Threat Alerts

Data Breach, Cyber Alert Monday 11-25-2019

Last week, ransomware erodes profitability, healthcare providers struggle to protect PII, and data breaches officially reach an all-time high.

United States – SmartASP.NET

Exploit: Ransomware attack
SmartASP.NET: Web hosting platform

Risk to Small Business: 2 = Severe: Hackers encrypted the web hosting platform’s data, crippling both its IT infrastructure and customer data. After the attack, the company’s phones and website were both inaccessible, and SmartASP.NET was forced to notify customers that their data was encrypted. In addition to encrypting customer-facing infrastructure, a common target for ransomware attacks, the attack locked up significant amounts of back end data and delayed recovery efforts considerably.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks inevitably have significant financial repercussions, and this is only compounded by the reputational damage that follows such a newsworthy incident. However, hackers need an avenue to deploy this malware, and companies can protect themselves by ensuring that their defensive posture is sufficient to repel today’s most prescient threats.

United States – Florida Blue 

Exploit: Phishing attack
Florida Blue: Health insurance provider

Risk to Small Business: 2.2 = Severe: A phishing attack at one of Florida Blue’s third-party vendors successfully duped an employee into compromising patients’ personally identifiable information (PII). The event included less than 1% of Florida Blue’s members, but it shines a spotlight on the underlying cybersecurity vulnerabilities within third-party partnerships. Now, because of an event outside of their immediate control, Florida Blue will face intense regulatory scrutiny and suffer from less-quantifiable reputational damage in the wake of the breach.

Individual Risk: 2 = SeverePatients’ PII was exposed in the breach, including names, dates of birth, and prescription information. Florida Blue is offering free credit monitoring and identity theft protection for anyone impacted by the breach. Although Florida Blue doesn’t believe that patient data has been misused, these services will provide long-term oversight to ensure that patients’ credentials remain secure.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: In today’s digital environment, cybersecurity needs to be a central component of any third-party partnership. Unprotected companies place your data at risk, potentially undermining your best efforts to secure infrastructure. In contrast, strong cybersecurity standards can serve as a competitive advantage, allowing companies to market their strong defensive posture as a reason to subscribe to their services.

United States – Boardriders

Exploit: Ransomware
Boardriders: Action sports retailer

Risk to Small Business: 2.222 = Severe A ransomware attack crippled Boardriders’ operations, forcing several of their online stores to close and preventing employees from accessing any of the company’s IT. The event occurred during the last week of October, leaving the business with nearly two weeks of lost sales, productivity, and inventory. Until the ransomware was cleared from the network, employees were asked not to even turn on their computers. This productivity loss is one of the many hidden costs of ransomware attacks that are becoming increasingly prevalent as hackers look to extract large, single-payment sums from their victims.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: The costs of a ransomware attack are enormous. Whether companies pay the ransom or restore a system from backups, the immediate expense can cripple a business, and the long-term repercussions are a serious deterrent to profitability. In this case, Boardriders offered consumers deep discounts to entice them to return to the store, and their inventory and productivity losses will further erode profitability.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

Data Breaches Reach New Highs

2019 has been a notorious year for data breaches, a reality that is playing out in front-page headlines and major industry studies. According to Risk Based Security’s Q3 2019 Data Breach Report, it’s the worst ever recorded in history. 

The year’s third quarter saw a year-over-year increase of 112% in the total records exposed. Unfortunately, this isn’t all attributable to the high-volume data breaches at major corporations. This year, SMBs, government agencies, and educational institutions are also seeing an uptick in cybersecurity incidents, together creating a 33.3% increase in the total number of breaches for the year.

Notably, many of these data breaches were avoidable. From misconfigured databases to phishing attacks, businesses have many options at their disposal for proactively protecting their most sensitive information. There is no indication that this recent data breach trend is likely to abate anytime soon, so businesses of every size have plenty of reasons to ensure that negligence isn’t the cause of yet another data catastrophe.


A Note From Kobargo.

New Threat Actor Impersonates Government Agencies 

Cybersecurity researchers are warning consumers of a new threat actor impersonating government email accounts in the US and EU. To date, researchers have discovered hoax emails from the US Postal Service, the German Federal Ministry of Finance, and the Italian Revenue Agency. The emails are delivering malicious payloads containing ransomware to a variety of recipients. 

