We all know there is no such thing as absolute immunity from cyber attacks. Even the biggest, wealthiest companies haven’t been spared, even when they have spent fortunes on cyber protection. Most cybercriminals are shrewd. They know how to adapt to the changing times and heightened security.
What is more, cyber attacks are quite common. In fact, one in every three Americans has the possibility of facing a cyber attack on their computer every year. Most of the attacks lead to data breaches, stolen information, and financial damage.
The damage can even go beyond the monetary losses. Some companies find themselves with ruined reputation and diminished trust, even from their most loyal customers.
We have looked at some of the biggest cyber attacks of the 21st century and the lessons we can gain from them. Here are the key takeaways.
Some attacks can go unnoticed until it is too late
Once a breach happens, the chance of dodging the damage is quite slim. To compound the problem, cyber incidents are incredibly difficult to detect. Sometimes, they go unobserved until you are already hit where it hurts the most.
This is exactly what happened to Heartland Payment Systems in 2008. An SQL 3 Injection attacked the company’s corporate computer network, leading malware to its payment processing system. This resulted in 134 million stolen credit cards from around 30 states. The incident was only brought to the attention of Heartland when MasterCard and Visa noticed suspicious transactions.
The earlier the attacks are detected, the better chances of containing the spread of malware. It is a huge lesson for many payment processing providers to improve and tighten their security so they can quickly respond should an attack take place.
It is important to encrypt and store financial data in another location
In early 2014, eBay suffered a huge blow from a cyber attack that managed to compromise the multinational corporation’s non-financial data. This included usernames, home addresses, emails, phone numbers, and dates of birth of around 145 million customers. The saving grace was the tight protection for the financial data of customers, which were encrypted and stored separately.
It could have been a different story had the attackers also got hold of customers’ financial information.
Swift action is needed at the first sign of an intrusion
Yahoo! used to be the biggest web service provider. And yet it also suffered one of the biggest cyber attacks in history back in 2012. Fortunately, it did not result in any data breaches. It had exposed Yahoo!’s weakness, though, clearly giving the company the signal that something is wrong with its security and AES-256 encryption.
The big attack took place one year later, in 2013. Intruders hacked a whopping three billion accounts, stealing important information such as names, birth dates, phone numbers, and even user passwords. While Yahoo! was aware of the attack, it did not realize the extent of the breach until it was too late. By then, the information of millions of accounts was available for sale on a darknet market site.
Yahoo! was criticized for not being proactive enough when implementing security. The company failed billions of users and paid the price for it.
Gaps in cyber security can do untold damage
While everyone is susceptible to cyber attacks, cyber security can still offer a considerable amount of protection, if done properly. This is something that the consumer credit reporting agency Equifax failed to do.
It experienced an enormous attack in 2017 when hackers made use of a malware to gain access to the personal data of some 145 million people. This left the victims with the possibility of serious identity theft hanging over their heads, possibly for the rest of their lives.
It could have been prevented had Equifax diligently ensured regular software updates on vulnerable components, which it failed to do. The damage cost the company around $425 million.
Wrapping it up
Cyber attacks are glaring reminders that nothing and no one is invincible to such incidents. However, prevention is always better than cure. Businesses and organizations should invest in strengthening their protection from threats. Complacency is no longer an option.
