiple antivirus tools not detecting the malware.
Many intrusion detection or file integrity monitoring solutions offer limited built-in intelligence, which can make it difficult to distinguish between normal file changes and a security incident. In other cases, constant meaningless notifications can lead to alert fatigue. A FIM solution that differentiates between alerts can provide 'smart' notifications and facilitate real-time action to stop a threat in its tracks.
2. Cogent Health Care
Cogent Healthcare suffered a data breach in 2013 that led to the disclosure of 32,000 patients' electronic personal health information (ePHI). In 2013, HIPAA Journal reported that a third-party contractor stored patient data on a website with an inactive firewall, making the information accessible to the general public through Google search indexing.
3. OPM
The U.S. Office of Personnel Management's (OPM) 2015 data breach affected an estimated 20 million people, including federal employees, family members, contractors, and job applicants. NPR noted that the exact method of entry is unknown, although a third-party contractor's website is a possibility. Since the breach, OPM has significantly revised its security methodologies with the help of the Department of Defense.
4. Ashley Madison
In July 2015, the extramarital affairs network Ashley Madison was subject to a very public data breach, which led to the personal information disclosure of 32 million users. While the initial means of gaining entry to Ashley Madison's network are not disclosed, Forbes attributed the intent of the attack to "hacktivism" in 2015. Similarly, organizations with a controversial or politically charged nature may be at an increased risk of being targeted by hacktivists.
5. Jimmy John's
Point-of-sale systems (POS) can represent a major point of vulnerability for organizations in retail, hospitality, and food services. Fast-and-casual sandwich chain Jimmy John's chose to outsource POS management to a third-party vendor and subsequently suffered the theft of card data from hundreds of their restaurant locations for a period of about 3 months.
In 2014, KrebsOnSecurity wrote that this was caused by a brute-force attack on a third-party POS vendor employee's credentials, which allowed cybercriminals to push card skimming malware out to hundreds of locations en masse.
6. Anthem
Anthem, the second-largest provider of insurance in the U.S., suffered a security incident with data loss for two months before the attack was finally detected. Initial entry into Anthem's system was likely gained via a watering hole attack, which is defined as the infection of malware on a website that is frequently visited by a firm's employees. This form of attack is used to gain entry via contractors, entry-level employees, or other individuals who may be vulnerable to security threats.
The breach was finally discovered by one of the organization's database administrators (DBA), not a member of their information security team. CSO Online stated in 2015 that a DBA detected unusual activity originating from their account.
7. Hacking Team
In one of the most ironic security incidents in recent history, an Italian cybercrime group known as "Hacking Team" was breached. It's hard to muster much sympathy for this organization, especially considering they were in the business of selling advanced persistent threats to governments with what Network World calls "sketchy human rights records."
It was determined that the downfall was caused by terrible credential management. One of their engineers had the network password of "Passw0rd," which allowed for very easy brute-force access. Data gleaned from this breach revealed the extent of the organization's crime and PII theft.
How to Avoid a High-Profile Data Breach
Is there a single takeaway from the most infamous data breaches in recent years? Even big brands with highly sophisticated security personnel can make mistakes. Security is challenging, but this doesn't mean you should give up and resign yourself to a data breach. It means adopting the technical safeguards necessary to make your job easier, allowing you to focus on comprehensive policy and vendor management.
CimTrak is an easy-to-use tool for comprehensive IT security in the modern era. An attack vector-independent tool for real-time security incident detection and remediation, it can fill in where your other technical and human safeguards fail, providing intrusion detection, vulnerability assessments, patch management, access control, and antivirus and anti-spam mechanisms.
To learn more about how Cimcor's full suite of security products has the strength to prevent data breaches, click here to request a complimentary demo, or download our technical summary today.
