What to learn from the most interesting data breaches of 2017
Several high-profile organizations experienced data breaches in 2017. For instance, you probably saw media reports about data breaches involving Equifax or the InterContinental Hotel Group.
It isn’t enough to know that these breaches occurred. Companies and organizations need to pay attention to the mistakes that made the security breaches possible. That way, you can inspect your own company’s policies to make sure you protect yourself and your customers.
Equifax proved that how you behave after a data breach matters
A 2017 data breach at Equifax, one of the world’s largest credit reporting companies, exposed the personal information of approximately 143 million Americans. The problem was deemed so important that Congress held several hearings to understand what had happened.
According to Equifax, the breach happened because of a flaw in one of the company’s web applications.
Obviously, Equifax didn’t get the help it needed closing common cybersecurity holes. The worst part, though, was how Equifax chose to handle the situation. Some of the company’s most egregious actions included:
- Waiting about two months to tell consumers about the breach.
- Letting executives sell their Equifax personal holdings before announcing the breach.
- Creating an unsecured WordPress site to help consumers determine whether they were affected by the breach.
- Requiring consumers to provide even more sensitive information to determine whether the breach affected them.
The most important thing to learn from Equifax is how to behave after a breach happens. Basically, do the opposite of what Equifax did. The organization’s tarnished reputation may never recover.
InterContinental Hotel Group (IHG) exposes thousands of consumers to identity fraud
InterContinental Hotel Group (IHG) revealed in early 2017 that a data breach had affected 12 of its properties. Malware on the company’s servers had stolen credit card information from guests who used their cards at the hotels’ on-site restaurants and bars. Understandably, the announcement concerned thousands of people.
Unfortunately, that wasn’t the end of IHG’s security problems. A couple of months later, the company admitted that the malware hadn’t attacked 12 of its locations. Instead, it had targeted 1,200 locations. The malware also did more than gather credit card information from restaurants and bars. It had stolen personal information from payments processed at hotels, too.
A better cybersecurity process would have likely uncovered the malware before it had a chance to affect so many people. Unfortunately, IHG didn’t have the IT security to identify the threat before it had an opportunity to spread from a handful of locations to thousands.
Ransomware Targeted Organizations in Nearly 100 Countries
In 2017, ransomware became such a huge problem that it affected organizations in nearly 100 countries. Hospitals in Great Britain had to turn away patients because they couldn’t access their medical records. The malware also affected hospitals, police stations and businesses in the United States, Russia, Spain and Portugal. Overall, the ransomware affected about 57,000 networks around the world.
Educating employees to recognize phishing attempts is one of the most effective ways to prevent ransomware attacks. Organizations also need to update their systems and applications to patch security vulnerabilities.
Given the excessively wide reach of the 2017 attack, it’s obvious that most people don’t know how to protect themselves from ransomware.
If you’re worried that you don’t have the right technology or policies to protect your company from data breaches, contact your managed services provider to learn more about the most effective defenses. Without the right tools, you could fall victim to attacks just as easily as the organizations mentioned above.