While researchers found that cybercriminals are targeting a broad audience with their messages, they concluded that most are heavily skewed toward businesses, which offer higher payouts and more robust data sets when attacks are successful.

Fortunately, malicious emails rely on user response, so businesses can protect themselves by training their employees to spot fraudulent emails. This particular attack might be new, but the strategy is well-established, and today’s employees need to be aware of the threats that are potentially lurking in their inboxes.


Contact Kobargo Technology Partners to schedule a free consultation today!

 
Read more
Merry Cyber Threat‘ness

Cybercriminals don’t take a holiday. In fact, the coming holidays are the busy season for hackers to wreak digital mischief. Black Friday and shopping online go hand in hand during today’s mostly online purchasing behaviors. Whether it’s Black Friday or Cyber Monday, many malicious threats can take advantage of your network’s security and therefore your personal data. 
From a personal perspective, staying alert with your own personal data is always a good thing to keep in mind when doing your online shopping, however, as business owners we must also protect ourselves and our employees during the holidays. Before your employees start sorting through all of the online deals for tech-themed gear or the next popular item for the kids, you might want to improve your network and their cybersecurity awareness. Take a few precautionary measures in the next few weeks to keep your company’s network safe.

Keep Software Up to Date

The new year is right around the corner, and although you may be thinking “New Year, New Network Security” it’s never a good idea to put off ways to bolster your defenses. Before taking off for a holiday break, take the precautions you need and install any updates you might have been putting off. Don’t wait until the new year to keep a clean house. Organizations that don’t install the latest updates leave themselves vulnerable to cyber attacks.

Set Up Firewalls 

Give a hacker a way in and they will take it, no questions asked. There are different ways for your business to stay safe and the most efficient is to set up a firewall. Firewalls work by protecting your internal networks from threats, which is why we recommend installing them not only on your servers, but on all office laptops, computers, and mobile devices too. This should keep your data safe and make a real difference in your security, but you will have to be proactive and keep them up to date – an alert that must be passed on to your employees.

Educate Your Employees on Cyber Safety 

Although you may have the most sophisticated security that you can buy, top dollar security is no match for the bottom of the rung foolishness from employees. Be threat protective and educate your employees on the advantages of your security and how they can truly affect the system – positively and negatively. Having all of this technology at your disposal is no good if your team may put your business at risk by clicking infected pop-ups or falling for phishing scams. Teach your employees the safest ways to use the internet, and you’ll be at an advantage when the holiday shopping begins.

Strengthen Wireless Network Passwords

A few individuals on your team may not be as technologically savvy as you would like and may not know what an open network is. Around the holidays it’s even more important to secure your wireless network with extremely strong passwords that the average person has no hope of guessing. These should naturally protect your network with the strength of the passwords including both letters and numbers. However, some employees may find it harder to keep up with the difficulty of the password. Instead of jotting open passwords down on a sticky note in plain view, we would suggest you encourage your team to make a password a phrase. Something that is memorable but includes a length that may trip up potential threats. Also, train your employees to make frequent password changes to keep the team strong.
Despite our best efforts, cyber-attacks and data breaches do happen. Before heading out for the holidays, make sure that you and your employees are doing what they can to be alerted to suspicious sites during their online shopping that may put your business, and your data, at risk. 
The bottom line: you should never take cybersecurity for granted, no matter the season. During the holidays, it pays to be even more vigilant and never let your guard down. Before you purchase too many items this season, contact Kobargo to schedule an assessment of your system’s security, and ask about any gadgets on your holiday gift list. In fact, it may be best to just casually remind everyone that online shopping isn’t meant for browsing at work, but as we know it’ll most likely happen anyway.
Kobargo Technology Partners delivers managed IT solutions and is a leader in authentication and security, to protect your data and brand from cybercriminals. Leverage our 50 years of experience to protect, manage, and support your network, data, and users.  Visit us to learn more, about what we can do for you!

Read more
Data Breach, Cyber Alert Monday 11-18-2019

 Last week, healthcare data targeted by cybercriminals, lax security compromises PII, and Google has access to personal health information of millions.

United States – InterMed 

Exploit: Compromised email account
InterMed: Maine-based physician group

Risk to Small Business: 1.777 = Severe: Hackers gained access to four employee email accounts that contained patients’ protected health information. The first employee account was accessed on September 6th, and the subsequent accounts were available between September 7th and September 10th. Although InterMed did not report the specific vulnerability that led to the breach, credential stuffing and phishing attacks were likely the culprits. The company’s slow response time and the sensitive nature of the compromised data will result in regulatory scrutiny that will amplify the post-breach impact.

