In the field of cybersecurity, there are always opportunities to learn. It’s a dynamic ecosystem that’s always changing in terms of threats. There’s also no shortage of cybersecurity breaches, with fear-inducing headlines that can make any company shutter. But I’d also argue there is much to learn in these situations.
In a perfect world, breaches and attacks wouldn’t happen. Everything would be top-notch secure, and cyber criminals would be foiled at every turn. Unfortunately, that’s not the reality. In fact, breaches are rising, and hackers are getting smarter and more sophisticated. Data breaches exposed 22 billion records in 2021, and ransomware attacks increased by 92.7% from 2020 to 2021.
Even with the most robust tools and processes, you can’t guarantee your organization won’t be a victim. Aside from these components, the human element is the most important. Who you put in charge of protecting data and securing your infrastructure is most often the differentiator. And those people need more than just technical aptitude. They need to be communicators and collaborators. They need to be flexible and open to change and growth.
With that in mind, let’s consider what the latest cybersecurity breaches can teach us.
U-Haul Data Breach Exposes Customer Information
The moving and storage company U-Haul reported a data breach to customers in September 2022. The attack enabled cyber criminals to access rental contracts between November 2021 and April 2022. As a result, over 2 million customers had sensitive data exposed, including names, driver’s licenses, and state identification numbers.
The hack was successful because of the ability to compromise unique passwords that enabled access to customer contract search tools. The company didn’t disclose anything further about the password compromise.
In this scenario, a few things come to mind as learnings. First, it highlights the need for multifactor authentication across the entire enterprise. Second, it’s possible zero trust architecture could have prevented this. Third, perhaps there wasn’t visibility or transparency across the digital infrastructure, which left this database vulnerable. They could have averted such a breach not with better tools but with better communication.
OakBend Medical Center Suffers Ransomware Attack
Ransomware in healthcare has become a serious issue, with over 55 of these attacks this year alone. Due to a ransomware attack, the Oakbend hospital had communication and IT issues. They announced they were working under “electronic health downtime procedures.”
The standard response was to take everything offline and rebuild their systems. Healthcare is a key target for hackers, as they know this is a mission-critical industry that will often pay the ransom.
We can learn from this incident that the need for updated and practiced cyber incident response procedures is critical. Additionally, questions about redundancy and backups are relevant. We don’t know the details, but with healthcare, the weak link is often legacy systems. Human error and apathy are brewing in hospital IT offices.
Healthcare data is a serious business. I would advise any healthcare organization to modernize its approach to cybersecurity, which requires removing legacy systems, updating infrastructure, and driving change in the hearts and minds of the professionals responsible for it. Until these things happen, healthcare will always be an easy target.
Aon Data Breach Exposes Sensitive Customer Data
Aon first noted the breach in its Securities & Exchange Commission filing in February 2022. However, the global financial company didn’t advise customers until May. The breach’s root cause was access by an unauthorized third party. The company’s investigation reported no evidence that the stolen data was misused and that they had enacted new controls.
It makes you wonder if these controls were so robust, why weren’t they already in place? And why did third parties have the opportunity to steal customer information?
Aon, like any other financial institution, certainly has a sophisticated cybersecurity footprint with teams of professionals that are experts. Yet, there’s always a way in! Would zero-trust architecture have saved the day? Would all those smart cyber folks have noticed this access vulnerability sooner if they worked more like a team rather than individual contributors? Without more details, it’s hard to know. As someone who’s been in this industry a long time, I know that human blindsides are the worst.
Social Engineering Scam Exposes Marriott Customers’ Credit Card Information
Marriott reported that an employee was a social engineering victim, leading him to turn over credentials. The hackers then tried to extort money, contacting the company boasting of their access. The hotel chain stated that the hacker didn’t reach its core network, but customer data related to the specific location was part of the breach. Marriott refused to pay the cyber criminals and contacted law enforcement.
The obvious learning is around constant and consistent training for employees on cybersecurity. However, even if that’s in place, employees may not give it much credence if it’s not a top-down philosophy that’s part of the company culture. Other points to consider are again about access — who has it, how they get it, and who is trustworthy.
If you take away anything from these cases, the most important thing is going back to your people. How are they protecting your data? What are their misconceptions or flawed reasonings?
The most secure companies don’t get that way because they spend the most money or have all the latest and greatest tools. They don’t end up in the headlines because their people work proactively and are agile in collaborating and communicating. If you can do anything right now to strengthen your company’s defense posture, it’s about getting your technical teams aligned, motivated, and growing their mindset. Without this, everyone stays in the same place, and the hackers will keep succeeding.