Twitter, Facebook, NBC, New York Times, Home Depot, Amazon, Staples, Sears, Neiman Marcus, Nordstrom and many, many more companies that have concealed data breaches in recent times to protect their reputations underline a glut in hacking which small businesses seem to read as a signal that only big business is at risk.
However, the idea that “it won’t happen to me” just does not wash in 2015. True, by lagging behind the “chip and pin” standards that so many countries adhere to, the US (which incidentally boasts more credit cards per head of population than any other nation) makes itself a soft target and Europe perhaps attracts a little less attention. When the US wakes up to its epidemic credit card theft, hackers will move on.
For small businesses which still imagine it cannot happen to them, ignorance is bliss.
The truth is that often you do not know when the reaper has been, and if he has, he is probably still there. For now, the fashion grows for watering hole attacks, where hackers target large companies for soft spots to give them access to bulk customers records. The problem with this for hackers is what to do with such large databases. This is where people like you come in: hackers often store and or process stolen data on third party networks, so even if your data records are not playing host to prying eyes, there are many more ways your IT might be helping “the dark side”.
The cost of cleaning up after high profile hacks is enormous. Home Depot reported its “hack” could cost up to £28 million. Do not think it cannot happen in North Wales on a scale that can cause real damage. In 2002 an IT company in North Wales was taken for a substantial ransom. If there is any message in this, it is that weak targets get plucked first.
Below are a list of high profile breaches. The regularity is remarkable. One conclusion we might draw from this is that the bigger the IT department and budget, the easier it is to hack. More realistically, the more credible conclusion is that the Press is only interested in high profile hacks and if this many IT departments are losing their shirts, then as Dirty Harry said, you have to ask yourself, “Do (you) feel lucky?”
As fibre broadband rolls out across and you are thinking about that cheap router, or whether you need that antivirus software now that GMail does it for you, just bear in mind you are not out of sight either.
Jun -2015: The US Federal Government’s Office of Personnel Management discovered a breach in its systems affecting over 4 million past and present employees. The breach was discovered during an “aggressive effort” to update OPM’s security systems. The US Government alleged that the intrusion was orchestrated by China’s notorious PLA Unit 61398 which is believed to have systematically stolen hundreds of terabytes of data from at least 141 organisations around the world according to BBC News. In the latest breach, the hackers targeted an OPM data center housed at the Interior Department, according to the Washington Post. The database did not contain information on background investigations or employees applying for security clearances. OPM was hacked reportedly by the same group about a year previously. In the March 2014 breach, OPM officials discovered that hackers had breached an OPM system that manages sensitive data on federal employees applying for clearances, according to the Washington Post. That often includes financial data, information about family and other sensitive details. Read more OPM allegedly hacked by Chinese.
August -2015: Hackers claim to have distributed the personal information on 33 million accounts via the dark web following an earlier attack.
Feb-2015: Anthem hacked for 80 million user accounts
Nov-2014: Sony Pictures & “The interview”
Oct – 2014: Home Depot lapse compromises 56m credit cards
Jul-2014: P F Chang’s POS machines hacked
Jun-2014: Domino’s Pizza hacked costing est 650,000 compromised French & Belgian records
Nov-2013: Retailer Target hacked for 40 million credit card no’s, 70 million customer account records.
Jul-2013: Montana’s Dept of Health data breach lost 1.3 million patient records – perpetrators unknown