Individual Risk: 2.428 = SeverePatients’ protected health data was compromised in the breach. This includes names, dates of birth, health insurance information, and clinical data. In addition, some Social Security numbers were exposed to hackers. This information has a ready market on the Dark Web, and those impacted by the breach should take every precaution to protect their identity.

Customers Impacted: 30,000

How it Could Affect Your Customers’ Business: Data breaches are becoming increasingly costly, so sufficiently addressing defensible threats should be a top priority for every organization. Employee email accounts are often a top target for hackers who use phishing campaigns and credential stuffing attacks to gain access to their account data. Comprehensive awareness training and Dark Web services that provide advanced notification when credentials are compromised can position companies to protect this easy access point from bad actors.

United States – Brooklyn Hospital Center

Exploit: Ransomware
Brooklyn Hospital Center: Full-service community teaching hospital

Risk to Small Business: 2.111 = Severe: A ransomware attack struck Brooklyn Hospital Center, making some patient data inaccessible while deleting other information entirely. The ransomware originated with unusual network activity in July, but it wasn’t until September that the hospital determined that certain data would never be recoverable. However, it’s unclear why it took another month to notify the public of the disabled or missing data. As healthcare providers both big and small face the threat of ransomware attack, this lengthy reporting delay can compound the problem as it ushers in the opportunity for more hostile consumer blowback.

Individual Risk: 2.285 = SevereBrooklyn Hospital Center declined to identify the specific data compromised in the breach, but healthcare providers are often a target for cybercriminals because of the sensitive nature of this information. Therefore, anyone impacted by the breach should take the necessary steps to ensure their data security, including enrolling in identity monitoring services and closely evaluating their accounts for unusual or suspicious activity.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: This incident is a reminder that ransomware attacks can have ominous outcomes for any organization. While some are cut and dry transactions, others can be more damaging, resulting in permanent data loss or information exposure. Once your company’s data is in the hands of bad actors, there is no script for determining what happens next. With that in mind, preventing ransomware attacks proactively with proper cybersecurity measures must be a top priority for businesses of every shape, size, and sector.

United States – Utah Valley Eye Clinic

Exploit: Unauthorized database access
Utah Valley Eye Clinic: Utah-based eye clinic

Risk to Small Business: 2.333 = Severe: A cybersecurity vulnerability at a third-party affiliate compromised personal data for thousands of the clinic’s customers. The incident resulted in patients receiving fraudulent emails indicating that they received a payment from PayPal. The breach was only recently discovered, originally occurring on June 18, 2018, so patient data has been exposed for a significant duration. As a result, the company will likely face legal penalties and lost revenue due to exposed protected health information (PHI).

Individual Risk: 2.142 = SevereThe clinic confirmed that patient email addresses were compromised in the breach, but it also conceded that other personally identifiable information, including names, addresses, dates of birth, and phone numbers, may have been exposed. The prolonged time to the detection means that this information has been available for misuse, and they should be especially vigilant to evaluate online communications and credentials for suspicious or unusual activity.

Customers Impacted: 20,000

How it Could Affect Your Customers’ Business: Third-party partnerships are becoming increasingly important in today’s business environment, yet also capable of inviting potential cybersecurity vulnerabilities. It’s estimated that more than 60% of data breaches involve third-party exposure. Consequently, cybersecurity should be a top priority when considering partnerships, information sharing, or other collaborative opportunities.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

Google Has Access to Personal Health Information of Millions of US Patients 

Recently Google partnered with Ascension – one of the largest health systems in America – but did so quietly. This partnership allows Google access to all of Ascension’s patients’ data. Ascension operates 150 hospitals in 21 states.

The effort was code-named “Project Nightingale,” and has allowed some Google employees access to data including names, birth dates, addresses, family members, allergies, immunizations, radiology scans, hospitalization records, lab tests, medications, medical conditions, and even some billing records.

The current agreement does not appear to be a violation of HIPAA (Health Insurance Portability and Accountability Act). Google has been looking to expand its health information efforts, including plans to acquire Fitbit. However, Google has responded to the news of the partnership to say the data will not be used other than to assist Ascension medical providers.


A Note From Kobargo.

