Security Breach Update
28 March 2019

Ransomware AttacksWhy small businesses struggle with cybersecurity best practices?

A recent report unveiled that almost 70% of companies have cybersecurity best practices in place but neglect to take the necessary steps for securing their business.

The new study by ESET and Kingston Digital that surveyed 500 British business leaders also found that 44% do not even secure devices with anti-virus software, exposing themselves to cyber threats and GDPR fines.

The reason?

A disconnect between the procurement teams responsible for providing equipment, IT teams who implement guidelines, and employees who follow them. To shift the paradigm, security professionals must work closely with other departments to avoid silos and use the right tools to ensure employee adherence.

Recent Breaches

Australia- Uber – Transportation network company headquartered in San Francisco, California.

Exploit: Spyware.

Risk to Small Business: Severe: A rogue employee deployed a “secret spyware program” to help Uber get a competitive advantage against local businesses in Australian markets. Dubbed Surfcam, the software was developed in 2015 and scraped driver and vehicle data. The company spokesperson is denying any claims, but this is now the second time Surfcam has been mentioned after similar allegations were made in Singapore.

Risk to Exploited Individuals: Moderate: Although the spyware program is likely using rider data to optimize marketing efforts on behalf of Uber, it can have serious consequences for competitors and consumers in the long run. At the same time, users do not face immediate threat.

Customers Impacted: Unknown.

United States – MyPillow and Amerisleep – Pillow and mattress companies in the US.

Exploit: Magecart attack on website checkout pages

Risk to Small Business: Severe: After being targeted as early as 2017, both online retailers faced card skimming attacks. In this scheme, hackers will insert malicious code into website checkout pages and covertly swipe customer payment information.

Although MyPillow discovered the first compromise almost immediately, it argued that the second attack did not result in the loss of information.

On the other hand, Amerisleep has not responded to comments. Depending on what further investigations reveal, it is possible that the sleep companies will face hefty fines for their delay in responding as well as scrutiny from online shoppers.

Risk to Exploited Individuals: Severe: As you can imagine, any information provided on a checkout page is up for grabs during a Magecart attack. This could include first and last names, addresses, credit card numbers, and more.

Customers Impacted:  To be determined.

United Kingdom- UK Police Federation – Organization that represents 119,000 police officers across England and Wales

Exploit: Ransomware attack

Risk to Small Business: Severe: A ransomware attack hit computers at the federation’s Surrey headquarters on March 9, encrypting several databases and email systems. This led to a disruption in services, along with the deletion of all backup data. The organization will be forced to rebuild its systems and ensure that data was not compromised.

Risk to Exploited Individuals: Moderate: Currently there is no indication that data was extracted from their systems, but the attack has severely damaged the organization’s infrastructure.

Customers Impacted:  Undisclosed.

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
28/03/2019

Follow us on LinkedIn:

Related Articles:
Your Greatest Vulnerability
F-Secure Winner in 2 AV-Test Results

Written by