DATA BREACH, CYBER ALERT MONDAY:
Last week, phishing scams continued to trap employees, weak passwords put company data at risk, and the consequences of a breach were higher for SMBs.
United States – Metro Mobility
Exploit: Unauthorized email account access
Metro Mobility: Shared ride public transportation service for riders with disabilities and health complications
Risk to Small Business: 1.333 = Extreme: An unauthorized party gained access to two employee email accounts that contained customers’ personally identifiable information. The data from one account was available between February 4th and March 12th, and information from the second account was available for several hours on March 12th. The company hired a third-party cybersecurity firm to audit their security standards, and they’ve made changes to prevent a similar breach in the future. However, it’s unclear why the company waited so long to notify customers, and future reparations will not be able to recover the damage of the data that’s already stolen.
Individual Risk: 2.143 = Severe: Impacted email accounts contained personal information, including customers’ names, dates of birth, contact information, drivers’ license information, financial information, medical record numbers, patient identification numbers, and treatment-related information. In addition, some users had their Social Security numbers compromised in the breach. Lyons is providing free credit monitoring and identity restoration services for everyone impacted by the breach. Since this information is incredibly valuable to cybercriminals on the Dark Web, breach victims should take advantage of these services to help ensure the integrity of their data.
Customers Impacted: Unkown
How it Could Affect Your Business: A data breach has far-reaching consequences for any company, which makes a preventable attack like a phishing scam especially problematic. Protecting customer data means protecting your bottom line, and cybersecurity training is a low-cost initiative to ensure that phishing threats are neutralized before they compromise customer data and put your company at risk.
United States – Premier Family Medical
Exploit: Ransomware
Premier Family Medical: Comprehensive family healthcare provider
Risk to Small Business: 2.111 = Severe: A ransomware attack on Premier Family Medical has significantly restricted employees’ access to patient data and company services, halting key business operations. In some cases, the opportunity cost associated with a ransomware attack can be more costly than the actual recovery effort, placing a multifaceted strain on a business’s finances.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: 320,000
How it Could Affect Your Business: Ransomware attacks have been on the rise in 2019, often targeting SMBs with limited resources for cybersecurity initiatives. Unfortunately, whether companies pay a ransom or restore operations using other recovery efforts, the implications can lead to lower ROI, or even worse, closed doors. When it comes to protecting your network against a ransomware attack, a strong defensive posture is the only option, and it’s one that every business should consider to be mission-critical in today’s digital environment.
United States – Entercom Communications
Exploit: Ransomware
Entercom Communications: Broadcasting and radio company based in Bala Cynwyd, Pennsylvania
Risk to Small Business: 2.111 = Severe: Hackers were able to spread ransomware across a company’s network using one company computer. The attack brought down email services, billing networks, and shared drives. While broadcasts continue uninterrupted, employees have been warned not to connect any devices to the company network, and Entercom expects several days of outages before services will be fully restored. Hackers are demanding $500,000 to decrypt the ransomware, but the company is choosing to use cybersecurity services to restore their network instead.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unkown
How it Could Affect Your Business: Regardless of the recovery methodology, recovering from a ransomware attack is incredibly expensive. In this case, hackers demanded $500,000 to restore Entercom’s network, a cost that comes without guarantees that bad actors will follow through on their promises. However, restoring a network often carries similar or even higher costs, meaning that there are no good solutions once an attack occurs. In a similar breach early this year, a station estimated that they lost up to $800,000 in revenue in addition to the $500,000 recovery charge. Consequently, it’s clear that every business needs to protect its bottom line by ensuring that its cybersecurity standards align with today’s emerging threat landscape.
In Other News:
Data Breaches Put Small Businesses at Risk
Data loss events are a huge risk for any company, but the aftermath of a data breach can be especially problematic for SMBs, a recent study by Bank of America Merchant Services concluded.
The survey, which included 522 small businesses and 409 consumers in the US, questioned consumers and small businesses about the cybersecurity risks underscoring today’s digital environment. In response, one in five SMBs reported a data breach in the past two years, a 17% increase in two years. Moreover, 41% of small businesses endured a data breach that cost the company more than $50,000.
This financial component is especially troubling for SMBs, which don’t have extravagant resources that large corporations can use to hasten their recovery efforts. Making matters worse, 30% of consumers indicated that they would never return to a small business that endured a data breach, a 20% increase year-over-year.
These trends are taking place as SMBs are increasingly moving online. 51% of SMBs run their own websites, and 70% have some form of e-commerce component to their business.
In total, it’s evident that SMBs have every reason to prioritize data security protocols as a foundational element of a successful, sustainable business model.
A Note From Kobargo..
Brute Force Attacks are the Preferred Method for Spreading Ransomware
Ransomware attacks are on the rise in 2019, making headlines as they afflict local governments and SMBs with frightening regularity. At the same time, the cost of a ransomware attack is rising precipitously, making these attacks one of the most complicated and feared cybersecurity risks this year.
However, cybersecurity researchers at F-Secure found that brute force attacks are one of the most prevalent methodologies deployed by hackers, occurring in 31% of ransomware attacks. This approach leverages common or weak passwords to access employee email accounts or company networks where malware can be deployed.
Consequently, companies can reduce their exposure to ransomware threats by ensuring that employees maintain strong, unique passwords for all their accounts. This simple cybersecurity standard is just one best practice that employers can instill in their employees through comprehensive awareness training that can help thwart cyberattacks.
Contact Kobargo Technology Partners to schedule a free consultation today!