Every few months we receive news of the latest large-scale data breach. In between those incidents we hear about minor attacks and hacks targeting individuals. With cybersecurity being an issue on everyone’s mind, it’s easy for the bad news to blend together. But each incident is unique. And in order to gain an advantage over hackers, businesses must understand their tactics and mindset.
Devising a comprehensive cyber security strategy is not easy. Cybersecurity news is an asset because it helps companies learn from the mistakes of others. Hackers may not repeat the same strategies, but if they do there are proven protections in place. As you work to ensure end-to-end security, keep in mind what other companies have learned from their data breaches.
Uber – Breach Notification Is Crucial
When hackers stole data on million of users from Uber the company offered the thieves six figures to destroy the data and keep the breach secret. The hackers took the money but defied both requests. As a result, when the breach did come to light Uber looked a lot worse. The damage to their reputation is bad. What may be worse is the fines and legal liability Uber took on because of its failure to be forthcoming. Trying to hide the breach only created negative consequences. As a result, Uber is paying out a lot more than the original ransom.
Equifax – Small Mistakes Have Big Consequences
The data breach at Equifax exposed personal information for almost 150 million Americans. Compounding the problem is that Equifax has a reputation for prudence and caution. A brand thought to be trustworthy is now known mostly for irresponsibility. The long-term consequences for Equifax run deep, yet the data breach was relative simple. Hackers found a way to compromise a security vulnerability in an online application. The lesson is that even comprehensive cybersecurity strategies contain gaps, weaknesses, and oversights. And when hackers are able to find and exploit them the cost is catastrophic.
WannaCry – Attacks Are Evolving
The WannaCry ransomware attack in spring 2017 was notable for several reasons. First, it targeted organizations like hospitals that are normally “off limits”. That illustrates hacker’s growing willingness to target anyone with profit potential. That attack also removed access to data rather than stealing it outright. That meant the victims had to scramble to restore access, and many paid the ransom eagerly. WannaCry is just one example of ransomware, which is just one example of next-generation attacks. Cybersecurity strategies are undeniably improving. The question is whether they’re improving fast enough to outpace the threats.
If there is one lesson to take from all these attacks, it’s that cybersecurity can never be taken for granted. The most powerful companies in the world have been victims. So, have government agencies with lots invested in cybersecurity.
Prevention is a big part of the equation, but we now realize that mitigation is an equal part. Companies must do everything possible to deflect and deter threats. But, as the lessons above illustrate, they can never gamble on perfect protection. The only way to limit the damage is to acknowledge that it’s inevitable.