The Biggest Data Breaches of 2019 – 3 Lessons to Learn
The biggest data breaches of 2019 illustrate the cost of lax security, sloppy data handling, and human error.
We’ve reviewed some of the biggest data breaches of 2019 to provide you with insight into how they could have been avoided. Learn from these mistakes to make sure that you’re ready to defend against 2020’s threats. Here are five key lessons to learn from our research.
See our analysis of the biggest data breaches of 2019 and our predictions for breach risks in 2020 in our FREE EBOOK “Under Attack: The Global Year in Breach 2019”
It’s Easy to be Fooled by Spear Phishing
Cybercriminals love using targeted phishing attacks, delivered via well-crafted fake emails from official-looking addresses. That’s exactly what happened to nine staffers at the Oregon Department of Human Services . A spear phishing attack convinced them to provide their login credentials to the attackers. In the three weeks it took to detect the intrusion, 625,000 patient records and 2.5 million emails were compromised.
The lesson? Human error is the number one cause of cybersecurity incidents, and phishing attacks are the number one cause of a breach. Never stop testing and training your staff using tools like BullPhish ID that have constantly updated phishing kits, including training to resist COVID-19 scams, with video training available in 8 languages.
Remote workers are more likely to fall for phishing attempts and create other cybersecurity risks. Learn how to mitigate them in our free Remote Working Cybersecurity Package.
Keep Your Enemies Close
When your essential information ends up on the Dark Web, it can be used in many more ways than you might think. Personal details like usernames, locations, and old passwords enable cybercriminals to attack companies in a variety of ways including credential stuffing. That’s what happened to Dunkin Donuts. Using credential stuffing, bad actors were able to breach their data and gain access to thousands of customer accounts.
The lesson? Thousands of passwords hit the Dark Web every day, and password lists are cheap. You don’t even have to suffer a breach to be in danger of one because of another company’s lax security. Stolen data from any source can become a data breach for your company. Add a solution like Dark Web ID to monitor the Dark Web for suspicious activity 24/7/365, so your company can know when your employee or customer passwords or data is compromised to take action sooner.
What are those mysterious Dark Web markets where people buy passwords really like? Take a tour of the Dark Web with insiders and get a free deck of Dark Web screenshots in our new free webinar “Unveiling Cybercrime Markets on the Dark Web.”
Cover All Your Bases
Of course, the fastest way to get your data stolen is to not secure it at all. Companies of every size make this crucial mistake, and it’s always costly. Verifications.io, an email validation service, stored the personally identifiable data of millions of users in a database that wasn’t even password protected. Over 2 million people had their information exposed in that breach, ready to be sold or traded on the Dark Web.
The lesson? Laziness always comes back to bite you later. It pays to pay attention to detail and enforce proper data handling and storage procedures constantly because sloppy data handling is a fast road to a costly and troublesome breach. Search out simple vulnerabilities like this and make sure that you’re using a digital risk protection platform that is up to the challenge of securing today’s remote workforce.