Friday, March 29, 2019

UK consumers most likely to jump ship on breached businesses

UK consumers most likely to jump ship on breached businesses
According to a recent study from PCI Pal, 41% of British consumers said that they would stop spending with a business or brand forever in the event of a breach. This compares to just 21% in the US.
The divergence in attitudes continues in their views of small businesses vs national companies. Over half of UK respondents felt that they could trust a local store with their data more than a national chain. On the other hand, only 47% in the US felt that they could trust a local business more than a national company, citing adherence to security protocols (28%) and cybersecurity investments (25%) as main reasons.
Public perceptions carry significant influence on the business landscape, and companies must build a reputation for security in order to win their customers’ hearts. As the world becomes increasingly cyber vigilant, consumers will start to think twice before placing their data in the wrong hands.

Breached!!

Exploit: Ransomware attack.
Columbia Surgical specialists: Surgical facility in Spokane, Washington. 
correct severe gaugeRisk to Small Business: 2.111 = Severe: Columbia Surgical Specialists decided to pay almost $15,000 in ransom to unlock files that were encrypted by hackers. After originally discovering the incident on January 9th, the firm hired an outside security firm to mitigate the aftereffects of the attack. Initially it was believed that 400,000 patients could have been affected, but the number has since then been reduced. Columbia Surgical Specialists explained that their delay in reporting was due to the time needed to analyze information surrounding the breach, and they do not believe that the attackers were able to access patient data.
correct severe gauge                                                
Individual Risk: 2.428 = Severe: Names, drivers’ license numbers, SSNs, and protected health information was impacted in the ransomware attack. However, the outside security firm believes that it is unlikely that the data was exposed in the incident.
Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: Ransomware is a sticky subject for businesses and can resemble a virtual hostage situation. In the event of an attack, security experts recommend not paying ransoms to hackers, since it incentivizes future exploits and can result in greater demands. To prevent such exploits from occurring in the first place, organizations must partner up with managed security providers.

ID Agent to the Rescue:  Dark Web ID™ can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/ 
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: Trojan spam campaign.
Dun & Bradstreet: Business analytics company based in New Jersey.
correct moderate gaugeRisk to Small Business: 2.555 = Moderate: Emails identified as spam were found attempting to impersonate Dun & Bradstreet’s official website using a lookalike domain. These “complaint” emails contained macros that deliver Trickbot, a damaging trojan that can be leveraged by hackers against banks. However, security researchers were able to uncover the campaign and users have been advised to disable macros from automatically opening in the Word application or open their emails in protected view.
correct moderate gauge                                                Individual Risk: 2.571 = Moderate: If users avoid opening spam emails and attachments, there is limited risk involved. Nevertheless, if the Trickbot trojan installs itself on a computer containing valuable files, all bets are off.
Customers Impacted: To be disclosed 
How it Could Affect Your Customers’ BusinessPhishing campaigns are not only growing in sophistication, but also their potential impact. Enhancing cybersecurity efforts at your company begins with the first-line of defense: your employees. To protect invaluable assets and customer data, businesses must improve cybersecurity awareness and prepare their workforce for inevitable phishing attacks.
ID Agent to the Rescue: Our newest offering, BullPhish ID™, simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id 
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: System breaches and ransom schemes.
Grinnell, Oberlin, and Hamilton CollegesThree private colleges across the US.
correct severe gaugeRisk to Small Business: 2.333 = SevereCollege applicants across Grinnell, Oberlin, and Hamilton are receiving ransom notes from hackers who claim to have access to their files. The only common thread that the three colleges share is a third-party data system known as Slate, which helps track applicant data, but security experts do not believe the company was at fault. Information that was allegedly hacked included personal information, along with notes from admissions officers and acceptance decisions. Although two of the colleges have stated that financial information was encrypted and not exposed, all three will likely face reputational damages and a downtrend in applications.
correct severe gaugeIndividual Risk: 2.428 = Severe: If the hackers are unable to generate profit from the ransom schemes, they will most likely turn to the Dark Web or orchestrate identity theft themselves. Applicants are at high risk unless authorities can pinpoint and mitigate the source of the breach.
Customers Impacted: To be determined
How it Could Affect Your Customers’ BusinessAs the higher education vertical continues to grow more competitive for students, such a breach can be crippling for any institution. News of college applicants being hacked can cause serious concerns for prospective students and even result in turnover amongst current ones. To draw the parallel to small business, having a lead generation system breached can be similarly catastrophic to any company.
The first step to containing such an incident should be to understand whether hackers truly have access to customer data, and whether they are trying to sell it. One way to accomplish this is to proactively monitor the Dark Web for stolen customer data.
ID Agent to the Rescue: Dark Web ID can monitor the Dark Web and find out if your customers’ data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web 
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: Third-party breach. Rush University Medical CenterAcademic medical center in Chicago, IL.
correct severe gaugeRisk to Small Business: 1.555 = SevereAfter unearthing a massive data breach on January 22nd, the hospital revoked its contract with an IT vendor and launched an investigation. Patients whose data was compromised were notified, but Rush maintains that the data was not misused after the incident. Although the institution has offered one-year identity protection and breach helplines, this is the second security incident that Rush has suffered within the last year, causing patients and caregivers to reconsider their selection in care providers.
correct severe gauge                                                Individual Risk: 2.142 = Severe: According to a financial filing by the medical center, compromised data included names, addresses, birthdays, SSNs, health insurance information, and even medical data. Patients should enroll in identity protection immediately and continue to monitor their accounts for fraudulent activity.
Customers Impacted: 45,000
How it Could Affect Your Customers’ BusinessBack-to-back breaches produce adverse effects on customer retention, and this is especially true in healthcare. As patients grow increasingly cyber-vigilant, it is only a matter of time until they will evaluate security when choosing their care providers. By partnering with the right MSPs, businesses can avoid breaches while building rapport with their customers.


