Monday was a day full of costumes, trick or treaters, and some very scary horror stories but be warned not all scary stories are only for Halloween.
Last month marked the end of cybersecurity awareness month, which got us thinking... It's time to share some truly scary cybersecurity horror stories with you, to help prevent the same nightmares happening to you!
Back-To-Back Breaches For Marriott Hotels
One of the only things worse than one data breach event would have to be three data breaches, all in relatively quick succession. And, unfortunately for Marriott Hotels this is precisely what happened , with their first breach in 2018. In that year, Marriott revealed they were the victims to a very large database breach which affected up to 500 million guests.
During the course of the investigation, it was revealed that cybercriminals first gained unauthorised access to the network in 2014, this breach had been left undetected for four years, with over 327 million records compromised.
Within each record there was a variety of personally identifiable information (PII), including names, email addresses, phone numbers, and more. This incredibly large-scale breach resulted in Marriott Hotels being fined £20 million by the UK government for not adequately protecting personal user data.
Then, in 2020, the hotel chain disclosed that a second breach had occurred, this time affecting 5.2 million guests. These guests, similarly, to the 2014-18 breach, had their PII compromised.
Just when you thought the horror story was over... in 2022 the company was breached again. This time it was smaller but still resulted in around 20GB worth of stolen private data, impacting around 400 customers.
Whilst not too many details are known about these attacks, experts have said that hackers were able to gain access through advanced methods of phishing and email spoofing.
The lesson to be taken from this horror story – it is vital you train your employees in cybersecurity best practices, ensure you have invested in cyber essentials, and have IT and cybersecurity experts on hand to help you avoid data breaches in the future.
Colonial Pipeline Attack
The next horror story is coming to you from the U.S. oil industry. The Colonial Pipeline is one of the most important in the United States. It comprises a network of over 5,500 miles of pipeline. In May 2021, hackers were able to breach the network using a previously compromised admin-level password that may have been acquired via the dark web.
The cybercriminals were able to attack the billing infrastructure of the company using ransomware. This locked company employees out of the system, forcing the pipeline’s operations to be halted, due to the importance of the pipeline, which then triggered panic.
Customers up and down the east coast of the United States began to panic buy, leading to many filling stations running out of fuel, causing a wide-spread shortage of gasoline, and resulting in further market chaos. A state of emergency was even declared.
Meanwhile, the hackers had reportedly stolen 100 GB of data and were threatening to expose it if a ransom of $5 million wasn’t paid. The company decided that in order to regain access to its system, and prevent the publication of data, they had no choice but to pay the ransom.
The U.S government began to investigate who these hackers were and eventually, some of the ransom money was recovered.
How safe is your organisation?
There will never be a better time than the present to start focusing on cybersecurity. And, we have a few suggestions on how you can avoid these types of threats in the future:
1 – Investing in training now will protect you in the future. Consider looking into phishing simulations. When sent to employees you will be able to highlight who is at higher risk and then make sure they are trained accordingly. This is only one of the training modules a company like SpiderGroup can put in place.
2 – Make sure you have 2-factor authentication enabled
3 – Invest in advance security that will protect you against ransomware, malware, and phishing attacks
4 – Ensure you have an advanced spam filter installed
5 – Plan ahead! Consider becoming Cyber Essentials certified and investing in cybersecurity insurance. Also, IT and Cybersecurity experts – SpiderGroup – can be on hand to tackle any problems you may have along the way.
6 – Take the Technology Impact Questionnaire to discover how equipped you, your team and your technology is to future threats – click here to get your score. It is completely free, and you will get a personalised PDF report with helpful hints and tips to help you improve.
Need professional help?
In today's cyber age, Security awareness and protecting you and your customers data is critical when running a business. Having professional help on your side will benefit you hugely.
Contact us today to set up tech support and improve your cybersecurity.
