Savincom Blog

5 BIG lessons recent cyber attacks teach us

Written by Neha Karthik | Feb 17, 2021 10:02:24 AM

The world relies on technology more than ever before. As a result, digital data creation has surged. Devices and their underlying systems have vulnerabilities that, when exploited, undermine the health and objectives of an organization.In this article we will be talking about cyber security attacks in the recent times and 5 big lessons we can learn from these. 

What is cyber security?

Cybersecurity is comprised of an evolving set of tools, risk management approaches, technologies, training, and best practices designed to protect networks, devices, programs, and data from attacks or unauthorized access. It refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cyber security may also be referred to as information technology security.

What are the TOP 5 types of recent cyber attacks?

  1. Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
  2. Phishing and spear phishing attacks
  3. Password attack
  4. Eavesdropping attack
  5. Malware attack

Most notorious recent cyber attacks

1. Experian breach in 2020

A consumer credit reporting agency, Experian, suffered a big breach in August 2020. This affected almost 24 million consumers and nearly 800,000 businesses. The credit agency admitted to handing over the personal details of its South African customers to a fraudster posing as a client. Experian said that none of the data has been used for fraudulent purposes before being deleted and that the fraudster did not compromise its infrastructure, systems, or customer database.

2. Zynga cyber attack in 2019

In September 2019, a hacker claimed to have hacked into Zynga's (Facebook entity) database of Draw Something and Words with Friends players and gained access to the 218 million accounts registered there. Zynga later confirmed that email addresses, hashed passwords, phone numbers, and user IDs for Facebook and Zynga accounts were stolen.

3. Canva attacked in 2019

In May 2019 Australian graphic design tool website Canva suffered an attack that exposed email addresses, usernames, names, cities of residence, and salted and hashed with bcrypt passwords (for users not using social logins — around 61 million) of 137 million users. Canva says the hackers managed to view, but not steal, files with partial credit card and payment data.

4. Marriott attack in 2018

Information from up to 500 million guests at the Marriott-owned Starwood hotel group had been compromised, including banking data. The rift had been open since 2014 and was first spotted September 2018. Even if, as Marriott says, the number of customers that suffered a breach of personal information is anywhere near 327 million, the implications are massive. Information accessed included payment information, names, mailing addresses, phone numbers, email addresses, passport numbers, and even details about the Starwood Preferred Guest (SPG) account, a high-end card recently launched by the American Express credit card issuer for regular travellers.

5. Adobe cyber attack in 2013

Adobe originally reported that hackers had stolen nearly 3 million encrypted customer credit card records, plus login data for an undetermined number of user accounts. Later, Adobe raised that estimate to include IDs and encrypted passwords for 38 million “active users. Weeks of research showed that the hack had also exposed customer names, IDs, passwords and debit and credit card information.

6. Google China hit by cyber attack in 2009

Hackers had gained access to several Google’s corporate servers and intellectual property was stolen. In a blog, Google said it has “evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists”. As the company dug deeper, they found numerous Gmail of users from US, China and Europe had been routinely been accessed without permission. Those emails belonged to advocates of human rights in China. The cyber attacks in December 2009 resulted in the company’s re-evaluation of its business in the country.

What lesson do we learn from recent cyber attacks?

We suggest having a solid security baseline, in which you ensure the most obvious risks are addressed early. There are a few lessons you should keep in mind and apply to keep cyber attacks at bay.

1. No system is safe

Don’t be complacent — limit Internet access points with silos.

2. Keep testing your infrastructure

Keeping the critical infrastructure efficient and effective is challenging enough. Yet finding the time to consistently audit and always be improving security is critical too. Attackers will be looking for mis-configurations or flaws that offer access — it’s up to you to find those entry points first.

3. Train and educate your staff

Making your people aware of the importance of physical measures — even locking cabinets and supporting the security intentions of access control doors can make a difference.

It is very important to educate employees to always be vigilant and raising awareness of potential threats.

4. Stay up-to-date

Keep updating your software from time-to-time.  Concerns that new operating systems or software updates might destabilize crucial infrastructure can inhibit the best practice of always updating. But cyber criminals keep looking for one loop hole to get in and create havoc.

5. Seek expert help

Savincom can give you the requisite and recommended cyber security expert help. They know best practices and think like hackers and system engineers to test security control effectiveness and offer advice for remediation.

Risk of cyber attacks whilst working remotely

The quick spread of the covid 19 pandemic triggered an equally quick transition toward a remote workforce among many organizations across the globe. But because of the abruptness of that shift, security has sometimes taken a back seat as organizations rushed to ramp up this new and evolving environment.

The coronavirus pandemic and lockdown have impacted individuals and organizations in myriad ways. One side effect has been of cybersecurity risks. As cybercriminals have exploited the virus with malicious attacks and employees have transitioned to remote work, organizations have had to reorient and redirect their security efforts.

1. Unreliable Internet Connections

The problem with public Wi-Fi or other unreliable internet connections is that there are a tremendous number of risks that go along with these networks. In 2021, with remote working becoming the new normal for many businesses, cybersecurity risks like unsafe internet connections are to be dealt with seriously. While business owners may believe they’re providing a valuable service to their customers, chances are the security on these networks is lax or nonexistent.

2. Phishing attacks via malicious emails

The number of phishing attacks and other email-based cyber-criminal campaigns continues to rise, with most organisations having witnessed an increase over the past year – but despite this, under half of the businesses provide awareness training about cyber threats on a frequent basis.

Read here to learn more: Top Cybersecurity risks remote workers need to know in 2021