Throughout 2020 we have been saturated with information regarding data breaches virtually doubling, particularly due to the COVID-19 pandemic.
As around one-fifth of the world’s population found themselves working from home, it opened up many doors in terms of company security vulnerabilities that cybercriminals took advantage of.
Many of us believe that hackers attack large-scale companies, which is partially true; however, small businesses are also suffering from data breaches daily.
Today we look into the biggest data breaches in recent years and how you can protect your company from becoming a target.
Big Company Data Breaches
In July of 2019, one of the largest banks in the US, Capital One, reported a data breach. The hacker in question was accused of breaking into the bank’s server and getting access to more than 80,000 bank account numbers, 140,000 Social Security numbers, as well as one million Canadian social insurance numbers.
Essentially it affected more than 100 million people in both the US and Canada and caused around $100 – $150 million in damages. Capital One then faced a lawsuit. They’re accused of not doing enough to safeguard the identities and personal data of their customers.
Facebook’s biggest social media platform found itself in yet another data breach controversy in April 2019. It was reported that 540 million accounts had information exposed, some of them even available for purchase on Amazon’s cloud service.
What was exposed? Things like activity logs, including comments, likes, and other interactions, could be seen. In just the previous month, Facebook found out that the passwords of about 600 million users stored internally were in plain text, and had been for months.
A hacker infiltrated the network of one of the largest graphic design platforms globally, Canva, in May 2019. He then contacted one of the most popular technology news websites, ZDNet, letting them know about his accomplishments, claiming to have gained access to 139 million user accounts.
The information included emails, customer usernames, real names, and 61 million password hashes. Since Canva has a logging option through Google, an additional 78 million Gmail accounts were also exposed.
One of the platforms that saw the biggest surge due to the pandemic in 2020 is Zoom, the video conferencing app. At the beginning of April of this year, as many as 500,000 Zoom passwords were available for sale on the dark web. Some were even given away for free. Others were sold for as little as less than one US cent each.
On top of that, other user details such as personal meeting URLs and HostKeys were made available. The credentials belonged to various financial institutions, colleges, banks, and other organizations.
In July, Twitter saw many high-profile accounts hacked, including Barrack Obama, Bill Gates, Jeff Bezos, Kanye West, Apple, Uber, Elon Musk, and many more.
Many Twitter users mocked the coordinated attack as its very own Money Heist. This is because fake tweets were shared on the platform offering $2,000 for every $1,000 sent to a Bitcoin address.
Reportedly an internal tool was used in the attack which reset associated email addresses of accounts hacked. This made it much more difficult for users to regain control of their accounts.
Small Business Data Breaches
While it’s safe to say that many hackers target large corporations to make a name for themselves in the cybercriminal world, it doesn’t mean that small businesses aren’t getting the brunt of it.
According to the Verizon Business 2020 Data Breach Investigations Report, as many as 28% of data breaches affected small businesses. That’s almost one third. So, whether you have a blog, e-commerce site, v-log, podcast, or any other digital assets, you need to protect your website.
In addition to domain protection, it is vital to educate your employees on growing cybersecurity risks. This is relevant now, more than ever before, thanks to the surge of remote work due to the COVID-19 pandemic.
Tami Erwin, CEP of Verizon Business, says, “As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount. In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious.”
How to Protect Your Company
From vulnerability scanning to penetration testing, it’s critical for any company to ensure their data is secured. A popular approach many companies take when it comes to avoiding data breaches is breach and attack simulation.
There are platforms like Cymulate offering breach and attack simulation platforms which challenge security protocols by initiating thousands of attack simulations. This allows companies to understand where it may have vulnerabilities, and in turn, where it’s exposed.
From common attacks to customized ones, you can see how your business can possibly be exploited when real attack techniques are used. From there, securing your company against potential data breaches is simple.
As you can see, data breaches have increased over the past few years, but especially in 2020 due to the pandemic. While hackers do target big-name companies for bigger financial gains and lift their reputations, they also target small and middle-sized businesses.