Expensive Enterprise Hacks That Serve As A Lesson In Cybersecurity
Every now and then, we come across news on data and network breaches in enterprises we thought had the most sophisticated and airtight cybersecurity measures. The fact is that, exploiters are not just becoming smarter but more creative as well. New avenues and loopholes are being exploited to infiltrate into networks and systems to extract sensitive data and information from businesses.
As enterprises, it is very difficult to stay a step ahead of attackers and that’s exactly why learning becomes crucial here. We learn from what other enterprises have experienced and tweak the learnings to our needs and implement revisited strategies. Today’s post sheds light exactly on this, where we revisit the most insane enterprise security breaches in the past few years and take inferences from them to optimize the cybersecurity measures in our enterprise.
Let’s look at each in no particular order.
The Yahoo Incident Of 2017
Remember Yahoo? There was an infamous incident back in 2017, where the company admitted a security breach that happened in 2013. Yes, after being silent for four years, the company came out and shared that over 3 billion accounts had been breached. The highlight of the attack was that even the security questions that are used to add a protective layer to passwords had been breached. This remains, till date, one of the largest network security breaches of all time.
Capital One Hack Of 2019
In March 2019, a configuration vulnerability of a web app firewall was exploited by a hacker, leading to a server access gain. The hacker reportedly got access to data of over 100 million Capital One customers, including personal information. Further investigations revealed that the data was intended to be sold to other vendors and people online. The inference from this is to have firewalls frequently scrutinized. Not just firewalls, apps and modules that are taken to the cloud need to be airtight in terms of configurations as well.
Credential Stuffed Donuts From Dunkin Donuts
Dunkin Donuts caught itself in a security breach stemming from a credential stuffing attack. In simple terms, credential stuffing is when attackers use credentials leaked on other websites or portals to gain access to another specific website. With Dunkin Donuts, a first-of-its-kind incident happened, where attackers gained access to Dunkin Donuts’ DD Perks accounts as a result of credential stuffing.
Investigation revealed that more than the credentials of users, attackers were after accounts themselves for sale on the dark web. Inference from the incident reemphasizes the importance of maintaining good password hygiene and the significance of a 2-step verification system. Besides, it is also recommended to monitor networks for sudden increased traffic and anomalies.
LinkedIn’s Data Scraping Or Data Breach Incident
This incident happened while humankind was at the crux of a global pandemic. Attackers exploited LinkedIn’s API to gain access to information of over 750mn users. This is almost 92% of the entire database of LinkedIn.
A range of details was exploited including email addresses, contact details, geolocation records, profile URLs, genders, other social media accounts, work experiences and more. The inference here is to make websites and APIs secure right from their development stages. When cybersecurity is labeled as a phase of a process, it becomes weaker. When cybersecurity is approached as a mindset or a culture, it becomes part of behavior.
Sociallark’s Incident Of 2021
One of China’s fastest growing social media agencies witnessed a colossal blow when the accounts of over 200 million users were compromised on an attack. To start with, the agency’s server wasn’t encrypted, making the entire asset accessible to the public. This translates to the fact that any user with a basic understanding of IP functions can access leaked datasets. Over 200 million user accounts from LinkedIn, Instagram and Facebook were accessed. The inference here is too basic and makes more noise of lethargy than strategy.
Final Thoughts
Not just these, security breaches of Facebook, Marriot Hotels, Adobe, Sony Pictures, Canva and more are lessons in cybersecurity. While intentions behind every attack vary, target consistently seem to be access to sensitive user information.
With the rise in AI tools and systems, tackling attacks and exploitations is more manageable now. All we need is an able team of cybersecurity professionals who understand the intricacies of digital security and are at par with the thought processes of attackers if not a step ahead. The right time to invest in transforming your current IT workforce to cybersecurity professionals is now.
The first step you can take is talk to us for tailored programs on cybersecurity. With real-world case studies and hands-on experience modules, you’ll transform your current tech force into super-skilled cybersecurity experts.
What do you think?