Australian Cybersecurity Personnel Are On the Verge of Burnout 

For companies around the world, the threat of a data breach is becoming ever-present. This reality is especially pronounced in Australia, where cybersecurity professionals are reporting fatigue and burnout as they battle the litany of threats facing their companies. According to the 2019 Asia Pacific CISO Benchmark Study, the burnout rate among Australian organizations is more than double the global average of 30%. 

In total, 69% of Australian organizations are receiving more than 100,000 cybersecurity alerts every day, significantly higher than the global average. At the same time, the survey, which polled 2,000 information-security professionals, found that Australian organizations were slower to respond to data breaches than companies in other countries. Such behavior compounds costs, as 84% of Australian businesses that experienced a data breach admitted that the expenses exceeded $1 million, a significantly higher sum than other countries in the region.

SMBs are already struggling to hire sufficient cybersecurity personnel, so supporting IT professionals is a critical component of any company’s cybersecurity initiatives. Fortunately, they don’t have to do it alone. The supportive services of an MSP can augment capabilities, lightening the load on in-house cybersecurity professionals.


Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 11-11-2019

Last week, a third party compromises user data, hackers attack digital points of sale, and SMBs struggle to hire top cybersecurity talent.

United States – Web.com

Exploit: Unauthorized database access
Web.com: Domain name registration and web services provider

Risk to Small Business: 2.111 = Severe: An unauthorized third party accessed Web.com’s network, which compromised their customers’ personally identifiable information. The intrusion took place in August 2019, but IT personnel were not able to identify the breach until October 16th. Data breach notifications went out this week, but the significant detection delay will certainly compound the damage for both the company and its customers.

Individual Risk: 2.285 = SevereThe breach compromised names, addresses, phone numbers, email addresses, and service information. Security experts believe that the breach extends beyond Web.com and includes users of Network Solutions and Register.com. This information often makes its way to the Dark Web where it can be repurposed for additional cyber-attacks or identity fraud. Anyone impacted by the breach should scrutinize their online communications, as hackers will use compromised data to orchestrate spear phishing attacks

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Survey after survey reveals that customers are increasingly wary of doing business with companies that can’t protect their personal information. This reality is only exacerbated when companies are slow to detect or respond to security incidents.
As a result, data security and response protocols are an integral part of doing business. In 2019, cybersecurity isn’t just for the IT department to consider. It needs to be a top-down priority that impacts every facet of the company.

United States – sPower

Exploit: Cyber-attack
sPower: Renewable energy provider

Risk to Small Business: 1.444 = Extreme: sPower was the victim of a cyber-attack that brought down its services and disconnected its hardware from the electrical grid. Although the attack occurred in April, the details are emerging as part of a Freedom of Information Act filing by reporters covering the energy sector. Hackers were able to leverage a vulnerability in the company’s firewall that allows outside entities to access their network. The event could significantly harm the company’s reputation within the energy industry, impacting its ability to land future contracts and compete with other companies.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Reputation management can mean the difference between earning the next contract and losing out to a competitor. In that regard, ensuring that your organization’s most prescient threats are accounted for can help avoid the bad press and brand erosion that follow in the wake of a cyberattack. While every industry’s threats are unique, every consumer or collaborator wants the same thing: sufficient cybersecurity to meet the moment.

United States – City of San Marcos

Exploit: Cyber-attack
City of San Marcos: Local government municipality

Risk to Small Business: 1.666 = Severe: Hackers accessed the city’s computer systems and restricted access to significant portions of their IT infrastructure. The attack, which began on October 24th, brought down email accounts and other communication services. As a result, messages sent to city employees were not delivered, though government facilities remain open. Recovering from the attack is proving especially difficult, as the services are still restricted for more than a week after the initial event. To prevent further attacks, employees are being asked to change their passwords and enable two-factor authentication on their accounts.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Many cybersecurity vulnerabilities can be mitigated by adopting adequate preventative measures. For instance, using strong, unique passwords and two-factor authentication can prevent hackers from using stolen credentials to access accounts and dig deeper into your company’s IT environment. As the costs associated with breach continue to pile up, the ROI on implementing cybersecurity defense becomes easily apparent.

Italy – UniCredit 

Exploit: Exposed database
UniCredit: Banking and financial services company

Risk to Small Business: 1.555 = Severe: UniCredit recently discovered an exposed database containing personal information for millions of the company’s customers. Shockingly enough, the database had been accessible since 2015. This is the company’s third data breach in recent years, and it sent their share price down by 4%. The bank is spending a significant amount of money to update its IT infrastructure to prevent such an event in the future, but that is unlikely to alleviate the reputational damage and regulatory repercussions heading their way.

