icon

Big Companies: Weak Security Policies and Practices

2023-06-22
Head of Security Audit
Big Companies: Weak Security Policies and Practices

In today's digitalized world, where virtually all industries are computerized, new cyber risks emerge every day: it appears as though not a single day passes without a header some company has been attacked by threat actors, ransomware, DDoS, or malware. Connecting an organization's corporate data to the internet exposes it to potential bad actors targeting the company's lucrative information like personal data, financial information, and patent among others. Recently, cybercrime has become a major business risk to organizations, regardless of their size, and governments across the globe. This has mainly been brought about by the inadequacy of proper cybersecurity plans by most organizations leading to informational, financial, and reputation losses.

  • Author:
  • David Lyashenko

    Head of Security Audit

An average data breach requires less time to carry off than it would take you to make a cup of tea. In fact, it's been established that 93 percent of successful security breaches take less than a minute to pull off. Yet more than 80 percent of organizations take weeks if not months to discover that they have been attacked. There are numerous repercussions of data security breaches. That's why over 85 percent of business leaders believe weak cybersecurity plans are a major concern.

 

Weak Cybersecurity plans

While cyber-assaults linked to hacking activities may be the most common incidents among the many reported security breaches, weak cybersecurity plans, application vulnerabilities, and lost credentials (log-in details) are the major vulnerabilities that expose organizations to opportunistic bad actors. Statistics show more than 80 percent of data breaches labeled as "hacking attacks" are associated with weak security strategies. For businesses, a weak cybersecurity plan means risking valuable to hackers resulting in costly damages in financial, reputational, and legal implications. For government institutions, it means risking highly confidential information to rival countries and political competitors. Whereas these are typical examples, the harm done by weak security strategies to an organization surpasses these situations.


Top High-Profile Security Breaches in 2023

Recently, there has been an undeniably alarming rate of organizations experiencing security breaches. With past eminent cyber assaults targeting automotive, finance, healthcare, insurance, construction, retail, energy, etc., it is apparent that the cybercrime scene has grown remarkably over the previous few years. In the past few months, some high-profile organizations have experienced data breaches, including T-Mobile, KFC, Chick-fil-A, ChatGPT, Google Fi, Activision, Norton Life Lock, and MailChip.

 

1. T-Mobile

In May 2023, it was reported that telecommunication giant T-Mobile had suffered another data breach after the previous one it experienced in January 2023. In the new hack, PINs, names, and phone contacts of more than 800 customers were stolen. This is the ninth time since 2018 TMobile has announced similar attacks on its data resources. In January 2023, the company found that hackers had accessed its systems in November 2022 and revealed personal information such as full names, emails, and dates of birth, from more than thirty-seven million customers. The company notes it may incur expensive damages from the attack on top of the 350 million dollars it agreed to compensate customers affected by an August 2021 security breach.

2. Yum Brands (Pizza Hut, KFC, Taco)

Which runs renowned fast food chains, including Taco Bell, Pizza Hut, and KFC, reported in April 2023 that it had been attacked in January 2023. Initially, the company believed the assault had targeted its corporate data, but it would later caution and notify employees whose personal data had been breached.

3. ChatGPT

Due to its revolutionary AI features, OpenAI-owned AI-powered chatbot ChatGPT has had remarkable public discourse since its launch, a few months ago. However, in March 2023, the company announced that it had experienced a security breach that compromised its customers' names, emails, payment information, and credit card information.

4. Chick-fil-A

In March 2023, a renowned fast-food joint Chick-fil-A announced it had experienced a security breach that revealed their customers' personal information. Chick-fil-A discovered strange login activity, probed the oddity, and found the incident occurred at the start of 2023. The threat actor gained access to its corporate data and stole the names and email addresses of its customers.

5. Activision

The popular game publisher Activision announced in February that they had experienced a security breach that happened in December 2023. The threat actor tricked an HR employee using an SMS phishing tactic, gained access to the employees' database and stole email addresses, phone contacts, salaries, and work sites.

6. Google FI

Google FI's attack came as a result of the T-Mobile security breach that occurred in 2023. Since Google depends on T-Mobile's network infrastructure, the attack extended to hit its infrastructure and compromised its customers' information.

7. MailChimp

In January 2023, email marketing platform MailChimp announced to its customers that it had experienced a security breach caused by a social engineering attack. The threat actors gained access to workers' data and stole personal information. Luckily, MailChimp identified all the affected accounts and suspended them.

8. Norton Life Lock

In January 2023, Gen Digital, the parent company of Norton Life Lock announced to their customers that more than six thousand accounts had been compromised owing to a "stuffing" attack. Gen Digital notified owners of the accounts they believed could have been breached and recommended resetting passwords and enabling multifactor authentication (MFA).

 

How to Avert Data Security Breach


Prevention of data security breaches in an organization requires everyone, at all levels to be included in the scheme - from consumers to IT specialists, and the parties in between. When planning on how to avert cyber-attacks or data leaks, security can be strong as the weakest link. All persons that interact with corporate data can be potential vulnerabilities. End-users who are capable of accessing the organization's network can be a major risk. To prevent data breaches caused by weak cybersecurity strategies, here are some best practices:

a) Implementing software updates and patches immediately after they are availed.

b) practicing high-grade data encryption

c) Upgrading devices in cases where the developer does not support the software

d) Enabling BYOD security strategies such as requiring all the devices linked to the organization's data to use antimalware, anti-phishing, or anti-ransomware protection.

e) Imposing strong passwords and multi-factor authentication. Organizations should recommend the use of password managers

f) Training employees on industry-latest security practices and how to avoid social engineeringrelated attacks.

g) Regular security audit of the infrastructure by professionals, like Sunny Security Labs.

 

 

back to blog request a quote request a quote
Request a quote
Book a consultation

We use cookies to enhance your browser experience, serve personalized content and analyze our traffic. By clicking «Accept All», you consent to our use of cookies. Visit our Cookie policy for more information.