The highest-profile cybersecurity breach of 2021 was the Colonial Pipeline attack, which disrupted fuel supplies across the southeastern U.S. Overall, this year has been unprecedented in both the number and scale of recent cyberattacks. Many of the attacks have targeted major American industries and infrastructure. There’s a lot to learn from the biggest cybersecurity breaches of 2021, especially for businesses unfamiliar with the modern weapons of cyber warfare.
Stay Up-to-Date
It’s easy to fall behind on software updates if you aren’t keeping them top-of-mind. But failing to install the latest versions and patches of your software can leave the door right open for hackers. This is especially true for any on-prem (rather than cloud-based) software that can’t be automatically updated. Many companies learned this the hard way during the Microsoft Exchange hack.
When a company is made aware of a vulnerability in their software, they want to patch it quickly and quietly, that way no one has the opportunity to exploit it. Unfortunately, when Microsoft’s developers realized that there had been months of successful attacks of on-prem Exchange servers, there was no way to push an emergency patch that wouldn’t alert even more hackers to the exploit. This led to an arms race between IT departments and cybercriminals where the quickest to patch were the least likely to be hit.
The biggest cybersecurity risks to your company might be hiding in plain sight.
Passcodes Are Not Strong Enough
The cyberattack on Colonial Pipeline had far-reaching ramifications, and as a result, it’s one of the best-documented examples we have of a modern ransomware attack. What was the key to crippling one of the largest fuel-distributors in the country? A compromised passcode. Specifically, an inactive employee’s passcode that hackers found on the dark web and that, somehow, was still a viable key.
No one knows how the passcode was initially leaked to the dark web. But if the passcode hadn’t been the only thing standing between hackers and the Colonial Pipeline network, it wouldn’t have mattered. Multi-factor authentication (MFA), zero trust architecture, and proper archival and deletion protocols are just a few of the cybersecurity measures that could have stopped this attack before it ever happened.
Security Awareness Training Against Phishing
Your business could be at risk from a breach at an entirely different company. When a massive breach occurs at a company that stores thousands or even millions of user records, that personal info can end up on the dark web, for anyone to purchase. PI or PII leaked in a hack elsewhere could be used in a phishing or other social engineering attack on your own company.
That’s why T-Mobile is warning customers about possible phishing attacks following a massive breach of their company databases this year. According to T-Mobile, the breach affected 54 million customers and included information like names, addresses, Social Security numbers, dates of birth, driver’s licenses and other identification. All of the info could be used in a social engineering attack to trick someone into giving away their passcode to a company network or database. Security Awareness Training keeps employees up-to-date on how to identify and delete phishing emails and fend off other social engineering attacks.
The Biggest Lesson from Recent Cyberattacks: Layer Your Cybersecurity
Keeping your software up-to-date is a great way to make it harder for hackers to compromise your system. So is using MFA and getting security awareness training for all of your employees. But the best cybersecurity solution for your business involves a combination of these and other strategies and tools, like managed endpoint security. Learn what defenses against recent cyberattacks make the most sense for your organization by consulting your Digital Agent.
About
Digital Agent combines the latest technical innovations with old-fashioned service values. Modeled like a family-run business with a commitment to customer care, personalized service and attention to detail.
Contact
Location:
2300 Windy Ridge Pkwy Suite R-50
Atlanta GA 30339
Phone:
(678) 444-3007
Email:
info@digitalagent.net