Nearly every day, there is a new cybersecurity breach to announce; businesses should be more alert than ever before. In 2015, the Ponemon Institute and Symantec discovered that a whopping 47 percent of U.S. data breaches were the result of a malicious insider or criminal cyberattack. Read on for an illuminating look into recent high-profile cases, and what you can learn from them.
Top High-Profile Enterprise Security Breaches
Sony PlayStation Hack
Users of Sony’s PlayStation game system were in for quite a shock when the company announced in 2011 that a hacker had obtained personal information through the streaming service, Qriocity. Among the information stolen were birth dates, email and home addresses, full names and passwords. Unfortunately, the attack was exacerbated by angry subscribers when the company waited a full week to announce that their security had been compromised.
Sony’s PlayStation hack isn’t the only cybersecurity issue the company has experienced in recent years. In 2014, ITBusiness.ca found, “102 million user accounts [were] comprised, including login credentials, names, addresses, phone numbers and email addresses. Despite Sony’s claims that credit card information remained safe thanks to encryption, approximately 24,000 users of SOE and Qriocity in Europe had their credit card data stolen. Thus far the clean-up costs for Sony are said to be $171 million.”
Transparency in data breach scenarios is crucial for retaining your customers’ trust and ensuring the cyberattack remains as contained as possible. Strong security policies, encryption and proactive security measures could have prevented this incident.
U.S. Department of Defense Security Breach to WikiLeaks
In 2010, nearly 100,000 classified government documents, including diplomatic security documents and closely-guarded military secrets, were transmitted to WikiLeaks, allegedly by Army Private Bradley Manning. Later, this led to another cybersecurity breach to WikiLeaks, this time exposing secrets from the Iraq War. This was one of the biggest breaches of classified documents in history.
According to Lewis University, “This security breach represented a difficult to control and monitor aspect of maintaining information security: internal human error. Whether deliberate or accidental, individuals inside an organization who have access to sensitive information are a major issue in maintaining complete security.”
Are your employees posing a threat to your organization? Whether intentional or not, insiders are responsible for a large portion of enterprise security breaches. Be sure to brief all team members on cybersecurity policies and hold regular refreshers each year. The best way to encourage internal security is to have an open door policy, where workers are encouraged to share potential threats with their superiors, especially if they are unsure of an email’s validity.
Anthem Blue Cross Breach
This healthcare hacking fiasco affected nearly 80 million patients and staff, revealing their email address, employment information, addresses, birth dates and Social Security numbers. According to Bankrate, “In January 2015, health care giant Anthem learned of a cyberattack on its IT system that occurred over several weeks starting in December 2014. The stolen information may have included personal information, but the company does not believe credit card or banking information was compromised.” Some estimate the breach could cost the company between $8-16 billion.
While all organizations should take the necessary steps to secure their private data, those working in sensitive fields such as healthcare should be extra cautious. Employ a CISO who is well-versed in common hacking techniques and stays up to date on the latest security protocols, taking extra attention to shield data through multiple network segments and firewalls.
NEXT STEPS: Take a lesson from these high-profile enterprise security breaches to avoid becoming the next victim. To learn more about the potential threats to your company, read our white paper, Effectively Managing Cyber Security: Top 5 Enterprise Threats.