The biggest cybersecurity stories of 2020

The biggest cybersecurity stories of 2020

Every year, more cybersecurity threats that affect thousands of people make the headlines. Cybercriminals are constantly brewing up new ways to infiltrate business networks and compromise sensitive information. Even if you run a small- and medium-sized business in Las Vegas, you can also be a potential target. Learning from cybersecurity incidents is therefore important in minimizing your company’s exposure to attacks.

Listed below are some of the biggest cybersecurity stories of 2020 and how you can protect yourself and your business against such online threats.

Marriott International customer database leak

According to the official announcement from Marriott International last March 2020, more than five million guest information may have been accessed using the login credentials of two employees at a franchise property. Help Net Security reported that the attack could’ve been done through credential stuffing and phishing. The former involves entering dozens of stolen or compromised passwords to gain unauthorized access to company accounts. Meanwhile, phishing uses fraudulent emails to trick unwitting victims into clicking dangerous links and downloading malware-laced attachments. These attacks enabled hackers to access various customer data like contact details, gender, birthday, and even linked loyalty programs.

LifeLabs breach exposes Canada’s population

Canada suffered from the biggest data breach in its history when LifeLabs, a Canadian medical testing company, was hacked in October 2019. The news only came into light in December 2019 and early 2020.

The attack exposed personal data of 15 million Canadians — that's almost half of Canada’s population. LifeLabs claimed that they paid to retrieve the stolen data but there’s still a possibility that the hacker copied the information.

Despite the attempts to rectify the situation, at least three parties filed class-action lawsuits against LifeLabs and one of these lawsuits is seeking $1.13 billion in damages. CPO Magazine reported that the lawsuit hints at how that data breach was made possible. It was alleged that the data in question was not encrypted and were stored on unsecured servers. LifeLabs’ network security department were also allegedly understaffed and not properly trained, making the company more susceptible to threats.

ExecuPharm suffers ransomware attack

In a letter to the Vermont attorney general’s office (AGO), ExecuPharm declared that they suffered a ransomware attack on March 13, 2020. Ransomware is a type of malicious software that infects your computer and denies you access to the computer system or data until a ransom is paid. Through a phishing campaign targeted at ExecuPharm employees, hackers were able to steal data such as Social Security numbers, financial records, emails, driver’s licenses, credit card numbers, and other sensitive information.

The General Data Protection Regulation (GDPR) mandates pharmaceutical companies to report data breaches. As a pharmaceutical research company, ExecuPharm abided by the GDPR and reported the data breach. From an official notice posted by the Vermont AGO, ExecuPharm also stated that they hired third-party security firms to strengthen their security. A few of the improved security measures included mandated password resets, multifactor authentication (MFA) for remote access, and endpoint protection, detection, and response tools.

How can businesses strengthen their cybersecurity?

The three cybersecurity stories mentioned are just some of the major cases that occured in 2020. Despite the severity of threats, there are ways to prevent similar incidents from impacting your business. Here are some important cybersecurity tips to keep in mind.

Security tip 1: More than purchasing security software, provide proper security training

One of the biggest misconceptions in cybersecurity is assuming that security measures like anti-malware software and firewalls will mitigate all risks. In reality, these only protect your business from external attacks and do nothing to address the risks your employees may inadvertently cause. Clicking on suspicious links, setting weak passwords, and sharing data with unverified sources are all data breaches caused by human error, so it’s critical that employees are properly trained on security best practices.

For starters, teach employees the value of data and why it’s so crucial to be careful of how they handle it and who they share it with. They should know good password hygiene, such as setting at least 12-character long passwords that are unique to each account they use. Employees should also be trained in enabling MFA on company devices and accounts to avoid unauthorized access.

What’s more, you must train employees to recognize and avoid phishing attacks. This means being critical of every unsolicited email, link, and attachment, and always verifying the legitimacy of every website before providing sensitive information. If employees have fallen victim to a phishing scam, make sure they know how to notify the team and the authorities so security measures can be implemented immediately.

Security tip 2: Partner with a reliable managed IT services provider (MSP)

Cybersecurity issues and threats can be overwhelming, but you don’t have to deal with it alone. With good IT support, you know that you have a dependable team that can help optimize, update, strengthen, and audit your security system. An experienced MSP can help you protect your systems at a fraction of the cost of hiring in-house IT professionals.

Kortek Solutions is a trusted MSP that offers comprehensive security, from automated backups to email/spam protection. Gain peace of mind by letting us handle your cybersecurity. Contact us today to find out how.