Breach Report – September 2019
It’s the hottest topics and latest news in cybersecurity all in one place. Stay in-the-know on emerging trends and learn lessons from recent cyberattacks.
Security Topics of the Month
Price Tag of Data Breaches to Reach $5 Trillion by 2024
The costs associated with a data breach are rising steadily and could reach $5 trillion by 2024, according to a report from Juniper Research.
The report, “The Future of Cybercrime & Security,” found that regulatory fines and lost business will be the primary drivers of this expense.
However, the report also found that cybersecurity-related expenditures are only expected to increase by 8% over the next four years. That means businesses are turning to other strategies to protect their data. Most prominently, the report concluded, employee awareness training is seen as the most efficient and cost-effective way to protect a company’s data.
Ransomware Attacks Doubled in 2019
The latest McAfee Labs Threat Report found a 118% rise in ransomware attacks in the first quarter of 2019.
This increase follows years of decline for malware as it appeared to fall out of vogue with cybercriminals. However, in 2019, ransomware attacks became lucrative when targeting SMBs and local governments – soft targets that don’t often have the resources to effectively update their defenses against ransomware.
McAfee notes that because a large number of organizations are willing to pay the six-figure ransoms, ransomware will continue to adapt and remain relevant well into the future.
Given the high cost of recovering from a ransomware attack, the cybersecurity services that can fortify a company’s defenses are a relative bargain. Especially for SMBs, a strong defensive posture comes with the cost of doing business, and it’s more affordable than cybersecurity failure.
More Cyber Insurance Claims from Business Email Compromise than Ransomware
Business email compromise (BEC) has surpassed ransomware and data breaches as the primary reason that companies file a cyber insurance claim, according to recent statistics from AIG. These vulnerabilities, which include everything from credential stuffing to phishing campaigns, account for 23% of all cyber-related claims.
Moreover, regardless of the methodology, cyber insurance claims have risen precipitously in the past several years. AIG notes that more claims were filed in 2018 than in the previous two years combined.
AIG blames weak passwords and a lack of employee training as the primary reasons that BEC claims are on the rise. It’s a good reminder that not all cyber vulnerabilities are out of our control. Accessible measures like comprehensive cybersecurity training can help protect your business from BEC attacks.
Data Breaches Put Small Businesses at Risk
Data loss events are a huge risk for any company, but the aftermath of a data breach can be especially problematic for SMBs, a recent study by Bank of America Merchant Services concluded.
The survey questioned 409 consumers and 522 small businesses in the U.S. about the cybersecurity risks in today’s digital environment. One in five SMBs reported a data breach in the past two years, a 17% increase in two years.
Moreover, 41% of small businesses endured a data breach that cost the company more than $50,000. That’s especially troubling, because SMBs don’t have the resources that large corporations can use to speed up their recovery efforts.
Making matters worse, 30% of consumers said they would never return to a small business that endured a data breach, a 20% increase year-over-year.
These trends are taking place as SMBs are increasingly moving online:
- 51% of SMBs run their own websites
- 70% have some form of e-commerce component to their business
Bottom line? SMBs must prioritize their data security as a foundational element of a successful, sustainable business model.
Brute Force Attacks Preferred Method for Spreading Ransomware
Ransomware attacks are on the rise in 2019, making headlines as they afflict local governments and SMBs with frightening regularity. At the same time, the cost of a ransomware attack is rising precipitously, making these attacks one of the most complicated and feared cybersecurity risks this year.
Cybersecurity researchers at F-Secure found that brute force attacks occur in 31% of ransomware attacks. This approach leverages common or weak passwords to access employee email accounts or company networks where malware can be deployed.
Companies can reduce their exposure to brute force attacks by ensuring that employees maintain strong, unique passwords for all their accounts.
2019 Could Set a Data Breach Record
A new data breach report reveals that 2019 is poised to be the most destructive year yet when it comes to data integrity.
The 2019 Midyear Quickview Data Breach Report found the number of data breaches that exposed records increased by 54% in the first half of the year. Concurrently, the number of records exposed in these breaches increased 52%. Nearly 85% of these compromised records originated from businesses that collect and store user data.
This reality underscores the challenge of doing business in the digital age. On one hand, big data is the lifeblood of the internet economy, and companies can lose a significant competitive edge if they decline to collect customer information. However, when that data is compromised, it costs companies dearly, offsetting many of the advantages of data collection.
Data Breaches Threaten Companies’ Financial Viability
Throughout 2019, new research is illuminating the extensive financial consequences of a data breach. Not only are direct costs increasing, but consumers are making sure that businesses feel financial pain for failing to protect their information.
According to a report by PCI Pal, consumers are prioritizing data security by spending money at companies with demonstrated track records of data security and integrity – and declining to shop at companies that have compromised consumer data.
Specifically, 44% of UK customers, 83% of US consumers, 43% of Australian shoppers, and 58% of Canadian users claimed they’ll stop or reduce spending at companies that experience a data breach.
Also, as consumers search the competitive landscape for new products and services, it’s increasingly difficult for compromised companies to win back old customers.
Since keeping your existing customer base is significantly more affordable than finding new clients, prioritizing data security should be at the top of every company’s to-do list. When internal resources can’t cover the entire responsibility, seek assistance from qualified collaborators (like us!) that can assess your cybersecurity posture while partnering with you to provide the resources necessary to keep customer data safe.
The Month in Breach
Wisconsin Diagnostic Laboratories Gets Burned By AMCA Hack
A June 2019 data breach at the American Medical Collection Agency (AMCA) has compromised the personal information of patients at Wisconsin Diagnostic Laboratories.
Wisconsin Diagnostic Laboratories (WDL), a network of 13 medical testing facilities in and around Milwaukee, is notifying nearly 115K patients that some of their protected health information was compromised in the AMCA data breach.
The data breach revealed personal data including:
- Patient names
- Dates of birth
- Dates of service
- Other medical information
In some cases, payment information – including credit card numbers and bank account details – was exposed. Social Security numbers and payment data were excluded in the breach.
The company has severed the relationship with AMCA and they are taking steps to retrieve and secure compromised patient data. Of course, retrieving information once it reaches the web is extremely difficult, and Wisconsin Diagnostic Laboratories will certainly face regulatory scrutiny that will cost time and resources.
U.S. Gov’t IT Contractor Breached Thanks to Malware
Miracle Systems provides IT, engineering, and other services to more than 20 federal agencies. Using stolen credentials, hackers gained access to several company databases storing data related to the U.S. military.
The breach, which occurred on three separate occasions between November 2018 and July 2019, was enabled by a malware attack that was distributed via a malicious email attachment. Several email account credentials were stolen during the breach, and their accessibility was broadly advertised on the Dark Web.
Although the stolen data was years old, the company was closely scrutinized by the Secret Service. Company leaders estimate they’ve lost as much as $1 million because of the breach.
Food Service Wholesaler Victim of Spear-phishing Attack
Restaurant Depot’s customers received phishing emails requesting payment for invoices. Any recipient who paid a fraudulent invoice compromised their personally identifiable information and their payment data. Even for those that deleted the message, it’s likely their information was obtained through a different data breach.
The emails were personalized, so cybercriminals likely purchased company data from a Dark Web marketplace. This suggests the possibility of an even more expansive data breach at Restaurant Depot.
In response, customers began lashing out on social media, and the company was forced to issue a statement on its website discrediting the email content.