Man typing on computer

Cyber security breaches are a reality that every business – small or large – needs to protect themselves against. According to AppRiver’s annual Global Security Report, 1.9 billion data records were lost or stolen due to cyberattacks in the first half of 2017 alone, marking it as one of the worst years in history for cyber security breaches.

It’s no secret that cyber security breaches are a very real possibility, but how do we prevent them? Let’s take a look at 6 of the biggest breaches of all time and what the companies could have done to keep their data, consumers and company safe.

Looking for safe storage and disposal solutions for your company documents? Contact Blue-Pencil for a free quote today.

Contact Blue Pencil Now

1. Yahoo

In 2013, a shocking 3 billion accounts were compromised when hackers stole names, email addresses and passwords from Yahoo, a part of Verizon’s digital media company. Although the culprit(s) behind the break in were never disclosed, cybersecurity analysts discovered that the data was being sold through the dark web, an encrypted network only accessible through special software.

What We Learned: Yahoo’s data breach happened shortly after the company was sold to Verizon in 2013. To avoid this cyber attack, Yahoo could have incorporated third-party management into the sale to ensure that any risks were identified and protected through the right risk management processes.

2. LinkedIn

In 2012, a Russian Hacker acquired a total of 167 million login credentials from LinkedIn. Although the original total of compromised passwords was believed to be 6.5 million, the actual damage of the breach wasn’t revealed until 2016 when millions of passwords were discovered on Motherboard, a dark web marketplace.

What We Learned: Although LinkedIn actively encrypted their passwords before the breach, it is believed that the attack was the result of the company’s failure to “salt” the data, a process that involves adding random data as an additional input to defend against attacks. To avoid future attacks, LinkedIn has reportedly incorporated this process into their cyber management.

Salting to prevent cyber security breaches

Source: https://en.wikipedia.org/wiki/Salt_(cryptography)

3. eBay

In 2014, 145 eBay users were required to change their passwords after personal information was compromised in a large-scale data breach. Through stolen credentials, hackers were able to access names, emails, registered addresses, phone numbers and date of birth, although financial information was protected through encryption.

What We Learned: It is believed that eBay was a victim of “phising” and “social engineering,” a practice used to discreetly convince employees to give up personal information and allow hackers to infiltrate a system. In order to avoid these scenarios, it is important to actively train employees to recognize scams and employ two-step verification where possible.

4. Equifax

In 2017, the data of 143 million consumers was comprised when Equifax experienced a cyber security breach. Thousands of identifies were stolen when hackers broke into a vulnerable, open-source software called Apache Struts.

What We Learned: This attack was the result of a failure to securely patch an application, leaving it exposed and vulnerable to attack. To avoid this situation, Equifax should have ensured that Apache Struts was patched to improve its security.

Patching to avoid cyber security breach

5. Heartland Payment Systems

In 2009, 130 million of Heartland Payment’s payroll customers had their data compromised, exposing them to the potential of identity theft. The data was collected after Malware was planted on Heartland’s network, allowing hackers to collect card data as it was retrieved from retailers.

What We Learned: For Heartland, a failure to encrypt their network made it possible for hackers to collect information that was not secured. Additionally, physical controls such as cameras, locks, and security guards were not present to prevent the hacker from installing the malware.

Physical controls to prevent cyber security breaches

6. JP Morgan Chase

In 2014, 83 million accounts with JP Morgan Chase were compromised when a cyber attack captured personal information of customers. Names, email addresses and phone numbers were stolen from 2/3 of American Households. Hackers were able to access the company’s servers and were in the network for two months undetected before the breach was discovered.

What We Learned: Identification of weak spots, like JP’s servers, is important in the prevention of any cyber security breach. For JP, identifying the pitfalls of their IT infrastructure and replacing them with secure systems could have prevented this breach.

Evidently, cyber security attacks are more prominent than ever before. However, a strong information security strategy has the power to protect the sensitive data that is vital to your operations and customer relationships. According to Gartner, worldwide cybersecurity spending will reach $96 billion in 2018.

Are you ready to safely store and protect your businesses data from a cyber security breach? Blue Pencil can help. Click here for a full list of our services.

Contact Blue Pencil Now

Keep Your Information Safe With Blue-Pencil!

NAID-small-logo

Blue-Pencil helps empower Canadian organizations to reach new heights with friendly and efficient document management services. Customer service is not only a slogan but something we practice by investing in our strategic partners.

Located in Oakville, we have grown our document security business over the past 10 years, serving more than 6,000 organizations including small and medium-sized companies as well as Fortune 500 businesses.

“Blue-Pencil was efficient and professional. My documents were safe and disposed of properly. Not only would I continue to use Blue-Pencil, I would recommend them to everyone.”

– Immanuel Greenberg – More testimonials here!

We have recently launched two new divisions, Documents Storage and Records Management division and Document Imaging and Scanning Solutions division. This allows us to offer full circle, comprehensive solutions for information security management. We service the GTA and surrounding cities –  click here for a full list of our service areas. If you’d like to learn more about us and what we can do for you contact us today!

Sources:

privacyoffice.med.miami.edubitsighttech.com / cisoplatform.com