The Week in Breach News: 11/17/21 – 11/23/21
GoDaddy is back in the hot seat after another massive breach exposes data for more than 1 million users, an insider incident in Ohio raises election security concerns, a data breach at Australia’s copyright authority and the hidden costs of a data breach your clients may not know about.
Learn how to defeat terrifying cybersecurity monsters to keep systems & data safe in a dark world! READ IT IF YOU DARE!>>
GoDaddy
https://techcrunch.com/2021/11/22/godaddy-breach-million-accounts/
Exploit: Credential Compromise
GoDaddy: Web Hosting Provider
Risk to Business: 1.527= Severe
GoDaddy has reported a data breach that may impact more than 1 million customers who use the service for WordPress hosting. The company detailed the incident in an SEC filing, declaring that it had detected unauthorized access to its systems where it hosts and manages its customers’ WordPress servers when someone used a compromised password for access around September 6. GoDaddy said it discovered the breach last week on November 17. The company warned that active customers had their sFTP credentials (for file transfers), and the usernames and passwords for their WordPress databases, which store all the user’s content, exposed in the breach. In some cases, the customer’s SSL (HTTPS) private key was exposed, which if abused could allow an attacker to impersonate a customer’s website or services. 1.2 million active and inactive managed WordPress users had their email addresses and customer numbers exposed in this incident.
Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.
Customers Impacted: 1.2 million
How It Could Affect Your Customers’ Business: Third-party security risk is increasingly common in an interconnected world and building strong defenses helps protect against this unexpected danger.
ID Agent to the Rescue: Building cyber resilience helps insulate organizations from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>>
California Pizza Kitchen
Exploit: Hacking
California Pizza Kitchen: Fast Casual Restaurant Chain
Risk to Business: 2.212=Severe
US casual dining chain California Pizza Kitchen has had a data security breach that impacts current and past employees. In a statement, the company disclosed that its systems were infiltrated by an unauthorized user on September 15. Those cybercriminals gained access to an undisclosed amount of data including employee records that contained at least employee names and SSNs.
Individual Risk: 1.907=Severe
In a filing with the Maine attorney general’s office, the company reported that 103,767 current and former employees had their names and Social Security numbers exposed.
Customers Impacted: 103,767
How It Could Affect Your Customers’ Business A failure to secure employee data can be just as damaging and expensive as a failure to secure consumer data.
ID Agent to the Rescue: Help your clients make sure that their employees are keeping data safe with security awareness training – and we’ll help you learn to sell it faster in under 15 minutes. WATCH NOW>>
Lake County Board of Commissioners
Exploit: Insider Incident
Lake County Board of Commissioners: Election Regulator
Risk to Business: 1.502=Severe
The Washington Post is reporting that a data security incident occurred at the Lake County, Ohio Board of Elections. The attempted breach occurred on May 4 inside the county office of John Hamercheck (R), president of the Lake County Board of Commissioners. In this incident, a private laptop was plugged into the county network in Hamercheck’s office, capturing routine network traffic. That information was then distributed at an August “cyber symposium” on election fraud hosted by MyPillow executive Mike Lindell. Officials say that no sensitive data was obtained. This is substantially similar to an incident in Colorado earlier this year. Data from the Colorado incident was circulated at the same event. The FBI is investigating the incident.
Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business Insider threats can pop up anywhere and real havoc on an organization when they least expect it.
ID Agent to the Rescue: Make sure that your clients are doing everything right to stop system and data security threats with the Computer Security To-Do List checklist, available now! GET THIS CHECKLIST>>
Zero Trust security is the key to keeping your clients safe – and the cornerstone is access management. We can help. LEARN MORE>>
Cyprus – StripChat
Exploit: Misconfiguration
StripChat: Adult Content Platform
Risk to Business: 1.615= Severe
StripChat, one of the world’s top 5 adult cam sites, has suffered a data breach that exposed more than its usual fare, including the personal data of millions of users and adult models. In a blunder discovered by security researchers, StripChat failed to properly configure an ElasticSearch database cluster, leaving data exposed for at least 3 days.
Individual Risk 1.802= Severe
Researchers listed the exposed data pertaining to 65 million users registered on the site including their username, email, IP address, ISP details, tip balance, account creation date, last login date and account status. Data for 421,000 models broadcasting on the site was also exposed including username, gender, studio ID, live status, tip menus/prices and strip scores. Other transaction data was also exposed.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business The company hasn’t just failed at data security, at press time they had also failed to publicly disclose or acknowledge the incident, a sure path to a hefty GDPR fine.
ID Agent to the Rescue: Reducing human error incidents starts with building a strong cybersecurity culture. The Security Awareness Champion’s Guide makes today’s risks memorable to encourage caution. GET THIS BOOK>>
Denmark – Vestas
Exploit: Ransomware
Vestas: Wind Turbine Manufacturer
Risk to Business: 1.512= Severe
The world’s largest supplier of wind turbines Vestas has announced that it has experienced a suspected ransomware incident. The company says that its initial investigation has determined that data has been compromised, although no specifics about that data were given. The company says that the incident forced the shutdown of IT systems and has damaged parts of Vestas’ internal IT infrastructure. Recovery has begun, and the company has stressed that the impact on its manufacturing, construction and service arms has been minimal.
Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Ransomware and infrastructure components are going hand in hand these days, creating an elevated risk level for companies in infrastructure-related sectors.
ID Agent to the Rescue Learn more about how ransomware is evolving, what we predict that you’ll see next and how to protect your clients in Ransomware Exposed. GET THIS EBOOK>>
What risk will you face next? Get a look at what to expect in The Global Year in Breach 2021. DOWNLOAD NOW>>
Australia – Copyright Agency
https://www.itnews.com.au/news/australias-copyright-agency-investigates-cyber-incident-572982
Exploit: Hacking
Copyright Agency: Royalty Collection Agency
Risk to Business: 1.595 = Extreme
Australia’s Copyright Agency has suffered a data breach The agency which distributes royalties to authors, photographers and other creators for the reuse of their text and images, notified members of the incident last Friday. No information is yet available about what data may have been impacted, but there’s a possibility that extensive personal and financial data may have been exposed for the 37,000 creators that it services.
Customers Impacted: 37,000
How it Could Affect Your Customers’ Business
ID Agent to the Rescue Cybersecurity horrors lurk around every corner, lying in wait for unwary organizations. Learn how to defeat them in our eBook Monsters of Cybersecurity. DOWNLOAD IT NOW>>
Dive into how to reduce your client’s risk of phishing fast with the tips in The Phish Files. DOWNLOAD NOW>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Are your clients really protected from cyberattacks? Our Cybersecurity Risk Protection checklist will tell you the truth! GET IT>>
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:
- What’s Your Plan to Beat the Monsters of Cybersecurity?
- 10 SMB Data Breach Statistics You’ll Want to See
- Are You Ready to Face the Next Generation of Cybersecurity Threats?
- Password Danger is Escalating with No Ceiling in Sight
- The Week in Breach News: 11/10/21 – 11/16/21
Kaseya Patch Tuesday: Patch notes & bug fixes for November 2021: SEE PATCH INFO>>
Help Your Clients Defend Against Today’s Biggest Threat: Phishing
Our new infographic Can You Spot the Phishing Email? is full of tips to help clients sniff out a phishing email. DOWNLOAD IT>>>
Start selling security awareness training that includes phishing resistance, compliance & more in just 15 minutes. WATCH NOW>>
Explore the dark web origin of risks like phishing and see how security automation combats danger affordably. WATCH NOW>>
Did You Miss…?
National Computer Security Day is November 30
Grab the new Computer Security To-Do List infographic and share it on social media or send it to your clients as a handy resource for strengthening their security culture. DOWNLOAD IT >>
Get the cheat codes to defeat cybercrime in our eBook The Security Awareness Champions Guide GET IT NOW>>
Unexpected Factors Dramatically Impact the Cost of a Data Breach
Your Clients May Be Shocked Into Action
Everyone who works in IT security knows that a data breach is an expensive proposition. From detection through final cleanup, the cost of a data breach has never been higher. In this year’s IBM Cost of a Data Breach Report, researchers determined that the average cost of a breach in 2021 is estimated at $4.2 million per incident, the highest ever recorded in the 17 years of the study. If it’s ransomware it’s a little more expensive. Ransomware attacks cost an average of $4.62 million, and that’s without even considering the ransom demand. That’s a bill that no business can afford to pay – and why your clients need the best data security to prevent a data breach from happening.
Are you ready to slay the Monsters of Cybersecurity? This checklist tells you what you’ll need to succeed! GET CHECKLIST>>
Demonstrate Just How Damaging a Data Breach Can Be
But in a time when budgets are tight, customers may be looking at trimming security spending. An estimated 62% of IT departments are tightening their budgets, yet cybercrime is increasingly prominent. But many business owners just don’t understand the danger or the lasting damage that a data breach can do to their business and their bottom line – 25% of small business owners in a recent cybersecurity awareness survey didn’t even realize cyberattacks would cost them money! Demonstrating that the cost of a data breach is significantly higher than many business executives think can help MSPs overcome objections and close a tricky deal.
5 Things to Know About the Cost of a Data Breach
- The top country in the world for data breach costs in 2021 (so far) is the US with an average cost of $9.05 million.
- Companies supporting a remote or hybrid workforce experienced an increase of up to $1 million more when a data breach occurred, with the highest rates of $4.96 million in comparison to $3.89 million.
- The cost of a breach can be impacted by the type of data stolen or leaked, like customer personally identifiable information – the most frequently breached and the most expensive at $180 per record.
- Thanks to the hot market for COVID-19 data in 2020, medical data is in second place as the most desirable data to snatch
- Healthcare at $9.23 million is the industry with the most expensive data breach costs.
The Computer Security To-Do List helps companies build a strong security culture. DOWNLOAD IT NOW>>
The Non-Business Elements of Handling a Data Breach Are Shocking
Handling incident response for a data breach is a tricky and expensive proposition. Business controllers may understand that they are going to experience significant revenue loss in the wake of an incident, but they may not realize just how much they’re looking at shelling out in handling the incident response alone. According to IBM, the non-business elements of a data breach cost companies $2.65 million. Those costs add up to 62.5% of the overall costs of a data breach. Their researchers put together an excellent cost breakdown that sheds light on the unexpected costs and hidden expenses in a data security incident.
For the average $4.24 million data security incident, here’s the overall cost breakdown (and percentage of total costs):
- $1.59m (38%) — Lost business costs, which include customer churn, downtime and new business acquisition costs
- $1.24m (29%) — Detection and escalation costs, including hunting down and identifying the breach. Also includes getting key team members involved and/or any external services (forensic, legal, etc.).
- $1.14m (27%) — Post-breach response cost to cover containment, eradication and recovery processes
- $0.27m (6%) — Notification costs to inform regulatory agencies, partners, customers and the general public.
Is Your Password a Zero or a Hero? Learn the difference and how you can strengthen yours in Build Better Passwords. GET IT>>
6 Unexpected Long-Term Consequences of a Data Breach
Insurance May Not Cover the Loss
Many businesses think that they can rely on cyber insurance to cover the cost of a data disaster, but that’s not the case anymore. Reuters reports that around the world, insurers have halved the amount of covered loss that they provide to customers after a data security incident. Where once insurers were offering $13.50 million (10 million Pounds) in coverage, almost all insurers have reduced their available coverage to $6.6 mullion (5 million Pounds). Companies can no longer rely on insurance to pay the ransom in ransomware attacks either. Insurance giants like AXA have announced that they will no longer underwrite cyber insurance policies to reimburse companies for ransomware payments after cyberattacks, leaving wounded businesses out in the cold.
Lasting Reputation Damage
If an organization suffers a data breach, its reputation will be impacted in many more far-reaching ways than it may be expecting. Researchers at Forbes Insight reported that 46% of organizations had suffered serious reputation damage as a result of a data breach. Business executives may also be surprised to learn that they’re not just going to be dealing with a temporary PR problem in the form of initial news reports. The reputation damage of a data breach sticks around, creeping into all sorts of unexpected corners. The news of a data breach can stick around forever online. One incident is enough to trash a company’s marketing strategy for the foreseeable future as the marketing team pivots to incident response as well. Marketing teams will also be spending significant time combatting every Google search that includes the company name and the term “data breach”. That also extends into social media, where teams will be spending a lot of time responding to negative sentiment.
Long-Term Loss of Business
Poisoned search results will contribute to loss of business because consumers are less likely to do business with a company that suffers a data breach. In a recent poll by The Pearson Institute and the Associated Press-NORC Center for Public Affairs Research, an estimated two-thirds of Americans surveyed said that they are very or extremely concerned about their personal and financial information being compromised by a data breach at an organization – and nearly 2 out of every 3 consumers would likely avoid doing business with an organization that had experienced a cyberattack in the past year. Americans also think that companies don’t care about keeping their data secure. An estimated 70% of consumers do not believe that businesses are actually trying to protect their personal information.
90% of MSPs have had clients hit with a ransomware attack in the last 12 months. Help your clients build stronger defenses with the insight in Ransomware Exposed! DOWNLOAD NOW>>
Executive Hiring & Retention Troubles
In the midst of a massive tech talent shortage, the impact that a data breach can have on a company’s hiring and the retention of IT personnel that have to clean up the mess can be outsized. IBM notes that it may be harder for companies that have recently had a data breach to hire executive-level IT professionals because when they join the organization, they’ll be starting with a messy breach cleanup on their plates immediately. As for existing IT executives, a breach can make it significantly more difficult to retain them. Over 90% of CISOs also say they suffer from moderate or high stress and for almost a quarter of them their stress impacts their ability to do their job.
