Blog: This History Lesson Can Help You Beef Up Your Business Cybersecurity
Cybersecurity attacks are a major threat to businesses, with a whopping 76 percent reporting they've been targeted in some way. There are so many types of threats to consider that it can feel overwhelming. Not only have ransomware attacks surged over the last couple of years, but the dramatic shift to remote work during the pandemic also opened up new opportunities for hackers.
A lot of cyberattacks start with employees and their devices. Even the most technically savvy can be fooled into clicking on something they shouldn't or downloading a malicious file. Mandatory cybersecurity training isn't costly and can help head off expensive problems. But workers aren't the only vulnerability. Organizations need a thorough business IT security plan, but shockingly, a recent study found 23 percent of SMBs use no endpoint security. The average cost of recovering from a ransomware attack is $84,000—an expense many small and medium-sized businesses can't recover from—so there's really no excuse not to have a security plan.
Two historic data breaches at well-known organizations offer examples of the ways hackers can exploit business cybersecurity weaknesses.
Marriott Cyber Attack
On November 30, 2018, Marriott's President and CEO announced—what was at that point—the largest corporate security breach in history. The company admitted that hackers had been hiding in their system undetected for years.
It was initially estimated that almost 500 million accounts were compromised. Investigators said that in 2014, the network of the Starwood Hotels was breached by a cyber-attack. Two years later, Starwood Hotels was purchased by Marriott Hotels. In 2018, Marriott's internal cybersecurity team found the breach. It had been almost four full years, during which time, the hackers had access to over 20 million customer records, including names, addresses, financial information, and even passport numbers.
Security assessments should be a part of every engagement with an outside party. Whether working with contractors, inheriting a computer or other technologies, and sometimes even employees, it's best to assume they've already been compromised. Put security first.
The Equifax Cyber Attack
In 2017, Equifax announced its network was breached. Almost 150 million U.S. customers were affected. The system vulnerability was initially found in March of that year, and an update and patch were released. But Equifax didn't install that specific update and patch, and it left its systems open to attack.
For the next four months, Equifax didn't see the vulnerability. The patch and update that weren't installed back in March were needed to detect it. That's when the attackers might have penetrated the network.
It was late June when Equifax finally discovered the problem, but Equifax didn't cut off the hacker's access for another month after it was discovered. When they finally plugged the hole, they waited an additional two months before informing the public.
The moral of these stories is to always keep your computer systems updated and patched. Put policies in place for addressing patches and software updates as they're released. You also need to perform regular preventative maintenance on your systems because hackers don't sleep. Lastly, have a response plan in place.
Find a Business Cybersecurity Partner
Marriot and Equifax had the resources to weather the storm, but smaller businesses may not. That's why it's not smart to wait until after a problem to think about your cybersecurity defenses. Because you want to focus on growing your business—and not your technology—working with a Managed Service Provider with a strong focus on IT security can help keep you safe. They have the resources to do a full assessment of your technology, show you the vulnerabilities and how to close them, and then offer proactive management and monitoring so you can sleep soundly at night.