[BreachExchange] Pulling Lessons From Bad Cybersecurity News
Audrey McNeil
audrey at riskbasedsecurity.com
Thu Jul 5 20:55:44 EDT 2018
https://5bestthings.com/pulling-lessons-from-bad-cybersecurity-news/
Every few months we receive news of the latest large-scale data breach. In
between those incidents we hear about minor attacks and hacks targeting
individuals. With cybersecurity being an issue on everyone’s mind, it’s
easy for the bad news to blend together. But each incident is unique. And
in order to gain an advantage over hackers, businesses must understand
their tactics and mindset.
Devising a comprehensive cyber security strategy is not easy. Cybersecurity
news is an asset because it helps companies learn from the mistakes of
others. Hackers may not repeat the same strategies, but if they do there
are proven protections in place. As you work to ensure end-to-end security,
keep in mind what other companies have learned from their data breaches.
Uber – Breach Notification Is Crucial
When hackers stole data on million of users from Uber the company offered
the thieves six figures to destroy the data and keep the breach secret. The
hackers took the money but defied both requests. As a result, when the
breach did come to light Uber looked a lot worse. The damage to their
reputation is bad. What may be worse is the fines and legal liability Uber
took on because of its failure to be forthcoming. Trying to hide the breach
only created negative consequences. As a result, Uber is paying out a lot
more than the original ransom.
Equifax – Small Mistakes Have Big Consequences
The data breach at Equifax exposed personal information for almost 150
million Americans. Compounding the problem is that Equifax has a reputation
for prudence and caution. A brand thought to be trustworthy is now known
mostly for irresponsibility. The long-term consequences for Equifax run
deep, yet the data breach was relative simple. Hackers found a way to
compromise a security vulnerability in an online application. The lesson is
that even comprehensive cybersecurity strategies contain gaps, weaknesses,
and oversights. And when hackers are able to find and exploit them the cost
is catastrophic.
WannaCry – Attacks Are Evolving
The WannaCry ransomware attack in spring 2017 was notable for several
reasons. First, it targeted organizations like hospitals that are normally
“off limits”. That illustrates hacker’s growing willingness to target
anyone with profit potential. That attack also removed access to data
rather than stealing it outright. That meant the victims had to scramble to
restore access, and many paid the ransom eagerly. WannaCry is just one
example of ransomware, which is just one example of next-generation
attacks. Cybersecurity strategies are undeniably improving. The question is
whether they’re improving fast enough to outpace the threats.
If there is one lesson to take from all these attacks, it’s that
cybersecurity can never be taken for granted. The most powerful companies
in the world have been victims. So, have government agencies with lots
invested in cybersecurity.
Prevention is a big part of the equation, but we now realize that
mitigation is an equal part. Companies must do everything possible to
deflect and deter threats. But, as the lessons above illustrate, they can
never gamble on perfect protection. The only way to limit the damage is to
acknowledge that it’s inevitable.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180705/96258612/attachment.html>
More information about the BreachExchange
mailing list