4 Companies that screwed up their cybersecurity
Data breaches happen all the time and they’re almost always the result of companies not paying enough attention to cybersecurity. Some businesses may lack the resources to close security gaps but large corporations with even larger budgets also make mistakes. Here are a few of them.
Yahoo!
Yahoo! was once known as a search engine, email service, and news platform, but now it’s known as that tech company that leaked people’s private information.
In 2016, Yahoo! confirmed that over 1 billion user accounts had been hacked. While hackers used fairly sophisticated methods, Yahoo’s mistakes could have been avoided with regular software patching and proactive maintenance.
If you don’t want to follow in Yahoo’s footsteps but don’t have the time to maintain your IT, a managed services provider should be able to provide you with the services you need.
Target
In late 2013, retail giant Target was...well targeted by cybercriminals. Reports found that over 2,000 companies’ point of sale (POS) systems were compromised due to vulnerabilities in the network and a lack of security controls. This resulted in the exposure of 40 million debit and credit cards along with personal information of 70 million customers. Three years after the incident, Target had to pay an $18.5 million settlement.
Target’s mistake was that they did not have a hardened defense framework, allowing hackers to impersonate an HVAC maintenance team and infiltrate networks. They should have installed application control software on their POS systems, set stronger passwords on their accounts, and implemented multi-factor authentication.
Uber
Uber, everyone’s favorite ride-sharing app, has been creating controversies ever since it was founded. But the biggest one by far happened in 2016 when the company decided to cover up a security breach of private information on 57 million customers and 600,000 drivers.
While Uber’s cloud security left a lot to be desired, the biggest mistake was hiding the incident from the public. Breach disclosure is an important responsibility for every business, especially for those that must adhere to compliance regulations like HIPAA and PCI-DSS.
It’s also not smart to hide data breaches in the long run because if your customers find out, your company’s reputation will take a big hit. In Uber’s case, many disgruntled customers filed lawsuits and switched to other services.
Equifax
If you thought Uber’s scandal was bad, the Equifax breach in 2017 was much, much worse. Hackers attacked an unpatched software vulnerability in Equifax’s web server and stole the personal information of 145.5 million customers.
The credit agency’s mistake was failing to update their software regularly, but their response was poorly handled, too. After the breach, Equifax directed customers searching for help to a bug-ridden website. Then, to put the icing on the cake, the official Equifax Twitter account accidentally tweeted phishing links instead of the actual page.
Apart from installing the latest software patches, you should also focus on incident response. Much like Equifax, many companies don’t know what to do when a major data breach occurs and, as a result, they cut corners to resolve things quickly. But if you have a fully fleshed out incident response plan, you and your staff will know what they’re supposed to do in the event of a data breach.
Even though these large corporations’ response and security policies were abysmal, they’ll probably survive these security issues -- but most small- and medium-sized businesses won’t. The best way to avoid these incidents is to employ the best security tools and experts, and if you have business in New York, you can find it all here at Red Key Solutions. Talk to us today.