Cyber-Attacks and What We Can Learn From Them
In the last few years cyber attacks have become more and more commonplace. However, 2017 has been a particularly bad year in terms of attacks with high-profile names finding themselves at the receiving end.
If it can happen to high-powered corporations, then it can happen to just about any company, so how can your organisation prevent these attacks from happening? We take a look at some of the most high-profile hacking cases these years and see what lessons we can learn from them.
Uber’s CEO announced towards the end of last year, that in 2016 they had been the target of an attack that saw 57 million users’ details (email addresses, names, phone numbers) stolen.
The issue was that they paid hackers $100,000 to keep the whole situation quiet and actively worked to keep the breach under wraps. Sometimes cooperating with attackers may be necessary for the issue to go away, but the public needs to be told what’s happened and the weakness that’s allowed for the attack to happen need to be addressed.
This tech giant came out and said that it had suffered not one, but two separate breaches in 2016 that had compromised 1 billion users’ data. In 2017 they further disclosed that literally every single Yahoo account had been breached.
Yahoo really struggled to regain their customer’s trust because it didn’t deal with the issue transparently. What companies should do in these situations is have a game plan in place before notifying their customers. This way the company can tell its customers about the breach, what they know about it, what they’re doing to rectify the issue and when the next update will be.
Equifax holds extremely sensitive information as a credit monitoring firm. The information they hold ranges from credit card numbers to social security numbers, data that can all be used to steal someone’s identity. The hackers accessed 145 million user records and not only were people upset because of the breach, Equifax also set up a website for the victims that had serious security flaws. It was also later revealed that the CEO only met cybersecurity staff once ever 4 months and all of this combined forced him to step down. Once again if Equifax were transparent with their client base, then perhaps things wouldn’t have gone so awry post-breach.
4.Shadow Brokers and WannaCry
Shadow Brokers stepped into the spotlight in 2016 when they released a sample of a tool they stole from the NSA. They then released ransomware attacks like WannaCry which saw large enterprise networks fall victim to it, including the NHS. When looking at those examples, companies should really look at their highest-risk systems and address that. Whatever is deemed to be most vulnerable, should be given the most attention.
2017 was the year of high-profile cyber attacks. What will 2018 be like? Will we have learned from previous mistakes or are we going to keep doing what we are doing, hoping for a different outcome? Only time will tell.