Expect the unexpected — cyber-attacks that could have been avoided
So, the thing that nobody expected to happen has happened. And strangely, it now seems like it was inevitable. Why didn’t we see it coming? What more could we have done to prepare? Well, time to get used to it folks — President Trump is on his way to the White House!
But in the spirit of not letting a valuable lesson go to waste! It’s time to remind ourselves of the importance of never being complacent, always expecting the unexpected and being ready for all eventualities — however unlikely they may seem.
And nowhere is this more important than in the realm of cyber-attacks, where victims are almost always caught unawares and incidents can frequently be prevented — if only the threat is taken seriously and the right precautions put in place.
In fact, Trump could benefit from this advice in the coming four years, particularly given his defining campaign line regarding cyber was: “I have a son. He has computers. He is so good with these computers. It’s unbelievable.” Errrm, okay then!
So on that note, let’s remind ourselves what can happen when cyber security goes wrong:
JP Morgan Chase
Considered one of the largest data breaches in history, this 2014 attack on the American banking giant led to the data of 83 million account holders and seven million small businesses being compromised — affecting two thirds of the households in the US. The cause of the breach was traced to just one server in the bank’s network, where the security team had failed to implement two-factor authentication, a simple security fix to restrict system access. An important reminder that hackers just need a small window of opportunity to inflict serious damage.
In 2015, TalkTalk became synonymous with cyber security failure, when attackers were able to access the personal data of 156,959 UK customers, including the bank account details and sort codes of around 15,000. The hack apparently cost the business £60m and led to the loss of around 100,000 customers, while an in-depth investigation by the Information Commissioner’s Office has just fined the company a record £400,000 for security failings. The Information Commissioner said “TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.”
In November 2014, a group calling themselves ‘Guardians of Peace’ gained access to Sony’s systems and proceeded to leak confidential information including emails, employee details, and even copies of unreleased films. Incredibly, the hack turned out to be sponsored by North Korea in protest at Sony Pictures’ upcoming film, The Interview, a comedy about a plot to assassinate its leader Kim Jong-un. And while Sony was clearly the victim of a blackmail plot, many experts believe the damage could have been minimised, if the emails and information stolen had been encrypted. Sony’s security operation also failed to detect the hack until it became public, giving the attackers plenty of time to inflict maximum damage.
A series of blunders by this US retail giant led to the credit and debit card details of 110 million people — that’s one in three Americans — being stolen, and millions of pounds along with them. A complex chain of events began with one of the shop’s third-party vendors being compromised through a phishing attack, and led to malware being installed on Target’s point of sale (POS) systems. This enabled the hackers to scan millions of shoppers’ cards as they made purchases in the store. The unbelievable part is that Target even had malware detection systems in place which alerted them to the threat, but for some unknown reason, these were ignored. Unsurprisingly, Target was found negligent and has paid out millions in fines and compensation as a result.
In 2011, 93,000 PlayStation users were locked out of their accounts for a week after the system was hacked, leaving them unable to use their consoles and causing the theft of customer information. Sony came under a barrage of criticism due to delays in its response and a lack of concrete information on what had happened, and was eventually fined £250,000 by the ICO for failing to do enough to prevent the breach. The ICO said it was one of the most serious lapses it had ever seen, blaming Sony for not having up-to-date security software in place.
Worried you’re not ready for the unexpected? Then you might want to think about investing in cyber liability insurance, which covers you for breach of data protection laws (where insurable by law), your liability for handling data, extortion, system rectification costs, plus PR expenses and financial loss due to system downtime. So you won’t be caught unawares!