The newest breach at security-challenged GoDaddy is a reminder that credential security doesn’t just affect your business – it impacts your partners and clients too. Strengthen your business relationships by showing that you take it seriously in a few simple but significant ways.
Read More
Bad actors were bad news for Marriott this week, as they once again reported a huge data breach. Over 5.2 million guest records were snatched by cybercriminals in January 2020. Their vehicle for entry? Employee login credentials.
Read More
In uncertain times, it pays to keep an eye on the Dark Web to avoid a potentially disastrous breach – because bad actors are poised to make the most of an upended business world in the wake of COVID-19
Read More
Coronavirus (COVID-19) has many companies teleworking putting them at higher risk for a data breach. Use these tools and tips to mitigate the risk of staff working remotely.
Read More
Coronavirus (COVID-19) has many companies teleworking putting them at higher risk for a data breach. Use these tools and tips to mitigate the risk of staff working remotely.
Read More
It’s no secret that the costs associated with data breaches are trending upward at alarming rates. Just this year, IBM’s annual Cost of a Data Breach Study found that the average cost of a single data breach is approaching $4 million. Although IT repair, identity monitoring services, and regulatory fines quickly make their way to financial statements, others covertly chip away at the bottom line over time. Simply put, it’s not enough to add up the quantifiable costs of a breach when assessing the ROI of cybersecurity in the equation. Companies must also factor in the unseen consequences of a data breach, which can often result in even more damage than initial costs. Patching up vulnerabilities and offering free credit monitoring as a post-breach response only treats the symptoms, while the underlying disease continues to progress. Keep reading to learn about four cascading consequences of data breaches that can impact your company in the long run. #1 Reputational Damage Reputational damage and brand erosion in the wake of a breach is not easily measured, as it is carries on for years after news of an attack. The Ponemon Institute estimates that 65% of data breach victims lose their trust in a brand after a data breach. Even worse, consumers voice their displeasure within their circles, a phenomenon that is magnified with the advent of the internet. Interactions Marketing notes that 85% will tell others about the breach, and more than 30% will take to social media to complain about the company. For today’s consumers, a data breach is akin to a scarlet letter that can brand a business for years. Whether it’s an SMB or large corporation, the efforts to overcome this stigma greatly outweigh the costs of protection, since companies often don’t always have a say in whether or not customers will give them a second chance. #2 Customer Attrition As frightening as it may sound, today’s consumers do not forgive companies that cannot protect their data and are increasingly more likely to stop spending altogether after a breach. A recent study by Business Wire found that 81% of consumers would stop engaging with a brand online following a breach, destroying years of relationship-building and promotional efforts. In fact, 80% of customers are willing to take their business elsewhere. Ultimately, customer rejection can be the proverbial nail in the coffin that prevents companies from ever truly recovering from a data breach. It’s estimated that 60% of SMBs fold within six months of a data breach. As one enraged Equifax consumer told The Wall Street Journal, “if I can’t trust Equifax to do their own job, I’m not going to hand them my money and say, ‘Hey, watch this for me.’” This customer’s sardonic take serves as an eerie warning to all businesses: data breaches have lasting effects. #3 Continued Attacks Companies compromised by a data breach can find themselves or their customers victimized again in the future. The rise of credential stuffing attacks makes it increasingly likely that hackers will apply previously stolen data to easily access accounts and IT infrastructure, often without detection. Nearly a quarter of all data breaches occur due to stolen credentials, and successive attacks only make reputational recovery and renewed customer confidence more difficult to achieve. Find out how Dark Web ID™ can shield your organization from credential stuffing attacks here: https://www.idagent.com/dark-web/ #4 Increased Premiums Cybersecurity insurance are becoming a widely adopted practice within the industry, yet their value can be easily skewed. As we reported last month, such plans do not holistically cover the cost of a data breach. As more customers cash in on these insurance plans, the costs increase and companies that file a claim can expect their premiums to rise. Moreover, many businesses discover that their policies provide insufficient protection against financial loss, as insurance companies battle to restrict payouts. In one case, a cyberinsurance company only agreed to pay $50,000 on damages to a company that exceeded $2 million. Cybersecurity insurance is by no means a “silver bullet” and could even invite additional costs after a data compromise. Applying the best solution Although the unseen consequences of a breach may appear worrisome, we’re not here to spell