Individual Risk: 2.428 = Severe: The exposed database contains email addresses and phone numbers for the banks’ clients. Hackers did not have access to login credentials, but that doesn’t mean that those impacted by the breach are out of the woods. Personal details can be used to facilitate additional cybercrimes that can compromise even more sensitive information.

Customers Impacted: 3,000,000

How it Could Affect Your Customers’ Business: The path to restoring customer confidence after a data breach is one that is not well-charted. However, companies are testing their customers’ limits when they endure multiple cybersecurity incidents. Each episode forces businesses to restart the restoration process. Knowing what happens to exposed or stolen customer data is the first step to a swift response that can revive customer confidence.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

Small Businesses Struggle to Acquire Top Cybersecurity Talent 

Few institutions are at more risk of a cyber-attack than SMBs. Unfortunately, these same companies are struggling to compete with major corporations for the IT and cybersecurity talent that can keep their infrastructure and data security. 

In general, this trend reveals a growing chasm between escalating cybersecurity threats and the availability of affordable, qualified professionals who can defend against them. In Canada alone, it’s estimated that organizations will need to fill 3,600 cybersecurity positions alone, meaning that the market forces of supply and demand are inextricably working against SMBs with more modest budgets.

Moreover, today’s cybercrimes are becoming increasingly sophisticated and exponentially more expensive. For instance, credential stuffing and ransomware attacks often require specialized personnel to adequately defend against these threats.

However, SMBs don’t have to bring all of this talent under their own roof. Instead, they can partner with qualified cybersecurity specialists (Like us!) to augment their capabilities and ensure their data security in a dangerous digital environment.


A Note From Kobargo.

Data Breaches Are Pushing SMBs Into Bankruptcy

A recent survey by Zogby Analytics confirmed what many people already knew: data breaches are wreaking havoc on SMBs. In particular, the financial implications of a data breach are overwhelming their capacity and forcing them to take drastic action. 

The survey, which questioned more than 1,000 small business leaders, found that 37% of SMBs that experienced a data breach suffered financial loss and 25% filed for bankruptcy. Ultimately, 10% of SMBs went out of business following a data breach.

At the same time, leaders understand the threat. 88% of respondents indicated that their company was “somewhat likely” to experience a data breach, while nearly half believe that they are “very likely” to be the victim of a data loss event. As today’s world continues to grow increasingly aware of the costs and prevalence of data breaches, the responsibility for leaders to defend against them has never been greater.


Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 11-04-2019

Last week, ransomware takes business infrastructure offline, spear-phishing campaign costs local government thousands, and executives continue to ignore spooky cybersecurity risks.

United States – Billtrust 

Exploit: Ransomware attack
Billtrust: B2B billing service provider

Risk to Small Business: 2.333 = Severe: A ransomware attack crippled Billtrust’s customer-facing systems, forcing them to bring all infrastructure offline to stop the malware’s spread. The company discovered the attack on October 17th, and it’s taken nearly a week just to begin recovery efforts. Fortunately, Billtrust maintained backups that were unaffected by the attack, which made it possible to avoid paying the ransom demand. Nevertheless, the lost revenue, reputational damage, and recovery expenses will definitely chip away at the company’s bottom line.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Whether in the form of ransomware payments to regain access to their networks or interrupted processes due to downed servers, the costs associated with ransomware can quickly escalate. With such attack vectors on the rise, businesses must take responsibility and protect their valuable IT infrastructure.

United States – Kalispell Regional Healthcare

Exploit: Phishing attack
Kalispell Regional Healthcare: Family healthcare provider

Risk to Small Business: 1.555 = Severe: Several employees fell for a phishing campaign that compromised their login credentials and patients’ personally identifiable information. Hackers accessed the data between May 24, 2019, and August 28, 2019. As a result, the company will bear the cost of identity and credit monitoring services for all victims, and they will face intense regulatory scrutiny. Brand reputation is also jeopardized, as the hospital was formerly recognized as a highly-ranked healthcare provider for their cybersecurity practices.

