It's scary that large data breaches are becoming a weekly occurence. A recent report by Malwarebytes found that cyber threats are up 235% year-over-year!
Let's look at a few breaches that just occured last week, and see what could have been done to prevent them.
The Atlanta Hawks NBA team suffered a breach of their online store.
How did it happen? A malicious code was planted on the online store for the Hawks. The malware recorded keystrokes on the checkout page, allowing the bad guys to acquire payment information from buyers! Anyone who made purchases on the Atlanta Hawks online store after April 19th could have had their contact and credit card info stolen.
How could it have been avoided?
Keving Lancaster, CEO of ID Agent says, "if customers don’t trust that your checkout is secure, they are less likely to make a purchase on your platform. Businesses must vet their third-party payment processing providers and implement additional layers of security through MSPs who can navigate digital marketplaces to understand how compromised payment data is being used by hackers."
This attack affected over 40 healthcare centers and compromised patient data. The hackers got a hold of sensitive patient information including names, addresses, dates of birth, social security numbers, driver’s license numbers, and health insurance information.
Ransomware often targets healthcare providers. Fortunately, this company had a network backup in place, so they didn't have to pay the ransom.
How could it have been avoided?
An MSP experienced in cybersecurity can educate and identify the potential weak points within the organization before someone clicks the wrong link and triggers an attack.
Hackers gained access to names, social security numbers, diagnosis/treatment, medical records, billing claims, health insurance credentials, passport information, and banking numbers of the clients of an agency that provides services to children with intellectual and developmental disabilities.
Bad guys gained access to several employee email accounts and used that to acquire broad access to users’ sensitive personal information. This was the company’s second data breach this year!
When a company providing a service to others gets hacked, it not only disrupts business, but does permanent damage to that agency's reputation as well.
How could it have been avoided?
Clients need to know that businesses they work with aren't going to put their data at risk. This agency should have invested in industry-leading endpoint security and a security suite that includes dark web scanning to determine if any employee emails had been compromised.
Two breaches in 6 months is bad, but if this agency steps up their security protection now, they can work to change the message that they are a risky service and slowly regain the public's trust.
Is your business or organization playing Russian roulette by not having a full service security suite? Let us perform a network security assessment and show you where your vulnerabilities are.