out doom and gloom. By being proactive, you can protect your institution from being victim to a breach, and future-proof yourself in the event of an attack. Cybersecurity needs to be a bottom-line, top priority at every company. Especially for SMBs who often lack the financial and personnel resources to recover from a breach, partnering with a managed service provider can provide the oversight and protection needed to navigate today’s digital environment. ID Agent provides a comprehensive set of people-centric cybersecurity solutions to private and public sector organizations worldwide. See how you can leverage solutions for Dark Web Monitoring, password management, and employee training to safeguard your customers, employees, and organization from breach. Resources https://www.ibm.com/security/data-breach https://www.centrify.com/media/4772757/ponemon_data_breach_impact_study_uk.pdf https://www.interactionsmarketing.com/press-releases/interactions-finds-45-percent-of-shoppers-dont-trust-retailers-to-keep-information-safe/ https://www.businesswire.com/news/home/20191022005072/en/ https://www.forbes.com/sites/forbestechcouncil/2017/12/08/mind-the-trust-gap-how-companies-can-retain-customers-after-a-security-breach/#2235b64f6c95 https://www.inc.com/joe-galvin/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html https://www.wsj.com/articles/the-capital-one-hack-life-in-the-time-of-breach-fatigue-11564824600 https://info.idagent.com/blog/stop-credential-stuffing-attacks https://enterprise.verizon.com/resources/reports/DBIR_2018_Report.pdf https://info.idagent.com/blog/the-week-in-breach-09/25-10/01/19 https://slate.com/technology/2018/07/cyberinsurance-company-refuses-to-pay-out-full-amount-to-bank-after-hacking.html
Read More
There was a time when bank robbers resembled the stereotype of a bandit or a pirate. In reality, modern bank robberies are much less like an Ocean’s Eleven movie and more of a person sitting behind their desk eating yogurt and probing networks for vulnerabilities. While we can’t verify the type of food that was eaten during the recent Capital One Financial Corporation breach, we do know what was taken and how. Paige Thompson, AKA “erratic,” a former software engineer, stole more than 100 million Americans’ information and another 6 million Canadians’ sensitive information in the breach. Capital One was made aware of a configuration vulnerability on July 17th when an ethical hacker discovered the data on Github and reported it to the bank. While investigating and fixing the vulnerability, the bank revealed that a third party had gained access to their system in March of this year. Capital One immediately fixed the vulnerability and contacted the FBI to conduct a criminal investigation. The list of information stolen is not pretty and is quite long. Compromised data includes: Names, dates of birth, phone numbers, email addresses, home addresses, zip codes/postal codes, self-reported income, credit card application data, credit scores, credit limits, balances, payment history, transaction data, US Social Security Numbers, bank account numbers, and Canadian Social Insurance Numbers, It should be noted that Capital One responded immediately to this breach and has since strengthened its cybersecurity defenses, but one cannot help but wonder how that much sensitive data was exposed on a popular public website from March to July without the bank realizing it was missing. Not only that, but what if the hacker decided to sell the information in a more secure location such as the Dark Web. Fortunately, the main suspect behind this digital bank heist was apprehended quickly. Today’s robberies may use less dynamite and guns, but the catastrophic effects are typically long-lasting and far-reaching. Now more than ever, individuals and businesses need to take responsibility for proactively protecting their digital credentials and assets. ID Agent provides monitoring and alerting for businesses when their employees’ credentials have become exposed on the Dark Web by offering Dark Web ID™ through the MSP channel. We also offer personal identity monitoring through our MSP Partners so that individuals can have peace of mind that they are covered when data breach occurs. SpotLight ID™ can be purchased directly from MSPs by individuals, or by business owners as a tax-free employee benefit. Contact [email protected] to learn more.
Read More
So you’ve been breached. Now what? Once the dust has settled use it as a learning opportunity & tune up your cybersecurity plan. We can help.
Read More
MSPs should read this, then enroll themselves and every customer in SpotLight ID NOW Chances are, you’ve come across cleverly-crafted ads on sites like CNN.com, Facebook, Yahoo and others that say something like, “Use this site to find out anything… about anyone.” If you are like most good citizens, you probably passed up on the opportunity to use one of these sites to dox, or to search for and publish private or identifying information about an individual on the Internet, typically with malicious intent. Good for you!
Read More
Equifax’s giant cybersecurity breach announced yesterday – one of the worst ever – compromised the personal information of almost half the U.S. – potentially 143 million Americans. Residents in the U.K. and Canada were also affected. Based on Equifax’s investigation, the unauthorized access occurred from mid-May through July 2017.
Read More