U.S. security experts point out that, by some measures, our nation is getting safer from traditional dangers. Travel, whether by automobile or commercial airline, is less risky. Violent crime has dropped steadily over the last quarter century. Of course, safety and security aren’t synonymous, and cybersecurity has become a rising concern over the same time frame.
Major data breaches are almost exponentially more numerous in the United States than in any other country. Why? Partly because of individual and collective wealth and vulnerability, and, believe it or not, partly because of geopolitical alignments.
We think it’s big financial institutions that lure in the biggest security breaches and latest security hacks, but almost two-thirds of cyberattacks aren’t at the Wall Street banks and credit card companies we hear about but the Main Street businesses we drive past each day. That’s right. It’s small and midsize businesses who are the target of cyberattacks.
Windstream chief information security officer, Tony Spurlin, is fond of pointing out the importance of layering security measures for security synergies. Security has to be as diverse and agile as cyberattacks. We’ll take a look at four very different security breaches of 2019, and what we learned.
Cybercrime begins with human access
More than 100 million Capital One customers’ personal data was compromised in one of the biggest security breaches of 2019, including Social Security numbers, home addresses, transaction history and balances, in a massive data theft that led to the arrest of a Seattle woman.
This international story highlights how hazy the line is between “cyber” crime and real-life criminals. More and more, security experts point out that digital theft often begins with human access to valuables just like old-fashioned crime.
Spurlin says small and midsize businesses should develop policies and talk about unauthorized physical access to files, even hardware, or any sensitive assets. Corporate data breaches often begin here. Keep sensitive data on a need-to-know basis.
Sunlight — A Digital Disinfectant
Atop the file marked Ransomware Attack 2019 sits an item with a playful name masking menacing code: LockerGoga.
LockerGoga — not a victimized service provider but a piece of ransomware so nasty its name went viral. LockerGoga targets industrial companies, seizing enough operational files to shut a plant down.
The perception is that cybercrime swarms around largely online enterprises. The lesson here is that, today, offline companies are just as networked and vulnerable as Microsoft or Google.
One security expert has asked the highest profile company struck by LockerGoga to publish the “root cause” of the ransomware attack in order to fight the thieves.
“If this root cause includes identification of the method used to introduce the malicious code, either through end user device compromise or remote access to servers, it would be great for the wider community,” said international security firm 7 Elements chief David Stubley told Security Media Group. “Other organizations could take proactive steps to learn from this incident and avoid being subjected to similar attack.”
Our Eyes in the Sky
U.S. Customs and Border Patrol announced in the spring one of the agency’s biggest security breaches — a “malicious cyberattack” of systems operated by a subcontractor resulted in images of travelers and license plates being stolen, affecting nearly 100,000 travelers, according to the agency.
The theft came just weeks after a report that another subcontractor, this one a provider of license plate readers to the federal government, suffered a data breach.
Amid the security breaches of 2019, this one imparts two very specific lessons:
- An operation’s security is only as good as the least secure of its subcontractors or business associates.
- Cameras, by their nature, add a layer of data sensitivity and vulnerability.
Ransomware Attack 2019, City Square
It was a summer of crippling ransomware attacks. The New York Times reported 22 municipal networks across Texas were held hostage for millions of dollars after a sophisticated hacker, perhaps a group of them, infiltrated systems and encrypted data. The attack instigated a statewide disaster-style response that includes the National Guard and a widening FBI inquiry.
These are among over 40 municipalities that have been attacked over the past year. Some even paying the ransom, reasoning that the costs to reconstruct their systems would be more burdensome than the extortion. Many ransomware attacks target small, cash-strapped local governments that don't prioritize data backups or cybersecurity.
The long-term effect of these attacks, even after systems are back up and running, is loss of confidence in the systems that power the town's most basic services like water, power, communications and voting.
This epidemic has even launched a relatively new line of business for insurance companies — cyberinsurance. Some municipalities, and even businesses, are signing up. However, experts fear this will just worsen the situation by encouraging hackers to target companies with cyberinsurance, knowing that a payout is even more likely.
A Word to the Wise
Looking ahead, Spurlin says the easiest first step toward a cybersecurity posture is to set software updates to happen automatically. Subscriptions to cloud-based software will alleviate the burden of maintaining software updates locally.
Finally, consider moving IT systems to the cloud and cloud service providers. Organizations that manage IT systems on-premises are more likely to suffer a web application-based attack. A State of Cloud Security Report by Alert Logic found that on-premises environment users experience an average of 61.4 attacks annually, while customers operating in a cloud-hosted environment averaged only 27.8.
Then there’s managed network security, a reliable, cost-effective option for multilayered, unified threat management. Check out Kinetic Business by Windstream's fully managed network security solution at kineticbusiness.com/security.