2017 Major Hacks; How Portland Businesses Can Avoid Joining the List

Posted by Randy Bankofier on Sunday, 27 May 2018 Randy Bankofier
Padlock sitting on laptop keyboard representing the cyber security protections needed to stop cyber criminals from hacking your business.

Think your business is protected against a major, debilitating financial hit from a cyberattack? You’re not alone. Most business owners do. But with Ransomware notching exponential increases in theft year over year (passing the $5 Billion mark in 2017) and data thefts piercing the security systems of household name organizations, no one is safe. But can you be safer? You most certainly can and we’ll get into that later in this post. If you are currently under threat, call us right now.

Here are some of the disasters perpetrated on businesses in 2017:

Uber Sharing More Than Rides

Most of us have tapped into the growing “ride share” market via Uber and Lyft. And since they’re new digital age companies one might presume they’re using state-of-the-art security protocols. And maybe they were, to a degree, but in Uber’s case it wasn’t enough. Late last year Uber came clean about a 2016 intrusion that exposed the personal data of 57 million riders. Plus, hundreds of thousands of Uber’s own drivers had their data partially exposed.

As is often the case it isn’t the destructive incident that was the end of the problem. Uber chose not to go public with the hack and even tried to silence the hackers with a six-figure bribe. The nefarious interlopers got to the data through a vendor’s account and then penetrated the Amazon (AWS) server containing the Uber records.

It’s no coincidence that there’s been turbulence at the top in this organization. Their new CEO’s starring in a widely distributed television commercial campaign citing his dad’s advice to “…always do the right thing,” and “…stay humble.” Indeed. The legal issues resulting from this hack will go for years and the cost will be enormous.

No One Cheering Over Yahoo Breach

Late in 2017 legacy portal Yahoo had the unenviable task of informing the public that every single account in their care had been hacked. With a mind-boggling 3 billion records at risk in the 2013 attack, this was triple what was originally reported by Yahoo’s CEO.

It’s bad enough that it took three years for Yahoo to figure out they’d been the victim of hackers but then it just got worse, and worse. The organization behind the theft hasn’t identified itself or been identified, so the mystery remains. A hacker from Canada was caught in the 2014 breach of 500 million accounts, however. The numbers are so big it’s almost incomprehensible and contributes to a climate where it’s essentially when, not if, that a company’s going to have to deal with this kind of cyber criminality.

Equifax Gets No Credit for Late Reporting of Gigantic Hack

When the personal data of 143 million consumers is breached the headlines with your name in it are an unmitigated disaster. Which is only made worse when it comes to light that you know of the vulnerability but didn’t take the necessary moves to fix the problem. So what you do before and after an event are going to get scrutiny so the best advice is “semper paratus”, which means “always prepared” in Latin.

The old public relations adage of tell the truth, the whole truth and nothing but the truth as early as possible was not followed as Equifax fiddled and fidgeted for weeks, probably because they knew the damning truth about their failure of promptly patch a known vulnerability. The brand may never recover.

They Tried to Getya With Petya and NotPetya

Dozens of countries around the globe were met in May of 2017 with these two Ransomware variants invading networks. Leveraging a Windows vulnerability the hackers demanded a $300 Bitcoin payment to gain your data’s release. Advertising giant WPP was struck, as were major food corporation Mondelez and a major health provider in Pennsylvania. And no doubt they all had vigilant I.T. professionals and vendors trying to protect these giant enterprises. Yes, no one is safe but the key is to be as safe and protected and up-to-date as possible.

Tears Were Shed Over WannaCry

WannaCry? Many did, particularly in Great Britain where the nation’s health system was attacked and thrown into an uproar as providers and patients scrambled to react to this insidious assault.

Microsoft had issued a patch but the response underscores why we’re so prompt in applying these “fixes”. Think about it. If the developer identifies the chink in the armor and develops a defense patch and you or your I.T. vendor don’t use it? It’s all on you at that point.

Okay, the Threat’s Real, How About the Protective Measures?

Take Action, Start Immediately, Get Up to Speed on Cybersecurity

Unfortunately, the wild card in any business network is the person sitting at the computer. We have employee training that thoroughly coaches your employees on why simple web browsing and emailing can be extremely dangerous. As one person put it, “Cyberspace is a dangerous place.” And it’s more dangerous every single day.

We can set up education and training sessions, testing, simulated attacks and other devices to inform the discretion of your people and turn them from a vulnerability into a force to help keep you protected. It’s an ongoing, endless process that begins with recognition of the threat and a commitment to address it. If you don’t develop defenses against the inevitable attacks you will regret it. And the regret can accompany some very costly and in some cases business-killing incidents.

Take Action!

Call us to discuss the landscape and your network’s place in it. Just as your automobile is equipped with a myriad of safety features and equipment, so should your network. And as the safety features in a vehicle grow ever more sophisticated, so should your network’s. Your system deserves a thorough, in-depth assessment to identify where its vulnerabilities lie. Then an assessment report can be used as a to-do list of how to bring the network to a new state of protection. Add in the constant vigilance needed to secure it, keep it secure every day, and have a detailed plan of action in the event of an attack.

Call us today and schedule a free audit of your current security protocols. We can help you with employee security training, dark web scanning to determine where your personal information may reside, and a host of other measures to give you the best available security shield for your valuable data, personal information and financial resources. The key is to every day in every way make your network more and more secure. We can be your fierce ally in that effort.

Categories: IT Support