What’s the scariest thing that can happen to your business? We can think of a few, but at the top of our list are these cybersecurity breaches. All that stands between you and these horror stories is being informed and prepared. The following cybersecurity nightmares are based on real breaches and tactics used by hackers, with details changed to protect anonymity.
The Doppelganger
What if someone you trusted wasn’t really who they said they were? Carrie is the personal assistant to Joe Dah, the CEO of Smol Biz LLC. After 15 years of working together, Carrie and Joe have a lot of mutual respect and trust for one another.
When Joe left the country on short notice for a business trip, he trusted Carrie to manage the company while he was gone. Carrie was surprised to get an urgent email from Joe just a day after he left. According to the email, Joe had been mugged shortly after his arrival abroad, and he needed Carrie to wire $5,000 to his new bank account immediately. Never one to hesitate in an emergency, Carrie did what she was told without a second thought.
Unfortunately, the Joe who emailed Carrie wasn’t actually Joe Dah. If she had looked more closely at his email, she would have noticed that the domain of the email address was “@smollbizllc.com” not the official company domain, “@smolbizllc.com.” Carrie had fallen victim to a clever spear phishing attack, and she only realized her mistake when she called Joe to confirm he’d received the transfer. The fake Joe made off with $5,000 and permanently damaged Carrie and Joe’s trust in each other.
Kidnapped Credentials
When important info falls into the wrong hands, it can spread like wildfire on the dark web. A lot of companies mandate regular passcode changes and Multi-Factor Authentication for all of their users. But a lot of people don’t take these extra steps, and 53% of people actually use the same password for multiple accounts. This is a huge vulnerability for hackers to exploit.
Ron uses a 12-character, complex but memorable passcode for his cellular account. Last year, that account was one of thousands that were compromised in a data breach at his cell provider, G-Mobile. He was alerted to the breach and promptly changed his G-Mobile account password.
His original passcode was still floating around the Dark Web, and a hacker group backed by the Chinese government purchased it.
The hackers knew Ron was actually an employee at Energize Inc., one of the largest power companies in the U.S. And they took a lucky guess that the passcode he used for his G-Mobile account was the same as the passcode he still used to access his company’s network. The hackers were right, and Ron’s passcode was the entry point for them to launch a crippling ransomware attack. The attack not only cost Ron his job, but also left millions of people without power and cost the company billions in revenue.
The Call is Coming from Inside the Network
It’s important to trust the people you work with—except when it comes to cybersecurity. The “Zero Trust” model is designed to keep people inside your company and network from accessing parts of the network they don’t have any business with. This may seem paranoid, but it’s the best way to isolate the damage people who get inside your network can cause.
David works in the IT department at Healthcare R Us. One day Angela, who works in the company’s HR department, attempts to login to their patient database that houses sensitive medical records. This alone is suspicious, but it’s especially strange since that day is Angela’s day off. Unfortunately, because Healthcare R Us hadn’t implemented Zero Trust, David didn’t discover this suspicious activity until after the breach, when he was helping the forensics team figure out what had happened.
Here is what actually happened: Angela was working remotely, and while traveling, she used public WiFi at a coffee shop without a VPN. Her traffic had been intercepted by a hacker on the same network, who stole her login info and sold it on the dark web. A notorious hacker group, YEvil, bought the stolen credentials and used it to gain entry to Healthcare R Us’s network. They stole PI and PII information of over a million Healthcare R Us patients, which led to numerous lawsuits and forced Healthcare R Us to rebrand to Best Med in an effort to rebuild their reputation.
How to Avoid Cybersecurity Nightmares
If you’re worried your cybersecurity wouldn’t protect you in these scenarios, it’s time to level-up. Zero Trust (a component of the SASE framework), MFA, and Security Awareness Training for your employees are great ways to add layers of security to your network—when properly implemented and maintained. Consult a Digital Agent to create a customized cybersecurity suite for your business.
Kate Lewis
Marketing & Sales Coordinator
Digital Agent
Follow Us:
