Halfway into 2023, the world of cybersecurity has seen new threats as well as old. Criminal hacking groups such as Money Message and suspected nation state actors have stolen data, millions of records have been breached, and companies across the globe have dealt with the unfortunate modern reality of suffering a cyber attack. Some well known companies, such as AT&T, have even suffered two breaches in the period from January to June of this year.
Real World Impact
- In May, Suzuki halted some vehicle production operations in India due to a cyber attack, which delayed production of 20,000 vehicles.
- Apria Healthcare suffered a data breach that may have exposed 1.9 million customers in 2021, but was only made public in May of 2023 — a delay which may have increased the risk to their patients’ data privacy and protection. Apria claimed the attack was financially motivated.
- Healthcare provider DC Health Link suffered a breach that may have affected up to 170,000 people’s personal information, including US Congressmen and their families. One of the individuals who took credit for the attack claimed it was driven by Russian patriotism and declared “Glory to Russia” in his posts advertising the data online.
Cyber attacks often have a tangled and wide-reaching impact. Some of these impacts involve ransom payments, loss of productivity and business, and geopolitical ramifications.
Interested in learning about cyber attacks in the geopolitical arena? The Center for Strategic & International Studies has an incident list that goes back to 2006!
Data Privacy Training
- Discord suffered a data breach via a “third-party customer service agent’s support ticket queue.”
- Atlassian suffered a breach by SiegedSec who accessed an Atlassian employee’s credentials that were mistakenly posted in a public location. Breached data included staff records, e-mail addresses, and floor plans.
Staff cybersecurity training is paramount in identifying and mitigating cyber threats. Create an ongoing training plan that empowers your employees to take steps to protect data and encourages a culture of data privacy.
Vendor Breaches
- American Airlines and Southwest Airlines suffered a data breach when a vendor was targeted. The third party has begun informing thousands of pilots who had data exposed.
- Law firm Bryan Cave Leighton Paisner was breached in February of 2023, which has led to various large companies having to inform their employees that their personal information was compromised.
- Progress Software, maker of file transfer tool MOVEit, suffered a data breach that was claimed by Russian ransomware group Clop. This hack has already impacted multiple organizations, including Zellis, British Airways, and the Canadian province of Nova Scotia.
Does your organization vet its subcontractors to verify they are adequately securing the data in their possession? The data security of your vendors and partners is just as important as your own.
Hungry for more details? Check out regular updates from IT Governance.
Learn From Mistakes
- T-Mobile suffered two data breaches in 2023: one in January that impacted 37 million customers, and one in May impacting 800 customers.
- MailChimp suffered its second breach within 6 months in a way very similar to the first attack, leading to questions about the company’s security protocols.
Learning from mistakes and taking proper mitigation measures are important when the worst happens. If you suffer a breach, in addition to taking immediate action to deal with the threat, your incident response strategy should also take future mitigation into account. This includes updating your security posture and establishing audits to ensure safeguards are in place to stop similar attacks from happening. Recording lessons learned is a crucial part of keeping your Incident Response Plan current and effective.
Check out our guide to Incident Response Plans for more information!
Protect Yourself
Cyber attacks happen across sectors, on all continents, and can have devastating impacts. Investing in effective cybersecurity tools, training staff well, choosing vendors carefully, and learning from past incidents can all go a long way in protecting your most vulnerable data. Don’t let your organization become a data breach statistic for the second half of 2023!