Lessons to Learn from These 2022 Breaches

The number of data breaches continues to be on the rise. 2022 saw its fair share of successful security incidents and 2023 is predicted to as well. Hackers are exploiting employee errors and software vulnerabilities to access organizations’ sensitive data. 

Right now, the average cost of a breach is at its highest in history. While it’s definitely a huge loss, reputation damage and loss of trust led to a higher loss in business. 

Here are some large breaches from 2022 along with suggestions on what you should do to prevent a similar incident:

Rogue Former Employee

In April 2022, Cash App Investing reported that 8.2 million individuals were impacted by a security incident occurring in December 2021. Without permission, a former employee downloaded internal reports that contained names and brokerage account numbers. 

While this incident actually took place in 2021, it was confirmed in April. Security incidents take time to discover as well as investigate. Keep this in mind as you need a tool to identify potential breaches. 

What you should do: Make sure you have an effective offboarding checklist for employees and no former employees have access to any company accounts. 

Phishing

An employee at Dropbox fell victim to a phishing attack. This allowed the hacker to steal API credentials and copy repositories through a login page impersonating CricleCI. None of the stolen information contained passwords, content or payment information.

What you should do: Every employee should be educated on how to identify a phishing attack and what to do once they have. The company should also implement a more advanced email security strategy to filter out these types of emails. 

Malicious Apps

Facebook had found more than 400 applications on the Google Play Store and Apple App Store trying to steal Facebook login credentials from users. The types of apps ranged from photo editors to business tools to VPN services. 

What you should do: Do not allow employees to download unauthorized applications onto company devices. Also, keep personal devices off the company WiFi. You can always set up a secondary WiFi for guests. 

Hacked Email Accounts

American Airlines suffered a data breach when a small number of their customers’ data was accessed by hackers. These cyber criminals broke into employee emails to obtain information including birthdates, passport numbers, driver’s licenses and even some medical information.

What you should do: Employees need to be trained on proper password management. There should also be rules set up requiring staff to change their password at least every 90 days. The IT team should ensure email accounts are secured through a multi-layered security strategy. 

Vishing

In February 2022, Morgan Stanley fell victim to a voice phishing attack (Vishing). The criminal impersonated a bank representative to gain access to accounts and receive payments.

What you should do: Organizations must require regular cybersecurity training for their entire workforce, even C-level employees. They should also know to never give out sensitive information over the phone. 

Social Engineering Through Slack

Rockstar, a gaming company known for creating Grand Theft Auto, was hacked through the Slack communication application. The cyber criminal stole and released early development footage of the Grand Theft Auto VI game. They also threatened to sell stolen source code.

What you should do: Make sure all applications are secure and up-to-date. Switch to a more secure, business-grade communication suite like Microsoft Teams. 

Let’s Discuss Your Security Strategy for 2023…

It’s time for a second opinion! If you haven’t had one yet, please book a time on the calendar below to meet with Phillip.

During this call, he’ll go over your current security and compliance strategy as well as if Cyber Fortress is a good fit for your company.