Individual Risk: 2 = SeverePersonally identifiable information that may have been compromised includes their names, Social Security numbers, addresses, medical record numbers, dates of birth, phone numbers, email addresses, and medical history. The healthcare provider is offering victims a year of free credit and identity monitoring services, and those impacted by the breach should enroll in these programs. Cybercriminals can use the data to facilitate additional attacks, so they should carefully scrutinize unusual or unexpected messages or account activity.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Before the breach, Kalispell Regional Healthcare was acknowledged for its distinguished data security readiness standards. Unfortunately, the lack of employee awareness training led to a phishing scam that made the entire network vulnerable. In today’s digital landscape, comprehensive phishing scam awareness training should be a routine requirement for any employee with an email address.

United States – Ocala City

Exploit: Spear phishing attack
Ocala City: Local municipality

Risk to Small Business: 1.666 = Severe: A spear-phishing attack convinced an Ocala City employee to transfer $640,000 to a fraudulent bank account. The account still had $110,000 left when the city identified the scam, but cybercriminals still walked away with over $500,000. To trick the employee, cybercriminals sent an email purportedly from one of the city’s construction contractors and requested payment to a bank account that did not belong to the contractor. While the email and bank account were fraudulent, the invoice was legitimate, which made this incident especially difficult to detect.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Spear phishing attacks are highly targeted and can be difficult for employees to identify. However, as more data becomes available to bad actors, businesses need to plan for this reality, training employees to spot small differences that often reveal a threat. Ocala City tells a cautionary tale that failing to adjust to today’s threats can be an expensive mistake.

New Zealand – Competitive Pest Services 

Exploit: Insider data theft
Competitive Pest Services: Pest control service

Risk to Small Business: 2.222 = SevereBefore leaving the company, a former employee downloaded customer data and shared it with his new employer. The information was then used to solicit business from Competitive Pest Services’ customers. In response, the company has updated its data security software to restrict access to sensitive company data and notify IT admins when information is downloaded. Unfortunately, reactive responses cannot secure customer data, and it likely won’t help restore consumers’ confidence in their data management practices.

Individual Risk: 2.142 = SeverePersonally identifiable information was limited to customer names, addresses, and phone numbers. However, this is more than enough information to perpetuate additional cyberattacks that could compromise even more sensitive data. Therefore, those impacted by the breach should carefully monitor their identity information, and they may want to consider enrolling in identity monitoring software to provide long-term oversight of their information.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Taking proactive measures to protect your customers’ data is the best way to protect against a breach. This requires that companies remain up-to-date on the most prescient threats and take steps to mitigate their exposure before a data loss event takes place. Too many companies choose to update their protocols after a breach, a step that won’t repair the damage that’s already been done.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

Australian CEOs Fail to Appreciate Cyberthreats

Today, data breaches are top-of-mind for companies and consumers alike; however, those concerns appear don’t appear to have made it all the way to the C-suite. 

According to a recent survey of Australian executives, those in leadership positions significantly overestimate their company’s cybersecurity capabilities, exposing a serious disconnect between decision-makers and those charged with securing a company’s data.

For example, 63% of CISOs surveyed said that their company experienced a data breach in the past 12 months, but only 6% of CEOs shared this viewpoint. Similarly, 44% of CEOs thought that their company was prepared to respond to a cyberthreat, while only 26% of CISO’s were confident in this assertion.

This disparity doesn’t just relate to technological capabilities. 69% of CISOs view cybersecurity as an integral part of their business plan and only 27% of CEOs saw it as a bottom-line issue.

Other surveys have shown that cybersecurity professionals are quickly becoming overwhelmed by their jobs, and many are considering leaving the field altogether. Without support from top-level executives, this problem will only get worse, which means that data security will become more problematic.


A Note From Kobargo.

Consumers Will Stop Engaging with Brands Online After Data Breach 

After years of high-profile data breaches, consumers are fed up with companies that can’t protect their data, and they are increasingly willing to cut off brands that fail in this regard. 

In a recent survey by Business Wire, nearly 50% of respondents are more concerned about data security then they were a year ago. Notably, 81% indicated that they would stop engaging with brands online after a data breach, and 63% of consumers believe that the company is always responsible for data security.

These findings place a significant burden on companies to evaluate their cybersecurity posture. In today’s digital landscape, failing to protect customer data won’t just be inconvenient. It could be the beginning of the end for many businesses.

Rather than leaving it to chance, get the support that you need to ensure that your company is ready to address consumer demands as the costs of failing to meet the moment is incredibly steep.


Contact Kobargo Technology Partners to schedule a free consultation today!

Read more