It seems news about a new cybersecurity breach causing an adverse impact to a business goes public every week. Of course, this doesn’t take into account cyber attacks on smaller companies that stay below the radar. In short, fighting the scourge of these online criminals remains critical for both businesses and governmental agencies.
Ultimately, it’s important not to repeat mistakes made by CISOs and other cybersecurity professionals whose companies suffered cyber crime. So let’s analyze a few cases from the last few years to glean some valuable lessons. In the end, staying one step ahead of those unethical hackers needs to be your goal.
Capital One’s Customer Data Breach
A hacker took advantage of a poorly configured firewall to gain access to Capital One’s customer data. Subsequently, 100 million customer records hit the Dark Web. Notably, the company remained unaware of the breach until being informed of it by a cybersecurity researcher.
Needless to say, Capital One fired its CISO in the wake of this breach. Maintaining high standards for firewall configuration remains critical. Additionally, any SecOps system needs to provide actionable notifications whenever a suspected breach occurs.
An Unethical Hacker Steals 57 Million Customer Records From Uber
Even relatively newer companies suffer from online crime. In 2017, a cyber criminal accessed the GitHub source code repository for Uber. Discovering the company left credentials for its servers unencrypted in code, this hacker immediately logged-in to their AWS infrastructure.
News about this breach hit the industry one year after the incident happened. Why? Because Uber’s CSO tried to cover up the breach. He paid $100,000 to the hackers to delete the data before releasing it. Not surprisingly, Uber fired him. Morale of the story: don’t leave login credentials in your source code.
Pay Attention to the Cybersecurity Footprint of Your Company’s Vendors
In some cases, a company suffers a data breach due to a poor SecOps approach at a vendor. In 2013, Target became the victim in a case like this, where hackers easily gained access to a HVAC vendor’s corporate systems. They soon found credentials enabling them to login to Target’s payment servers. These cyber criminals subsequently ended up stealing payment details for 40 million customers.
Target’s CIO left soon afterword, with the company then hiring their first ever CISO. This scenario reveals the need for all companies to make cybersecurity an important corporate function. It’s an approach that includes vetting the SecOps approach of any vendor.
Looking For Cyber Talent?
If your company needs help finding great cybersecurity talent, connect with the team at Redbud Cyber. As one of the top SecOps staffing agencies in the country, we provide the exceptional candidates your organization needs. Schedule a meeting with us at your earliest convenience.