Security Breach Update
20 February 2020

Threat report examines the threats facing business in 2020, and its findings.IBM Threat Report Presents Risks for 2020 

The latest IBM threat report examines the threats facing business in 2020, and its findings should alarm cybersecurity leaders. Notably, the report found that hackers are not turning to overly sophisticated techniques to access company data.

Rather, they are relying on the deluge of personal data already available to access an organization’s infrastructure. When those methods fail, many are deploying phishing scams as a cheap, relatively safe way to compromise employee credentials.

According to IBM, phishing attacks and unauthorized credential use were two of the most prominent attack methodologies.

The report’s silver lining is that companies are not powerless against these threats. Employee awareness training can render these attacks useless, and integrated two-factor authentication can prevent unauthorized account access even when credentials are compromised.

Together, they present a meaningful way for every company to protect itself against the most likely threats in the year ahead.

Full article can be found here.

Recent Breaches

Australia – Ashley Madison – Adult romance website

Exploit: Unauthorized database access

Risk to Small Business: Severe: Cybercriminals are redeploying data from Ashley Madison’s 2016 data breach to target Australian users with sextortion emails. These messages contain intimate and highly personal information gleaned from the breach, and cybercriminals are threatening to publicly release the information if victims don’t pay a Bitcoin ransom. The emails are highly personalized, and include sensitive personal details derived from the initial data breach. While it’s easy to write-off a data breach at an adult website, it reflects the IT environment experienced by any company that collects personal data, and the many ways that hackers exploit that information to make money.

Risk to Exploited Individuals: Severe: The personalized emails include users’ names, bank account numbers, phone numbers, addresses, and dates of birth. It also contains private content and communications conducted on the website.

Customers Impacted:  Unknown

New Zealand – Generate – Voluntary, work-based savings initiative

Exploit: Unauthorized database access

Risk to Small Business: Severe:  Hackers accessed and downloaded customers’ personal data in a holiday heist that wasn’t identified until January 27th. The data breach, which did not include investor funds, is a serious privacy violation for its users, and the company’s slow identification and delayed response will only make matters worse. Now, the company faces an uphill battle to restore customer trust, which will be crucial to maintaining a competitive edge in an already crowded marketplace.

Risk to Exploited Individuals: Severe:  Customers’ personal data was compromised in the breach. This includes photographic ID images, tax document numbers, names, and addresses. This information puts victims at risk of identity theft or financial fraud, and victims should enroll in credit and identity monitoring services to protect their credentials’ long-term integrity. Moreover, Generate is asking all users to reset their account passwords.

Customers Impacted:  26,000

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
20/02/2020

Follow us on LinkedIn:

Related Articles:
Phishing Scam Invokes Executive to Trick Employees
Protecting your business data with Datto

Written by