With headlines of a new cyber attack popping up every other week, there’s no denying that IT security concerns are on the rise. According to a recent survey, 78 percent of cybersecurity executives are worried about a data breach at their company.
In this article, we’ll discuss some of the worst data disasters that businesses have faced in the recent past. We’ll also go over the errors that were made in each case, so you can learn from their mistakes and prevent a similar fate from befalling your own organization.
1. The 2017 Equifax breach
Perhaps the most egregious data breach in the last several years, the Equifax data breach exposed the private information of 143 million people in the U.S., including Social Security numbers and credit cards.
Although the attack occurred between May and July 2017, Equifax didn’t go public with the news until September.
IT experts have called the Equifax breach “entirely preventable.” The attackers were able to enter Equifax systems through a vulnerability in one of its web applications. Unfortunately for Equifax’s PR department, the security patch for that specific vulnerability had been available for several months prior to the attack.
What you should learn:
To protect your company from a similar attack, update your hardware and software as often as possible. Not only will you patch security holes, you’ll gain access to new features and functionality that can make your employees more productive. And what’s not to like about that?
Related Content: Your company’s 5-part guide to mobile security
2. The 2017 WannaCry attack
While the Equifax breach was underway, another devastating cyber attack was taking place: the spread of the WannaCry malware.
WannaCry is a form of “ransomware” — aka, malicious software that limits your access to certain files and applications. To gain access to your files again, the cybercriminals ask you to pay a ransom fee.
Of course, preventing computers from functioning and employees from accessing their data doesn’t just disrupt your business — in the case of hospitals and critical infrastructure, it may even put lives at risk.
Cyber risk modeling firm Cyence estimated that the direct and indirect economic losses from WannaCry could eventually reach up to $4 billion.
What you should learn:
Although WannaCry mainly spread through a vulnerability in the Microsoft Windows operating system, malware is often distributed through spam and phishing emails. In addition to keeping your systems up to date, you should install antivirus and anti-malware software and train employees to recognize suspicious messages.
3. The 2013 Yahoo leak
The largest cyber attack ever, at least in terms of sheer scale, was the August 2013 breach of all 3 billion Yahoo! user accounts. According to Yahoo!, the attack was conducted by a “state-sponsored actor” and resulted in the loss of unencrypted information such as account usernames, email addresses, dates of birth, and security questions and answers.
Upon reporting news of the breach in December 2016, Yahoo!’s reputation continued to tumble. Because the company was in the midst of being acquired by Verizon, the deal closed for $350 million less than was originally agreed to. Whoops.
What you should learn:
Even if hackers manage to penetrate your network, the information they find will be useless if you protect it using strong encryption. Yahoo!’s failure to encrypt personal information means that their users could be vulnerable on other websites where they use the same login details.
4. The 2013 Home Depot breach
The Home Depot data breach exposed 53 million email addresses and 56 million payment card numbers of shoppers at its stores in the U.S. and Canada. As a result of the attack, the company had to pay $160 million to various banks and credit card companies, as well as $19 million in a class-action lawsuit to consumers.
After doing a postmortem analysis, Home Depot announced that the breach occurred when hackers used the credentials of a third-party vendor.
What you should learn:
To avoid the same fate, make sure your vendors, contractors, and business partners are under the same scrutiny and held to the same standards as internal employees.
Final thoughts
All businesses can face a data disaster — whether that comes in the form of a massive data breach or a ruthless string of malware. It’s important to make security a top priority for your organization and to never let updates, vendors, or IT security best practices slip through the cracks.