Last week, ransomware takes business infrastructure offline, spear-phishing campaign costs local government thousands, and executives continue to ignore spooky cybersecurity risks.
United States – Billtrust
Exploit: Ransomware attack
Billtrust: B2B billing service provider
Risk to Small Business: 2.333 = Severe: A ransomware attack crippled Billtrust’s customer-facing systems, forcing them to bring all infrastructure offline to stop the malware’s spread. The company discovered the attack on October 17th, and it’s taken nearly a week just to begin recovery efforts. Fortunately, Billtrust maintained backups that were unaffected by the attack, which made it possible to avoid paying the ransom demand. Nevertheless, the lost revenue, reputational damage, and recovery expenses will definitely chip away at the company’s bottom line.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Whether in the form of ransomware payments to regain access to their networks or interrupted processes due to downed servers, the costs associated with ransomware can quickly escalate. With such attack vectors on the rise, businesses must take responsibility and protect their valuable IT infrastructure.
United States – Kalispell Regional Healthcare
Exploit: Phishing attack
Kalispell Regional Healthcare: Family healthcare provider
Risk to Small Business: 1.555 = Severe: Several employees fell for a phishing campaign that compromised their login credentials and patients’ personally identifiable information. Hackers accessed the data between May 24, 2019, and August 28, 2019. As a result, the company will bear the cost of identity and credit monitoring services for all victims, and they will face intense regulatory scrutiny. Brand reputation is also jeopardized, as the hospital was formerly recognized as a highly-ranked healthcare provider for their cybersecurity practices.
Individual Risk: 2 = Severe: Personally identifiable information that may have been compromised includes their names, Social Security numbers, addresses, medical record numbers, dates of birth, phone numbers, email addresses, and medical history. The healthcare provider is offering victims a year of free credit and identity monitoring services, and those impacted by the breach should enroll in these programs. Cybercriminals can use the data to facilitate additional attacks, so they should carefully scrutinize unusual or unexpected messages or account activity.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Before the breach, Kalispell Regional Healthcare was acknowledged for its distinguished data security readiness standards. Unfortunately, the lack of employee awareness training led to a phishing scam that made the entire network vulnerable. In today’s digital landscape, comprehensive phishing scam awareness training should be a routine requirement for any employee with an email address.
United States – Ocala City
Exploit: Spear phishing attack
Ocala City: Local municipality
Risk to Small Business: 1.666 = Severe: A spear-phishing attack convinced an Ocala City employee to transfer $640,000 to a fraudulent bank account. The account still had $110,000 left when the city identified the scam, but cybercriminals still walked away with over $500,000. To trick the employee, cybercriminals sent an email purportedly from one of the city’s construction contractors and requested payment to a bank account that did not belong to the contractor. While the email and bank account were fraudulent, the invoice was legitimate, which made this incident especially difficult to detect.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Spear phishing attacks are highly targeted and can be difficult for employees to identify. However, as more data becomes available to bad actors, businesses need to plan for this reality, training employees to spot small differences that often reveal a threat. Ocala City tells a cautionary tale that failing to adjust to today’s threats can be an expensive mistake.
New Zealand – Competitive Pest Services
Exploit: Insider data theft
Competitive Pest Services: Pest control service
Risk to Small Business: 2.222 = Severe: Before leaving the company, a former employee downloaded customer data and shared it with his new employer. The information was then used to solicit business from Competitive Pest Services’ customers. In response, the company has updated its data security software to restrict access to sensitive company data and notify IT admins when information is downloaded. Unfortunately, reactive responses cannot secure customer data, and it likely won’t help restore consumers’ confidence in their data management practices.
Individual Risk: 2.142 = Severe: Personally identifiable information was limited to customer names, addresses, and phone numbers. However, this is more than enough information to perpetuate additional cyberattacks that could compromise even more sensitive data. Therefore, those impacted by the breach should carefully monitor their identity information, and they may want to consider enrolling in identity monitoring software to provide long-term oversight of their information.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Taking proactive measures to protect your customers’ data is the best way to protect against a breach. This requires that companies remain up-to-date on the most prescient threats and take steps to mitigate their exposure before a data loss event takes place. Too many companies choose to update their protocols after a breach, a step that won’t repair the damage that’s already been done.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
Australian CEOs Fail to Appreciate Cyberthreats
Today, data breaches are top-of-mind for companies and consumers alike; however, those concerns appear don’t appear to have made it all the way to the C-suite.
According to a recent survey of Australian executives, those in leadership positions significantly overestimate their company’s cybersecurity capabilities, exposing a serious disconnect between decision-makers and those charged with securing a company’s data.
For example, 63% of CISOs surveyed said that their company experienced a data breach in the past 12 months, but only 6% of CEOs shared this viewpoint. Similarly, 44% of CEOs thought that their company was prepared to respond to a cyberthreat, while only 26% of CISO’s were confident in this assertion.
This disparity doesn’t just relate to technological capabilities. 69% of CISOs view cybersecurity as an integral part of their business plan and only 27% of CEOs saw it as a bottom-line issue.
Other surveys have shown that cybersecurity professionals are quickly becoming overwhelmed by their jobs, and many are considering leaving the field altogether. Without support from top-level executives, this problem will only get worse, which means that data security will become more problematic.
A Note From Kobargo.
Consumers Will Stop Engaging with Brands Online After Data Breach
After years of high-profile data breaches, consumers are fed up with companies that can’t protect their data, and they are increasingly willing to cut off brands that fail in this regard.
In a recent survey by Business Wire, nearly 50% of respondents are more concerned about data security then they were a year ago. Notably, 81% indicated that they would stop engaging with brands online after a data breach, and 63% of consumers believe that the company is always responsible for data security.
These findings place a significant burden on companies to evaluate their cybersecurity posture. In today’s digital landscape, failing to protect customer data won’t just be inconvenient. It could be the beginning of the end for many businesses.
Rather than leaving it to chance, get the support that you need to ensure that your company is ready to address consumer demands as the costs of failing to meet the moment is incredibly steep.
Contact Kobargo Technology Partners to schedule a free consultation today!