{"id":431,"date":"2020-12-05T11:46:09","date_gmt":"2020-12-05T11:46:09","guid":{"rendered":"http:\/\/sugarshotlive.wpengine.com\/?p=431"},"modified":"2023-05-11T09:08:14","modified_gmt":"2023-05-11T09:08:14","slug":"4-major-hacks-in-2017-and-how-your-los-angeles-business-should-respond","status":"publish","type":"post","link":"https:\/\/www.sugarshot.io\/4-major-hacks-in-2017-and-how-your-los-angeles-business-should-respond\/","title":{"rendered":"4 Major Hacks in 2020 (And What Your Business Can Learn From Them)"},"content":{"rendered":"<p dir=\"ltr\">Cyberattacks are on the rise year over year, and 2020 was no exception. Global <a href=\"https:\/\/www.sugarshot.io\/how-ransomware-works-how-to-thwart-los-angeles-ransomware-attacks\/\">ransomware<\/a> damages hit $11.5 billion in 2019, and <a href=\"https:\/\/cybersecurityventures.com\/global-ransomware-damage-costs-predicted-to-reach-20-billion-usd-by-2021\/\">Cybersecurity Ventures<\/a> estimates that number will double by 2021.\u00a0<\/p>\n<p dir=\"ltr\">\u00a0<\/p>\n<p dir=\"ltr\">This year\u2019s alarming number of data breaches has been attributed to cybercriminals exploiting security weaknesses during the COVID-19 pandemic. The global shift to <a href=\"https:\/\/www.sugarshot.io\/how-to-transition-to-a-remote-workforce\/\">remote work<\/a> has prompted hackers to launch multi-faceted cyberattacks aimed at individuals and businesses of all sizes.\u00a0<\/p>\n<p dir=\"ltr\">Data breaches prove that no business is immune to cyberattacks. Let\u2019s review 2020\u2019s biggest hacks and learn what they can teach us about cybersecurity.<\/p>\n<h2>THE BIGGEST DATA BREACHES IN 2020<\/h2>\n<p dir=\"ltr\">Unfortunately, cybercrime isn\u2019t going away. Every business and IT professional must take security issues more seriously to protect organizations from the following scenarios.<\/p>\n<p dir=\"ltr\">\u00a0<\/p>\n<h3 dir=\"ltr\">1. MARRIOTT<\/h3>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">In March 2020, hackers accessed an internal data system that contained the personal information of approximately 5.2 million hotel guests who used Marriott\u2019s loyalty program. The data was accessed using two employees\u2019 stolen login credentials at one of Marriott\u2019s franchise properties.<\/p>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">According to the Marriot, hackers might have obtained these employees&#8217; credentials by phishing or credential stuffing.<\/p>\n<p>\u00a0<\/p>\n<p dir=\"ltr\"><strong>LESSON 1: Protect Yourself From <a href=\"https:\/\/www.sugarshot.io\/4-signs-that-youve-received-an-email-scam\/\">Phishing Scams<\/a><\/strong><\/p>\n<p dir=\"ltr\">\u00a0<\/p>\n<h3 dir=\"ltr\">2. NINTENDO<\/h3>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">In June 2020, Nintendo announced that 300,000 Nintendo accounts had been breached since the beginning of April. Cybercriminals used customers\u2019 Nintendo Network IDs to make fraudulent purchases without permission. The hackers could also see customers\u2019 personal information and access payment services linked to their accounts to make additional purchases.<\/p>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">As a result of this breach, Nintendo stopped letting users log in to play with their Nintendo Network ID (NNID). The company also recommended that users enable two-factor authentication (2FA) to protect their data.<\/p>\n<p>\u00a0<\/p>\n<p dir=\"ltr\"><strong>LESSON 2: <a href=\"https:\/\/www.sugarshot.io\/what-is-multi-factor-authentication\/\">Use MultI-Factor Authentication<\/a> (MFA)<\/strong><\/p>\n<p dir=\"ltr\">\u00a0<\/p>\n<h3 dir=\"ltr\">3. ZOOM<\/h3>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">At the beginning of April 2020, reports indicated that 500,000 stolen Zoom account credentials (usernames and passwords) were available for sale on the dark web. Cybercriminals began \u201cZoom bombing,\u201d recording meetings, infiltrating sessions with unwanted screen shares and often shouting obscenities.\u00a0<\/p>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">The Zoom hack resulted from \u201ccredential stuffing,\u201d a method in which hackers use data from previous data breaches to obtain login credentials. In this case, hackers compiled stolen credentials into lists bought by other cybercriminals.<\/p>\n<p>\u00a0<\/p>\n<p dir=\"ltr\"><strong>LESSON 3: Create Strong Password Policies and Require Unique Passwords For All Accounts<\/strong><\/p>\n<p dir=\"ltr\">\u00a0<\/p>\n<h3 dir=\"ltr\">4. MAGELLAN HEALTH<\/h3>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">In April 2020, Magellan Health fell victim to a cyberattack in which hackers exfiltrated 365,000 patient data records and then deployed ransomware. By impersonating a Magellan client, the attackers were able to gain access to Magellan\u2019s system five days before the ransomware attack. <\/p>\n<p dir=\"ltr\">Hackers installed malware to steal employee login credentials and gain access to a single corporate server. That server housed sensitive patient data, including Social Security numbers, W-2 information, and health insurance and treatment information. Unfortunately, this wasn\u2019t Magellan\u2019s first breach: a phishing attack at Magellan lasted for more than a month in 2019.