This week in breach, companies are slow to stop phishing attacks, ransomware disrupts productivity, and IBM’s latest threat analysis outlines trends for 2020.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: High-Tect and IT
Top Employee Count: 500+ Employees
United States – Altice USA
Exploit: Phishing Attack
Altice USA: Cable and internet provider
Risk to Small Business: 2 = Severe
A phishing scam tricked an employee into providing hackers with email credentials that were used to access and download inbox content remotely. Although the breach was announced on February 5th, the phishing scam was executed in November 2019. It wasn’t discovered until December 2019, which raises questions about the company’s data security capabilities and notification strategy. As a result, Altice USA will have a difficult time restoring customer confidence, which will be critical to recovering from this preventable data breach.
Individual Risk: 2.285 = Severe
Customers’ personal information was compromised in the breach. This includes Social Security numbers, birth dates, and other personal details. The company claims that financial information was untouched by the breach and is offering free identity and credit monitoring services for affected victims to protect compromised data.
Customers Impacted: 12,000
What Can You Learn from Their Mistake?
Phishing attacks are easy to deploy, and they are devastating to companies compromised by malicious messages. Although security processes are unlikely to keep all phishing emails out of their employees’ inboxes, they can render the attacks useless by providing comprehensive awareness training that teaches and trains employees to identify phishing scams.
How Can Spry Squared Help?
Spry Squared can simulate phishing attacks and conduct security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Learn more here about Spry Squared Dark Web Monitoring
United States – St. Louis Community College
Exploit: Phishing Attack
St. Louis Community College: Public academic institution
Risk to Small Business: 2.111 = Severe
Several employees fell for a phishing scam that compromised students’ personal information. The phishing scam, which took place on January 13th, happened just weeks before the school implemented two-factor authentication on January 31st. If this effective defensive measure was in place sooner, hackers would not have been able to access employee accounts, even after they provided their credentials on a phishing form. In response, the college is retraining employees who clicked on a phishing email, and they are updating their procedures to prevent a similar event in the future.
Individual Risk: 2.428 = Severe
Students’ personal data was compromised in the breach, including names, ID numbers, dates of birth, addresses, phone numbers, and email addresses. In addition, 71 students had their Social Security numbers stolen. This information can be used to execute identity fraud or to target victims with spear phishing campaigns that could provide hackers with even more damaging personal data. Those impacted by the breach should enroll in credit and identity monitoring services to oversee the responsibility of identifying misuse, and they should carefully evaluate online communications for signs of a phishing scam.
Customers Impacted: 5,000
What Can You Learn from Their Mistake?
This incident is a tragic reminder that, when it comes to data security, timing is everything. Phishing scam awareness training and two-factor authentication can go a long way toward protecting company and customer data, but they need to be in place before an attack occurs. Therefore, installing proactive measures should be a top priority in the days and weeks ahead.
How Can Spry Squared Help?
Designed to protect against human error, Spry Squared has tools that simulate phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Click this link to get started.
New Zealand – Generate
Exploit: Unauthorized database access
Fondren Orthopedic Group: Voluntary, work-based savings initiative
Risk to Small Business: 1.888 = Severe
Hackers accessed and downloaded customers’ personal data in a holiday heist that wasn’t identified until January 27th. The data breach, which did not include investor funds, is a serious privacy violation for its users, and the company’s slow identification and delayed response will only make matters worse. Now, the company faces an uphill battle to restore customer trust, which will be crucial to maintaining a competitive edge in an already crowded marketplace.
Individual Risk: 2 = Severe
Customers’ personal data was compromised in the breach. This includes photographic ID images, tax document numbers, names, and addresses. This information puts victims at risk of identity theft or financial fraud, and victims should enroll in credit and identity monitoring services to protect their credentials’ long-term integrity. Moreover, Generate is asking all users to reset their account passwords.
Customers Impacted: 26,000
What Can You Learn from Their Mistake?
Customers are growing weary of working with companies that can’t protect their personal data. Since they often have many options to choose from, a data security incident could be the differentiator that encourages customers to take their business elsewhere. In today’s digital landscape, data security is a bottom line issue that companies can’t take seriously enough.
How Can Spry Squared Help?
We go into the Dark Web to keep you out of it. Dark Web IDTM monitors the Dark Web to find out if your employee or customer data has been compromised. We work with businesses to strengthen their security by identifing, analyzing and proactively monitoring for an organization’s compromised or stolen employee and customer data. Schedule a demo today.
In Other News:
IBM Threat Report Presents Risks for 2020
The latest IBM threat report examines the most prescient threats facing business in 2020, and its findings should alarm cybersecurity leaders. Notably, the report found that hackers are not turning to overly sophisticated techniques to access company IT. Rather, they are relying on the deluge of personal data already available to access an organization’s infrastructure. When those methods fail, many are deploying phishing scams as a cheap, relatively safe way to compromise employee credentials.
According to IBM, phishing attacks and unauthorized credential use were two of the most prominent attack methodologies, with the exploitation of vulnerabilities completing a risk triumvirate for companies to address in the year ahead.
The report’s silver lining is that companies are not powerless against these threats. Employee awareness training can render these attacks useless, and integrated two-factor authentication can prevent unauthorized account access even when credentials are compromised. Together, they present a meaningful way for every company to protect itself against the most likely threats in the year ahead.
Not sure how safe your data is OR is your company data already on the Dark Web?
Contact the cybersecurity experts at Spry Squared for your complimentary Dark Web scan.
Thanks to our cybersecurity partner ID agent for this Week in Breach report!