Cyberattacks are on the rise. Global ransomware damage costs exceeded $5 billion in 2017 – fifteen times higher than 2015 losses. Ransomware attacks target businesses of any size, leaving millions of personal records exposed and IT teams scrambling to recover data.
These four major hacks in 2017 proved that no business is immune to cyberattacks:
In September 2017, Equifax announced a massive data breach that compromised personal data of 143 million customers.
The attack occurred through a flaw in a web application building tool called Apache Struts. Equifax learned about the vulnerability several months before the attack but didn’t move fast enough to patch the software. As a result, hackers gained access to names, Social Security numbers, birth dates and addresses of millions of Equifax customers between May 13 and July 30.
Equifax was widely criticized for waiting more than a month to alert customers and shareholders about the hack.
A strain of ransomware called WannaCry affected more than 230,000 computers in 150 countries in May 2017. The virus infected Windows computers through a vulnerability called EternalBlue. Windows released a patch for EternalBlue in March, but many systems were still unpatched when the virus started spreading two months later.
WannaCry inflicted serious damage at National Health Service hospitals around the United Kingdom, temporarily locking network computers and causing chaos for British doctors and patients.
A month after WannaCry, a new virus known as Petya infected networks in more than 60 countries, including Ukraine, the United Kingdom and the United States. Petya worked similar to the WannaCry attack, using the Windows vulnerability EternalBlue to infect computers and demand $300 in Bitcoin from the user.
Petya caused major disruptions at global advertising firm WPP, food company Mondelez and the Heritage Valley Health System network in Pittsburgh.
Uber Cover-Up Exposed
In November, Uber admitted to a hack that occurred in 2016. The breach exposed personal information of 57 million users and leaked license numbers of 600,000 Uber drivers.
The hackers reportedly accessed Uber’s data through a third-party cloud service. They broke into Uber’s GitHub account and discovered the login credentials to access data stored in Uber’s Amazon server.
Instead of reporting the breach to authorities and alerting users, Uber paid the hackers $100,000 to keep quiet and destroy the data. Uber will likely face severe legal penalties for failing to report the breach.
Cybersecurity Measures LA Businesses Should Take Today
With new types of hacks emerging every day, you should take precautions to protect your data and educate your workforce about security. Here are the top cybersecurity measures LA businesses can take today:
Most non-IT employees are not familiar with basic security best practices and can unintentionally create security vulnerabilities. Your employees might store confidential company data on their mobile devices or be susceptible to opening phishing emails.
Train your employees how to detect suspicious emails and files, and teach them how to secure their accounts and strengthen their passwords. A well-educated workforce will minimize your exposure to network attacks.
Patch management is a preventative measure that addresses and fixes software vulnerabilities discovered over time. Hackers often target these software weaknesses, going after users who ignore system updates.
The WannaCry attack took advantage of a vulnerability in older Windows operating systems. Microsoft rolled out a patch to update desktops and servers a few months before the attack, but many people didn’t install the update in time.
Ignoring critical system updates puts you at greater risk of ransomware attacks.
Learn more: 3 Steps to a Proper Patch Management Process
Dark Web Scanning
If your company data is compromised, you’ll want to know where your personally identifiable information is circulating. Hackers frequently purchase and sell stolen data on the dark web to commit identity theft and fraud.
A dark web scan monitors criminal chat rooms, private networks and other hidden sites to search for your stolen information. The system notifies you when it detects your compromised data on the dark web.
Although a dark web scan can’t remove your data once it’s been published, it enables you to take precautions to double down on security and protect users from identity theft.
Every employee should be held to sound security policies. Create clear requirements for password safety and user credentials. If you offer a BYOD program, make sure employees are required to install mandatory security software. Clarify what company information can and cannot be accessed through personal devices.
Training should thoroughly cover security guidelines. Every employee from the top down needs to understand the risk involved if these policies aren’t strictly followed.
Hiring a third-party cybersecurity expert is a smart way to unburden your own IT staff from time-consuming security projects.
SugarShot offers custom IT security services for LA businesses. We deliver constant network monitoring, intrusion detection and threat management so you can stop worrying about security threats and start focusing on growing your business. Our on-call IT security team is available 24/7 to protect your infrastructure and mitigate threats quickly.
Need help securing your IT infrastructure? Get a free network assessment to identify critical security vulnerabilities today.