If we’ve learned anything from the biggest cybersecurity breaches of 2017, it’s this: no one is immune from online threats. Not even the largest companies with millions in technology resources, serious cybersecurity measures and strong reputations as household names.
2017 came and went with multiple significant cybersecurity breaches involving major organizations. And the bad news doesn’t stop there. Cybercriminals aren’t going anywhere. Cybersecurity breaches are still very much a thing.
The average cost of a data breach in 2020 will exceed $150 million by 2020, as more business infrastructure gets connected. – Juniper Research
Here are three of the biggest cybersecurity breaches of 2017, what happened, and what we can learn from them.
Equifax
One of the worst breaches of all time happened in 2017 with Equifax. Equifax, as you almost certainly know, is one of the three largest credit agencies in the United States. Their data, the data that was compromised, is extremely sensitive.
Stolen information included names of customers, their dates of birth, credit card numbers, addresses, driver’s license numbers, and social security numbers. That’s pretty much everything a cybercriminal needs to engage in identity theft.
Verizon
In July of 2017, Verizon had a major cybersecurity breach that affected over 14 million subscribers.
A third-party analytics provider, NICE Systems, was using Amazon’s S3 cloud platform to store “customer call data” from telecom providers including Verizon. – Forbes
While this breach was claimed to have been brief, the 14 million affected had their data exposed, including their names, addresses, phone numbers, and most importantly, their plain text PINs. Again, this is prime information for identity theft.
This happened because some of Verizon’s security measures simply weren’t set up the right way.
Instead of a private security setting, the information was made public. Anyone with the public link could see the Verizon data, which was stored on an Amazon S3 storage server—a commonly used cloud storage for data.
Uber
While Uber’s security breach wasn’t at the same level as the Equifax or Verizon cybersecurity breaches, it was still embarrassing and alarming. In this case, the worst of it was how Uber managed things in the aftermath of the cybersecurity breach.
Uber paid a 20-year-old hacker $100,000 to keep quiet after he managed to get his hands on the personal data of 57 million users.
Instead of being transparent about the leak, Uber tried to conceal it. Not only is that illegal in California, where the home company is based, but it further erodes customer confidence. Any company that falls prey to a cybersecurity breach will take a hit to their reputation. But if you continue to mishandle things, your reputation can suffer even more.
Just ask the folks at Uber.
What we have learned
One of the major takeaways here is that while the cyberattacks have grown sophisticated and complex, there’s a lot companies of all sizes can do to be proactive. The threat is valid, but if you address potential vulnerabilities in a timely manner, you’ll be able to avoid making these kinds of headlines.
For instance, the Equifax attack was due to a flaw in a web application, Apache Struts. The tool is used to build web applications. And here’s the kicker. The problem that led to the breach was identified months earlier, but all of the Equifax machines were not updated. This allowed hackers the ability to enter.
The Uber fiasco illustrates another compelling point. If you do suffer a cyberattack, there are good ways to handle the situation and bad ways to handle it. Restoring customer trust is critical, so it’s best to be transparent and take full responsibility.
Protecting your company from a cybersecurity breach
Your company’s critical data must be protected not only for your customers and their peace of mind but for the sake of your data, as well. You need to stay ahead of ever-changing threats. Cybercriminals are constantly changing their tactics. You have to constantly adjust your protection just to keep pace.
Know where your data is stored, how it’s protected, how often that protection is updated, and utilize data analytics to strategically update your protection as needed.
Cybersecurity breaches are on the rise. Companies must take proactive steps in order to keep their data secure.