The covid-19 pandemic has turned out to be more than just a health crisis. It has also revealed serious cybersecurity weaknesses in organizations around the world. With a newly remote workforce and a lack of cybersecurity preparedness, the environment was ripe for cyber criminals to take advantage. According to reports issued by the Identity Theft Resource Center and Ponemon Institute, data breaches have increased by 67% in 2020. And, the average cost of a data breach has also reached an all-time high of $8.64 million.
As we move into 2022, it’s important that we learn from the cybersecurity mistakes of the past year. Here’s 5 biggest breaches from 2021, and the cybersecurity lessons we can take away from them:
- ParkMobile data breach: In February 2021, parking and mobility app ParkMobile disclosed a data breach that affected over 21 million users. The breach was caused by a third-party vendor that had access to ParkMobile’s systems. According to the company, the vendor’s employee sold the customer data on the dark web.
- Cybersecurity lesson: Third-party vendors can pose a serious cybersecurity threat to your organization. Be sure to thoroughly vet all of your vendors and have strict security controls in place to limit their access to your systems.
- SolarWinds data breach: One of the most significant cybersecurity breaches in recent history occurred when attackers infiltrated SolarWinds’ software updates and inserted malicious code into its Orion network monitoring platform. The attackers then used SolarWinds’ platform to gain access to the networks of some of the world’s largest organizations, including the U.S. Department of Defense, Microsoft, and Dell.
- Cybersecurity lesson: Don’t underestimate the importance of cybersecurity hygiene. Something as simple as keeping your software up-to-date can make a big difference in protecting your organization from attack.
- United Airlines data breach: In May 2021, United Airlines disclosed a data breach that affected over 26 million customers. The breach occurred when attackers gained access to United’s customer loyalty program account dashboard. Once inside, the attackers were able to view customer information such as names, contact information, and travel itineraries.
- Cybersecurity lesson: Multi-factor authentication (MFA) is a must-have in today’s cybersecurity landscape. When using MFA, customers are required to provide an additional piece of information (such as a password or PIN) to verify their identity before they are granted access to sensitive data. This simple extra step can significantly reduce the risk of a data breach.
- Magecart attack on Shopify: In June 2021, it was revealed that a group of cyber criminals had been using the Magecart attack method to target Shopify stores. The attackers were able to insert malicious code into over 100 Shopify stores that allowed them to steal customer credit card information.
- Cybersecurity lesson: It’s important to have end-to-end security in place to protect your organization from attack. This includes everything from cybersecurity training for employees to secure coding practices and comprehensive malware protection.
- Twitter data breach: In July 2021, Twitter disclosed a data breach that affected over 330 million users. The attackers gained access to Twitter’s internal systems by targeting a small number of employees with access to the company’s administrative accounts. They then used this access to obtain Twitter’s database of user credentials, which they were able to sell on the dark web.
- Cybersecurity lesson: In order to keep your organization safe from cyber attacks, it’s crucial that you have a robust cybersecurity strategy in place. This includes investing in cybersecurity tools and services like data encryption, DDoS protection, and vulnerability scanning. With these measures in place, you can better protect your organization from even the most sophisticated threats.
Taking measures to improve cybersecurity can seem like a daunting task, but it’s crucial to protecting your organization from attack.