BREACH REPORT – FEBRUARY 2020
This month, universities all over the world struggle to overcome costly phishing scams, IBM’s latest threat analysis outlines trends for 2020, and cybersecurity insurance costs skyrocket.
THE MONTH IN BREACH
United States – St. Louis Community College
Several employees fell for a phishing scam that compromised students’ personal information. The phishing scam, which took place on January 13th, happened just weeks before the school implemented two-factor authentication on January 31st. If this effective defensive measure was in place sooner, hackers would not have been able to access employee accounts, even after they provided their credentials on a phishing form. In response, the college is retraining employees who clicked on a phishing email, and they are updating their procedures to prevent a similar event in the future.
Students’ personal data was compromised in the breach, including names, ID numbers, dates of birth, addresses, phone numbers, and email addresses. In addition, 71 students had their Social Security numbers stolen. This information can be used to execute identity fraud or to target victims with spear-phishing campaigns that could provide hackers with even more damaging personal data.
United Kingdom – Dundee College
A ransomware attack disabled Dundee College’s entire IT infrastructure, canceling classes and requiring thousands of students to reset their account credentials. Currently, the outage has lasted more than a week, and it includes access to student records, educational material, and online learning portals. The event takes place at a critical time for the school, as they are conducting interviews for future students. In addition, the incredible recovery cost and reputational damage will facilitate a serious blowback to the college’s financial viability.
At this time, it’s unclear if personal data was compromised in the ransomware attack. However, Dundee College will require all students to reset their passwords before accessing their school accounts.
Netherlands – University of Maastricht
The University of Maastricht paid a $220,000 ransom to unlock their email and network servers that had been encrypted since December 24th. Ultimately, university officials decided that paying the ransom would be more affordable than other alternatives, which included replacing the school’s entire IT system from scratch. Noting the deep damages to the school’s academic records, scientific work, and other data, authorities concluded that paying the significant sum was the only viable recovery option. At this time, no personal information was compromised in the breach.
SECURITY TOPICS OF THE MONTH
IBM Threat Report Presents Risks for 2020
The latest IBM threat report examines the most prescient threats facing business in 2020, and its findings should alarm cybersecurity leaders. Notably, the report found that hackers are not turning to overly sophisticated techniques to access company IT. Rather, they are relying on the deluge of personal data already available to access an organization’s infrastructure. When those methods fail, many are deploying phishing scams as a cheap, relatively safe way to compromise employee credentials.
According to IBM, phishing attacks and unauthorized credential use were two of the most prominent attack methodologies, with the exploitation of vulnerabilities completing a risk triumvirate for companies to address in the year ahead.
The report’s silver lining is that companies are not powerless against these threats. Employee awareness training can render these attacks useless, and integrated two-factor authentication can prevent unauthorized account access even when credentials are compromised. Together, they present a meaningful way for every company to protect itself against the most likely threats in the year ahead. Learn more >>>
Ransomware Attacks Are Driving Up Cyber Insurance Rates
Ransomware attacks were one of the defining cybersecurity threats of 2019, and just one month into 2020, it’s clear that bad actors will continue to deploy this malware to capitalize on their criminality. As companies grapple with the implications of this new reality, many are turning to cybersecurity insurance as a way to offset the cost and consequences of an attack. Unfortunately, ransomware attacks have become so common that cyber insurance rates have soared in response.
According to some reports, cybersecurity insurance has increased by as much as 25% in the past year. At the same time, insurance companies are expanding their offerings, adapting their business model for a shifting data security and regulatory landscape. However, companies relying on cyber insurance will likely be disappointed as payouts rarely cover the cost of an attack, and increasingly high premiums make it an affordable option to begin with.
Instead, many organizations would be better off investing in a robust defense strategy that can defend against a ransomware attack before it happens. It’s the only way to truly avoid the escalating costs and consequences of a ransomware attack. Learn more >>>