Legal Bills That Pile Up
All 50 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have breach notification laws in place right now to require businesses or governments to notify impacted parties if their personal information is breached – and almost all of them have legislation scheduled that will tighten those requirements as well as the corresponding penalties. The US federal government is also debating new legislation that changes breach penalties and reporting requirements. Organizations could potentially lose government contracts if they have a breach. Any organization that has a data breach is going to need a specialized and expensive squad of lawyers to navigate the thicket of legal issues and requirements. Increasingly strict rules about data handling enacted under GDPR this year will create just as many costly problems for beleaguered businesses that require lawyers to untangle.
Compliance Costs That Add Up Fast
Hot on the heels of legal trouble around reporting a data breach comes its bigger, nastier cousin: compliance woes. In this year’s IBM Cost of a Data Breach Report, researchers analyzed 25 cost factors that impact the cost of a data breach for an organization as well as determining if those factors amplify or mitigate breach costs. Those researchers found that compliance failure increases the cost of a data breach much more than any other factor. Organizations that had a data breach accompanied by a high level of compliance failures (resulting in fines, penalties and lawsuits) faced an average cost of a data breach of $5.65 million.
See how cyber insurance is changing and how to protect your clients from trouble. WATCH NOW>>
How Does This Impact Growth Opportunites for MSPs?
The budget pressures that companies are facing today may make new or upgraded security solutions a tough sell, even when they’re proven to be highly effective. But even in a time of strained budgets, the impact of heavily publicized major cyberattacks and a steady increase in cybercrime across the board has ensured that cybersecurity is a priority even when tech budgets decrease. A recent study by Balbix concluded that 80% of IT and security professionals plan to increase spending on their cybersecurity posture management over the next 12-18 months, creating an excellent growth opportunity for MSPs in 2022.
Strong Security Doesn’t Have to Cost a Fortune
The ID Agent digital risk protection platform offers great security and a great value, as these businesses discovered.
Passly includes an array of identity and access management tools with robust functionality. Essentials like multifactor authentication and single sign-on build the perfect springboard for zero-trust security, while automated password resets will make everyone’s life easier.
Dark Web ID gives you 24/7/365 always-on monitoring of business and personal credentials, including domains, IP addresses and email addresses, alerting immediately if one appears on the dark web. Plus, automated reporting means that your team doesn’t need to stare at a dashboard.
BullPhish ID improves everyone’s phishing resistance and boosts security awareness. Fight back against threats by adding every employee to the security team with customizable phishing simulation kits or plug-and-play lessons about compliance, ransomware, credential compromise and more.
See our solutions in action in these short demonstration videos: https://www.idagent.com/learn-more
The ID Agent digital risk protection platform has the strong solutions that every business needs to protect their systems and data from today’s biggest threats. Contact our solutions experts today to learn how your business and your clients can benefit from our commitment to innovation.
We’re invested in your success! Learn about best-in-class marketing & sales support from Kaseya Powered Services. WATCH NOW>>
Nov 25: WEBINAR: Phish & Chips EMEA REGISTER NOW>>
Nov 30: Close More Deals! The MSP Recipe for Success REGISTER NOW>>
Dec 07: How Security Awareness Training Protects Your Clients & Grows Your MRR REGISTER NOW>>
Dec 07: Connect IT Local: Atlanta REGISTER NOW>>
Dec 09: How Security Awareness Training Protects Your Employees & Hardens Your Cyber Defenses REGISTER NOW>>
Dec 08-09: ASCII Success Summit: Anaheim REGISTER NOW>>
Dec 09: Connect IT M&A Symposium: Miami REGISTER NOW>>
Are you ready to take back control of cyberattack risk from the villains on the dark web? This webinar shows you where to start. WATCH NOW>>
Cyber Insurance May Not Save You from a Data Breach
In today’s volatile cybercrime atmosphere, many companies are taking precautions against the damage that a cyberattack can do to their bottom line by purchasing cyber insurance. But in a time of strained budgets, cyber insurance may seem like it’s more of a luxury than a necessity – and it also may not cover the losses that you’re expecting it to cover in the event of a successful cyberattack against your business.
Cyber insurance premiums are rising substantially thanks to a marked increase in cybercrime. Pricing for cyber insurance up by 56% in the US and 35% in the UK. Much of that can be attributed to ransomware costs. Ransomware has been such an expensive proposition that the world’s major insurers don’t want to keep dealing with it, and insurers like Axa will no longer cover most ransomware losses.
Taking action to beef up your security in order to prevent a data breach is essential because insurers are likely to continue tightening rules around coverage. Start with a small but powerful change like increasing security awareness training with a solution like BullPhish ID, a move that can prevent up to 70% of data breaches – and help ensure that you’re not on the phone with your insurance company finding out what isn’t covered in your data breach anytime soon.
Do you have comments? Requests? News tips? Compliments? Complaints 9or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this post (in part or in its entirety) When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!