As companies grow more dependent on technology, crimes perpetrated against them continue to proliferate in the digital space. Barely a week goes by without a major data breach making the headlines, but it’s the hundreds of thousands of smaller incidents targeting individuals and small businesses that we don’t hear about. Nonetheless, there’s still a lot we can learn from the biggest cybersecurity incidents of 2019.
#1. Human error is usually to blame
Not all cybersecurity incidents involve cybercrime, at least not initially. One of the largest data leaks of 2019 happened in Facebook, which left 540 million records belonging to users exposed. This happened when they were released over Amazon’s cloud computing service by a couple of third-party app developers. Facebook suffered another leak a few weeks later, in which more than a million user emails were made public. Both incidents were a direct result of human error, demonstrating how easy it is for one mistake to lead to a vast privacy issue.
#2. Ransomware is still a huge threat
Ransomware attacks in 2019 did not occur as frequently as in previous years, but that doesn’t mean they’re any less dangerous. Throughout the year, cyber extortionists swindled their victims out of billions of dollars. One of the most destructive ransomware strains of last year was LockerGoga, which targeted production plants and damaged critical systems controlling industrial and manufacturing processes. Most ransomware spreads through phishing scams or exploits outdated operating systems, which is why cybersecurity awareness training and patch management are so crucial.
#3. Supply chains are a weak link
Every organization depends on its third-party suppliers, but the increasingly connected global economy has made managing supply chains incredibly difficult. As such, vendors are often the weakest link. One major incident from last year targeted the Asus Live Update tool, which is installed by default on all computers manufactured by the technology giant. A lot of attacks target apparently innocuous systems, such as the infamous incident in which a hacker attacked a casino in Las Vegas after exploiting an internet-connected fish tank.
#4. Cyberwarfare is on the rise
Land, sea, and air are no longer the only theaters of war. The virtual world, which society has come to depend on so heavily, is now one of the most common venues for nation-states to do battle. Many attacks have been attributed to North Korea, Russia, and Iran, among others. But it’s not just governments that have to worry. State-sponsored attackers routinely target any kind of critical infrastructure, often infiltrating vulnerable supply chains. If your business works with the government or critical infrastructure, it could also be a target.
#5. Hackers exploit weak passwords
In March 2019, Citrix, a major software provider that a lot of businesses depend on, warned the public that its internal network had been attacked by an international group of criminals. The suspected tactic used is known as password-spraying, in which attackers try commonly used passwords across multiple accounts. If unsuccessful, they’ll try another password and keep on doing so until they find the weakest link in the chain. In other words, all it takes is one weak password to bring down the whole network.
Cybersecurity incidents can happen to anyone, and if your business isn’t fully prepared for the worst, you may lose everything you’ve worked for. Simplified IT Consulting ensures this never happens by providing you with state-of-the-art protections and robust IT support. Schedule a free consultation with us today to safeguard your business.