Friday, October 18, 2019

Data Breaches Threaten Companies' Financial Viability



Throughout 2019, new research is illuminating the extensive financial consequences of a data breach. Not only are direct costs increasing, but consumers are making sure that business feel financial pain for failing to protect their information. 

According to a report by PCI Pal, consumers are prioritizing data security by spending money at companies with demonstrated track records of data security and integrity and declining to shop at companies that have comprised consumer data. 

Specifically, 44% of UK customers, 83% of US consumers, 43% of Australian shoppers, and 58% Canadian users claimed that they will stop or reduce spending at companies that experience a data breach.

Moreover, such patterns can inflict future consequences, as consumers will search the competitive landscape for new products and services, making it increasingly difficult for compromised companies to win back old customers.

Since keeping your existing customer base is significantly more affordable than finding new clients, prioritizing data security should be at the top of every company’s to-do list. When internal resources can’t cover the entire responsibility, seek assistance from qualified collaborators (like us!) that can assess your cybersecurity posture while partnering with you to provide the resources necessary to keep customer data safe.

https://securityboulevard.com/2019/09/global-research-shows-poor-data-security-practices-have-serious-consequences-for-businesses-worldwide/

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

Tuesday, October 15, 2019

Monday, October 14, 2019

2019 on Pace to Set Data Breach Record


Anecdotally, many people realize that data breaches are increasingly prevalent and problematic. 

Those presumptions are being confirmed by hard data as a new data breach report reveals that 2019 is poised to be the most destructive year yet when it comes to data integrity. 

The 2019 Midyear Quickview Data Breach Report found that the number of data breaches that exposed records increased by 54% in the first half of the year. Concurrently, the number of records exposed in these breaches increased 52%.

The business sector is responsible for the vast majority of these compromised records, with nearly 85% originating with companies that collect and store user data.

This reality underscores the challenge of doing business in the digital age. On one hand, big data is the lifeblood of the internet economy, and companies can lose a significant competitive edge if they decline to collect customer information. However, when that data is compromised, it costs companies significant sums that can offset many of the advantages generated by this type of data collection.

Ultimately, it underscores the importance of developing and executing a holistic approach to cybersecurity that adequately accounts for risks and shortcomings to ensure that your business is positioned to flourish, not flounder.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

Friday, October 11, 2019

Breached companies!

United States - Carle Foundation Hospital https://www.securitymagazine.com/articles/90921-carle-foundation-hospital-suffers-data-breach-due-to-phishing-attack

Exploit: Phishing attackCarle Foundation Hospital: Regional, not-for-profit healthcare provider
twib-severeRisk to Small Business: 2.111 = Severe: Three company employees fell victim to a phishing scam that gave hackers access to their email accounts containing patient data. Although the hospital immediately secured the accounts, the easily preventable incident will expose Carle Foundation Hospital to intense regulatory scrutiny and cascading costs related to the breach.
twib-severe

Individual Risk: 2.428 = Severe: The compromised email accounts belonged to three physicians, and they included data from patients that received cardiology or surgery services at Carle. The data includes patient names, medical record numbers, dates of birth, and clinical information. Fortunately, patients’ Social Security numbers and financial data were not included in the breach. However, personal data is a widely accepted currency on the Dark Web, since personally identifiable information(PII) can be used to facilitate additional cybercrimes. Therefore, those impacted by the breach need to closely monitor their accounts for usual activity while being mindful of other malicious uses of that information.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Data breaches bring a host of complications to any company, including reputational damage and ancillary recovery costs. Altogether, it can cause significant financial distress to any organization. Neutralizing defensible threats, like phishing scams, is a simple and affordable solution that can play a prominent role in protecting your company's reputation and bottom line.

ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

United States - Miracle Systemshttps://www.cyberscoop.com/miracle-systems-data-breach-sandesh-sharda/

Exploit: Malware attack
Miracle Systems: IT services provider for government contracts
twib-severeRisk to Small Business: 1.555 = Severe: Using stolen credentials, hackers gained access to several databases that store company data related to the US military. The breach, which occurred on three separate occasions between November 2018 and July 2019, was enabled by a malware attack that was distributed via a malicious email attachment. Although the stolen data was years old, the company was closely scrutinized by the Secret Service, and company leaders estimate that they’ve lost as much as $1 million because of the breach. Of course, this doesn’t include the opportunity costs associated with a loss in trust and business with the government.
twib-severe

Individual Risk: 2.428 = Severe: Several email account credentials were stolen during the breach, and their accessibility was broadly advertised on the Dark Web. Although the company believes that this information is outdated, all employees should reset their password and follow best practices for creating unique credentials.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: For many companies, protecting their data should be an extension of protecting their bottom line. The Miracle Systems breach is a reminder of the steep price that many companies pay in lost revenue and reputational damage that can have far-reaching consequences for their financial viability and future business model.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

United States - Restaurant Depot
https://www.scmagazine.com/home/security-news/phishing/restaurant-depot-customers-targets-of-phishing-emails/

Exploit: Spear phishing attack
Restaurant Depot: Commercial food service wholesaler
twib-severe
Risk to Small Business: 1.666 = Severe: Restaurant Depot’s customers are receiving phishing emails requesting payment for invoices, purportedly from the company. In response, customers began lashing out on social media, and the company was forced to issue a statement on its website discrediting the email content. The emails are personalized so cybercriminals likely purchased company data from a Dark Web marketplace, which could suggest the possibility of an even more expansive data breach at Restaurant Depot.
twib-severe

Individual Risk: 2.142 = Severe:  Any recipient who paid a fraudulent invoice has compromised their personally identifiable information and their payment data. However, even for those that delete the message, it’s likely that their information was obtained through a different data breach, and they should closely examine their credentials for other potential misuses. In some cases, credit or identity monitoring services might be required to ensure their data’s long-term integrity.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Having your company co-opted as a tool for cybercriminals is bad for business, and companies that are victimized in this way face an expensive, up-hill battle to restore their customer’s confidence. Preemptively knowing if your employee or customer data is compromised can help prevent this scenario by giving your business an opportunity to respond before hackers wreak havoc on your system.

ID Agent to the Rescue: Dark Web ID alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here: https://www.idagent.com/dark-web.

Canada - Scotiabankhttps://www.theregister.co.uk/2019/09/18/scotiabank_code_github_leak/

Exploit: Unprotected databaseScotiabank: Canadian multinational bank
twib-severeRisk to Small Business: 2 = Severe: The financial institution accidentally left open its GitHub repositories, exposing software blueprints, access keys to foreign exchange rate systems, mobile application codes, and login credentials for company databases. The company was notified of the breach by The Register, which makes it highly likely that bad actors already exploited these oversights. This incredible technological oversight will continue to create headaches for the company as it deals with the exposure of intellectual property that will certainly erode its competitive advantage. Moreover, the long-term reputational damage to the bank could negatively impact its standing among consumers and industry collaborators.
correct severe gauge

Individual Risk: 2.571 = Moderate: In the near term, no personal information was impacted by the breach. However, the exposed login credentials could allow hackers to access to personal data, and the bank’s customers should be especially careful to monitor their accounts, both financial and personal, for unusual activity or misuse.
Customers Impacted: 25,000,000
How it Could Affect Your Customers’ Business: This cybersecurity incident was entirely avoidable, and Scotiabank is receiving significant criticism for accidentally sharing such sensitive information online. While much attention is pointed towards the risk of bad actors, businesses need a holistic plan to protect their data that includes a plan for preventing accidental sharing or inadvertent data misuse.


ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist™ is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! https://www.idagent.com/goal-assist.

United Kingdom - Swindon College 
https://www.swindonadvertiser.co.uk/news/17906863.police-comment-swindon-college-data-breach/

Exploit: Unauthorized database access
Swindon College: Academic institution providing hands-on job training for students and adults
twib-severeRisk to Small Business: 2.111 = Severe: Hackers gained access to the college’s database, compromising the personal information of current and former staff, along with students. The breach includes information stored since 2011. As a result, Swindon College will bear the immediate financial burden of the recovery. Moreover, the incident could have less quantifiable long-term implications for their ability to attract or retain students and faculty.
twib-severeIndividual Risk: 2.428 = Severe: Although the college hasn’t released specific details on the breach, it’s evident that personally identifiable information was included in the breach. In response, Swindon College has opened a contact center for those affected by the breach. In addition, the institution recommends that those impacted by the breach contact their financial institutions to identify potential financial misuse.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: A data breach will have long-lasting consequences for businesses of any size, but SMBs need to be especially aware of the financial implications of data compromises. Small vulnerabilities can have large repercussions if they are exploited by cybercriminals. Understanding and addressing your cybersecurity weaknesses is a key component of any successful business plan in 2019.


ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

United Kingdom - Tesco App https://www.theregister.co.uk/2019/09/20/tesco_parking_app_10s_millions_anpr_photos_exposed/

Exploit: Unsecure database
Tesco App: Parking validation web application
twib-severeRisk to Small Business: 2 = Severe: A data migration exercise left millions of time stamped images of customers license plates exposed to the internet. In response, Tesco has disabled the app, reducing their ability to efficiently validate parking and degrading the overall customer experience. In addition, the company will face regulatory scrutiny as the exposure of personal data falls under the purview of Europe’s GDPR standards.
extreme gaugeIndividual Risk: 2.285 = Severe Risk: The data breach includes low resolution photos of vehicles entering 19 Tesco car parks. These photos capture license plate numbers but do not include images of the drivers. While no other personal information was exposed in the breach, one reader was able to compile a chart detailing the parking frequency for three vehicles included in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessTechnological convenience and capability can’t be a substitute for data security. Even accidental sharing can have significant financial and reputational consequences. Therefore, innovation must always be paired with intentionally to ensure that all risks are accounted for and that customer data is secure.


ID Agent to the RescueHelping your SMB customers understand the importance of security is no easy task. With Goal Assist, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.

Australia - Seekhttps://www.computerworld.com.au/article/666566/seek-warns-phishing-campaign/

Exploit: Phishing attack
Seek: Online employment marketplace

twib-severeRisk to Small Business: 2 = Severe: A phishing campaign is impersonating the company’s head of digital marketing. The email contains the subject line “files have been sent to you via Hightail,” and users who open the attachment are redirected to a phony Office365 page that prompts users to input their credentials. The campaign was likely instigated when the employee’s credentials were compromised in a previous breach, and while they are prioritizing communication, the phishing campaign could quickly lead to additional more invasive and harmful data loss events.
twib-severe

Individual Risk: 2.285 = Severe: The credentials of anyone who opened this email and followed the prompts are undoubtedly compromised. These users should immediately contact their company’s IT department to notify them of the situation, and they should update their passwords to secure their account going forward. At the same time, they should be aware that this information can be leveraged to perpetuate additional attacks, and they should closely monitor their accounts for unusual activity.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessPhishing scams are a persistent problem for every organization, and despite the best efforts of many organizations, some will inevitably make their way to your employees’ inboxes. Fortunately, these attacks are entirely defensible, as comprehensive awareness training can render phishing scams useless. However, these measures are only effective when implemented before an account is compromised, meaning every company should prioritize these programs as part of a holistic data security initiative.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/dark-web/bullphish-id.

New Zealand - Lumin PDF https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/

Exploit: Unauthorized database access
Lumin PDF: Cloud-based service PDF service provider

twib-severeRisk to Small Business: 2.111 = Severe: Hackers obtained and published a spreadsheet containing the personal information of every Lumin PDF user. The information was acquired from a database in April 2019, and it was published after repeated attempts to contact the company. Since then, the data was accessed by an additional hacking group, which left a ransom note for the company before deleting the data. The company’s slow response, given that they did not acknowledge the breach until September 17, reflects a general malaise about data security that most consumers would find completely unacceptable in 2019.
twib-severeIndividual Risk: 2 = Severe: The compromised database was comprised of personal information for users until April 2019. This includes names, email addresses, gender, location data. Most entries also included a Google access token, but nearly 119,000 included hashed passwords. This information is accessible on the internet, and those impacted by the breach should assume that it will be deployed by bad actors to enact more damaging cybercrimes. Therefore, they should enroll in identity monitoring services to ensure the long-term veracity of their information and should be especially vigilant of any unusual account activity or communications.
Customers Impacted: 24,300,000
How it Could Affect Your Customers’ BusinessA seemingly endless series of high-profile data beaches has eroded customers’ patience with companies that can’t protect their information. Therefore, every business should consider cybersecurity both a practical responsibility and an operational necessity. Companies that don’t embrace this priority will likely face significant financial repercussions as customers and employees bring the business and expertise elsewhere.

ID Agent to the Rescue: Dark Web ID can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com