ID Agent to the Rescue: SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs 
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: Third-party breach.
Emerson HospitalFull-service, non-profit community hospital.
extreme gaugeRisk to Small Business: 1.777 = Severe: In a statement that was released two weeks ago, the hospital announced that it had fallen victim to breach. A third-party vendor known as MiraMed Global Services sent electronic files containing patient information to an unauthorized entity. After conducting a forensic investigation, the hospital explained to patients in a letter that medical conditions, treatments, and credit card numbers were not exposed. Additionally, the third-party employee responsible was fired and law enforcement was contacted.
correct severe gauge                                                Individual Risk: 2.571 = Moderate: Personal information including names, addresses, SSNs, and insurance policy numbers were disclosed, but Emerson stated that “the files were of such poor quality that a third-party did not find the data useful.” Regardless, some risk is involved and patients should enroll in the free two-year membership to identity protection services that is being offered.
Customers Impacted: 6,300 patients. 
How it Could Affect Your Customers’ Business:  When it comes to communicating with your audience, whether that be customers or patients, the end-goal is the same. Companies must build trust. In order to preserve relationships after a breach incident, it is paramount that the facts are right, and corrective actions have been taken. Emerson was able to effectively take responsibility while demonstrating their commitment to their service to patients by promptly launching an investigation and asking for the responsible third-party employee to be fired.
ID Agent to the Rescue: Find out why the largest private and public sector organizations globally rely on Dark Web ID to provide actionable stolen credential data and make informed decisions here: https://www.idagent.com/dark-web 
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: State-sponsored spyware phishing campaign.
Canadian Universities: Group of universities across Canada.
correct severe gaugeRisk to Small Business: 1.555 = SevereChinese hackers are targeting 27 universities across Canada, United States, and Southeast Asia to uncover maritime technology that can be developed for military use. According to the report from Wall Street Journal, the campaign dates back to April 2017. Along with having confidential research exposed and garnering bad publicity, the affected institutions will be forced to fortify their cybersecurity efforts to the tune of millions of dollars.
correct severe gaugeIndividual Risk: 3 = Moderate: Researchers that were involved in the naval technology department of their respective universities may have been affected, but there is no evidence that personal information was targeted.
Customers Impacted: To be determined.
How it Could Affect Your Customers’ BusinessRecent cyber-attacks are shining a bright spotlight on organizations in the higher education space, since they have historically harbored invaluable information with limited firewalls. Companies that are storing proprietary data must prioritize training for their employees or faculty to avoid walking into the crosshairs of hackers. By creating a culture that is focused on cybersecurity protection and awareness, organizations can sidestep malicious phishing attacks that are entirely preventable.
ID Agent to the RescueWith BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id 
1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: To be determined.
The Institute for Statecraft: Charity established to counter Russian disinformation.
correct moderate gaugeRisk to Small Business: 2 = Severe: The UK charity that received government funding to combat Russian disinformation was hacked and is now being investigated by the National Crime Agency (NCA). All website content was temporarily removed from the site, but the organization plans to relaunch shortly.
correct severe gaugeIndividual Risk: 2.714 = Moderate: Although there is no evidence that the personal information of individuals was directly impacted, this type of hack has many implications for the public. Citizens must avoid falling prey to disinformation by validating sources and staying cyber-vigilant.
Customers Impacted: N/A
How it Could Affect Your Customers’ BusinessOrganizations that operate in the nonprofit sector are not exempt from data breaches. As hackers begin to turn their sights toward information that is the most valuable and least protected, IT security teams must understand the gravity of leaving data exposed.

ID Agent to the Rescue:  BullPhish ID gives MSPs the tools to help end users recognize when there is risk and raise their general awareness so they can bolster a company’s defenses. Find out how more here: https://www.idagent.com/bullphish-id 
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: Dormant email account hack.
TalkTalk: Internet service provider in the UK.
correct moderate gaugeRisk to Small Business: 2.222 = Severe: After keeping a former customer’s email address open for 8 years, TalkTalk is taking heat for a brute-force login attack to her account. Spammers were able to crack the account password and harvest contacts from an address book, using them in personalized phishing campaigns. Upon receiving notifications of headline coverage, a company spokesperson finally announced that they had deleted the email address. News readers may take notice and shift their business elsewhere.
correct moderate gaugeIndividual Risk: 2.428 = Moderate: Although most personal information was not included, data from contact lists can still be manipulated in social engineering attacks. Other former customers who had accounts with the company should also reach out to have their accounts deleted.
Customers Impacted: One known customer.
How it Could Affect Your Customers’ Business: Aside from following proper data governance policies and deleting data from former accounts, companies must establish anti-phishing protocols. Businesses must protect their customer data by enlisting the help of security providers who have access to the latest and leading solutions on the market.

ID Agent to the Rescue:  Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID complements that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime. Find out how more here: https://www.idagent.com/bullphish-id 
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

What We’re Listening to: