close
close

Lyricsfood

Sharpen your edge

Why the next Ashley Madison is just around the corner
News Update

Why the next Ashley Madison is just around the corner

Last month, it was revealed that Ticketmaster had fallen victim to a catastrophic data breach in which the personal information of 560 million customers was held for ransom.

Just days earlier, the BBC confirmed a data breach that exposed the details of 25,000 current and former employees. As data breaches become more frequent and sophisticate, so does public awareness of the problem. Terms like “data breach” may once have been reserved for backroom security teams, but they have now become household words – as evidenced by the popularity of the recent Netflix documentary about the infamous Ashley Madison data breach.

Unfortunately, it is not a question of ‘If‘ there will be another major data theft – it is only a matter of WhenToday, companies of all sizes, not just the big ones, have a ticking time bomb on their hands that can jeopardize their brand reputation and destroy customer loyalty.

How can companies prevent the “next big data theft”?

Why do data breaches occur?

Most data breaches can be traced back to one of a few causes. In most cases, data breaches are committed by hackers – either acting alone or as part of an organized ring. These hacks are usually financially motivated: the perpetrators steal credit card numbers, bank accounts and other financial data – or sell stolen personally identifiable information (PII) on the dark web.

According to IBM, the average cost of a data breach worldwide is rising – an estimated $4.45 million – and with it the incentive for cybercriminals to carry out such attacks. The impact of a single data breach can be immense. One of the largest data breaches last year involved MOVEit, a file transfer software tool, which affected an estimated 72.7 million people.

Large companies such as Ticketmaster, BBC and Ashley Maddison are understandably a prime target for hackers seeking financial gain, but attacks of this nature can affect anyone. Ultimately, it comes down to how much difficulty cybercriminals have when targeting a specific organization. Their goal is to make the most profit with the least effort.

Due to a lack of dedicated cybersecurity teams and limited financial resources for protective measures, successful infiltration of smaller organizations is often easier than the average large company.

The potential gain from a single attack may be smaller, but hackers can combine successful attacks on multiple SMBs to achieve the financial gain of successfully hacking a large organization, with far less effort. SMBs are therefore increasingly falling victim to financially crippling attacks, with 46% of all cyberattacks now affecting companies with fewer than 1,000 employees.

How are these attacks carried out?

One common attack vector is stolen or compromised credentials obtained through brute-force attacks. Another is gaining access to a target network by exploiting vulnerabilities in websites, operating systems, endpoints, APIs, and common software. If hackers find a vulnerability, they can inject malware into the network.

The success rate of both types of attacks has increased significantly in recent years due to the use of bots by cybercriminals. Bots can overload networks for brute-force attacks much more quickly and can probe websites for vulnerabilities that can then be exploited with superhuman speed.

One sign of the rising costs associated with cyber breaches is the increase in cyber insurance premiums from 2023 to 2024. For larger companies, comprehensive cyber insurance is now widely viewed as a cost they must incur to do business. For smaller companies, it will be increasingly difficult to bear the increased cost of cyber insurance.

How every data theft begins

What all security breaches and attacks have in common is that they first scan potential victims. This can be a targeted scan of well-known and high-revenue companies or simply a comprehensive scan of the entire Internet.

The very first step in any attack chain is always the use of tools to gather information about the victims’ systems, version numbers of the (unpatched) software in use, and insecure configurations or programming. Every hacker, whether professional or amateur, uses scanning bots or relies on websites like Shodan.io to create an attack list of victims with vulnerable software. Anything you run with an internet connection has most likely been scanned at least once within the last 24 hours.

One step ahead of the security gap

All organisations, from SMEs to multi-billion dollar companies such as Ashley Maddison and Ticketmaster, need to ensure they are not an easy target for hackers. As the Ashley Maddison attack showed, if users of your website have trusted you with their data, the consequences of a successful attack often go far beyond financial consequences. It is the organisation’s individual responsibility to keep its promise to adequately protect its users’ data.

The fewer resources SMBs have to build a robust web infrastructure, the greater the risk of becoming a target. But that doesn’t mean that strong resilience cannot be built to deter hackers.

There are a number of ways to build a resilient web infrastructure, and putting together the right toolkit is a good place to start. This includes using data security tools to encrypt, implementing emergency response plans, improving employee training, and adopting more stringent web traffic management approaches to keep malicious traffic away from your site before it can even strike.

Finally, it’s important to remember that ultimately it’s strategy, not resources, that matters. Even the big players like Ashley Maddison, who had all the resources in the world to prevent a hack, still failed. The fatal mistake will always be pretending the risk doesn’t exist. The “next Ashley Maddison” might be just around the corner, but if you take the time to identify specific vulnerabilities and develop a strategy to protect them from hackers, your organization is far less likely to be the next to hit the headlines.

LEAVE A RESPONSE

Your email address will not be published. Required fields are marked *