<\/p>\n<p>\u00a0<\/p>\n<p dir=\"ltr\"><strong>LESSON 4: Use Antivirus Software<\/strong><\/p>\n<p dir=\"ltr\">\u00a0<\/p>\n<h2 dir=\"ltr\">5 CYBERSECURITY MEASURES BUSINESSES SHOULD TAKE TODAY<\/h2>\n<p>\u00a0<\/p>\n<h3 dir=\"ltr\">1. MAINTAIN CLEAR SECURITY POLICIES<\/h3>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">Fail to plan, plan to fail. Without clear security policies in place, you\u2019re exposing your business to cyberattacks. Every employee needs to understand the risk involved if security policies aren\u2019t strictly followed.<\/p>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">Here are a few things to include in your cybersecurity checklist:<\/p>\n<p>\u00a0<\/p>\n<ul>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\">Perform a risk assessment<\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\">Protect your data<\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\">Evaluate <a href=\"https:\/\/www.sugarshot.io\/is-byod-worth-the-investment\/\">BYOD policies<\/a><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\">Maintain strong password policies<\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\">Use multiple layers of protection<\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\">Limit user access<\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\">Impose email restrictions<\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\">Secure your WiFi<\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\">Update security policies regularly<\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\">\u00a0<\/p>\n<p dir=\"ltr\">Read: <a href=\"https:\/\/www.sugarshot.io\/the-small-business-cyber-security-checklist\/\">The Ultimate Small Business Cyber Security Checklist<\/a><\/p>\n<p dir=\"ltr\">\u00a0<\/p>\n<h3 dir=\"ltr\">2. CONDUCT SECURITY TRAINING<\/h3>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">Most non-IT employees are not familiar with basic security best practices and can unintentionally create security vulnerabilities. Your employees might store confidential company data on their mobile devices or be susceptible to opening phishing emails. Train your employees how to detect suspicious emails and files, and teach them how to secure their accounts and strengthen their passwords.\u00a0<\/p>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">Every employee should be held accountable to follow cybersecurity policies. A well-educated workforce will minimize your exposure to network attacks. Training should thoroughly cover your security policies.<\/p>\n<p dir=\"ltr\">\u00a0<\/p>\n<ul>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\">Require your IT staff to earn cybersecurity certifications.<\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\">Host regular cybersecurity awareness training sessions.<\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\">Test your employees on what they\u2019ve learned after a training session.<\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\">Require employee signatures when implementing new policies.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<h3 dir=\"ltr\">3. CREATE A BACKUP AND RECOVERY PLAN<\/h3>\n<p>\u00a0<\/p>\n<p dir=\"ltr\"><a href=\"https:\/\/www.sugarshot.io\/the-4-levels-of-data-backup\/\">Data backup<\/a> and recovery methods give you invaluable peace of mind. Protecting yourself against cyberattacks can prevent you from experiencing a data breach that could kill your business.\u00a0<\/p>\n<ul>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\">Schedule regular backups.<\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\">Maintain backup data in the <a href=\"https:\/\/www.sugarshot.io\/cloud-backup-los-angeles-save-your-business-from-natural-disasters\/\">Cloud<\/a> or off-site storage facility.<\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\">Evaluate and test your data recovery process to keep repeat hackers at bay.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<h3 dir=\"ltr\">4. PRACTICE REGULAR PATCH MANAGEMENT<\/h3>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">Software patches are released periodically by software providers to address glitches in software applications. A patch management process is a preventative measure that addresses and fixes these software vulnerabilities, keeping your systems safe. Ignoring critical system updates puts you at greater risk of ransomware attacks.\u00a0\u00a0\u00a0<\/p>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">Your patch management process should include these steps:<\/p>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">1. Inventory all company software<\/p>\n<p dir=\"ltr\">2. Create and regularly review your patch management policies<\/p>\n<p dir=\"ltr\">3. Stay current with patch updates<\/p>\n<p dir=\"ltr\">4. Test patches before deployment<\/p>\n<p dir=\"ltr\">5. Backup your data<\/p>\n<p dir=\"ltr\">6. Download and deploy patches securely<\/p>\n<p dir=\"ltr\">7. Document and categorize all patch applications<\/p>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">Learn more: <a href=\"https:\/\/blog.csgsupport.net\/steps-proper-patch-management-process?__hstc=127814098.313a8478ed0139119fac642f6f5e2edb.1592865022365.1606954053381.1607017997400.52&amp;__hssc=127814098.1.1607017997400&amp;__hsfp=868739717\">7 Steps to a Proper Patch Management Process<\/a><\/p>\n<p dir=\"ltr\">\u00a0<\/p>\n<h3 dir=\"ltr\">5. CONSIDER DARK WEB SCANNING<\/h3>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">If your company data is compromised, you\u2019ll want to know where your personally identifiable information is circulating. Hackers frequently purchase and sell stolen data on the dark web to commit identity theft and fraud.\u00a0<\/p>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">A <a href=\"https:\/\/www.sugarshot.io\/why-los-angeles-businesses-need-to-invest-in-dark-web-scanning-today\">dark web scan<\/a> monitors criminal chat rooms, private networks and other hidden sites to search for your stolen information. The system notifies you when it detects your compromised data on the dark web.\u00a0\u00a0\u00a0<\/p>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">Although a dark web scan can\u2019t remove your data once it\u2019s been published, it enables you to take precautions and protect users from identity theft.\u00a0\u00a0\u00a0<\/p>\n<p dir=\"ltr\">\u00a0<\/p>\n<h2 dir=\"ltr\">OUTSOURCE YOUR CYBERSECURITY NEEDS TO SUGARSHOT<\/h2>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">2020 has been quite a year, replete with natural disasters, a global pandemic and record-breaking cyberattacks. Cyberattacks are more common than you think. They can threaten your business \u2014 and they can happen to you.<\/p>\n<p>\u00a0<\/p>\n<p dir=\"ltr\"><a href=\"https:\/\/www.sugarshot.io\/benefits-of-outsourcing-cybersecurity\/\">Outsourcing your cybersecurity<\/a> needs is a smart way to unburden your IT staff from time-consuming security projects.\u00a0\u00a0\u00a0<\/p>\n<p>\u00a0<\/p>\n<p dir=\"ltr\">SugarShot offers 24\/7 <a href=\"https:\/\/www.sugarshot.io\/services\/cyber-security-los-angeles\/\">custom IT security services<\/a> for businesses. We deliver constant network monitoring, intrusion detection and threat management so you can stop worrying about security threats and start focusing on growing your business.\u00a0<\/p>\n<p>\u00a0<\/p>\n<p dir=\"ltr\"><strong>Need help securing your IT infrastructure? Get a free network assessment to identify critical security vulnerabilities today.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"Cyberattacks are on the rise. Global ransomware damage costs exceeded $5 billion in 2017 \u2013 fifteen times higher than 2015 losses. Ransomware attacks target businesses of any size, leaving millions of personal records exposed and IT teams scrambling to recover data.","protected":false},"author":2,"featured_media":1049,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[10,6,8],"tags":[5,26,16,4,12,13],"class_list":["post-431","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business-it-101","category-cybersecurity","category-future-of-business","tag-cyber-security","tag-cyberattack","tag-cybercrime","tag-data-security","tag-network-security","tag-ransomware"],"_links":{"self":[{"href":"https:\/\/www.sugarshot.io\/api\/wp\/v2\/posts\/431","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sugarshot.io\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sugarshot.io\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sugarshot.io\/api\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sugarshot.io\/api\/wp\/v2\/comments?post=431"}],"version-history":[{"count":0,"href":"https:\/\/www.sugarshot.io\/api\/wp\/v2\/posts\/431\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sugarshot.io\/api\/wp\/v2\/media\/1049"}],"wp:attachment":[{"href":"https:\/\/www.sugarshot.io\/api\/wp\/v2\/media?parent=431"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sugarshot.io\/api\/wp\/v2\/categories?post=431"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sugarshot.io\/api\/wp\/v2\/tags?post=431"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}