Earlier this month, another data breach announcement reared its ugly head, and this time it came from an unlikely source — the World Wrestling Entertainment (WWE). According to experts, the breach exposed the private information (birthdates, earnings, ethnicity, gender, and email addresses, among other things) of more than three million users thanks to two open and publicly accessible Amazon Web Services (AWS) “buckets,” or servers that the WWE used to store data.
The most striking aspect of the story, however, wasn’t that the data breach occurred: it was that Amazon quickly announced it was not responsible for the hack. That’s because Amazon offers several options for securing information through its Web Services Shared Responsibility Model. But customers are required to take advantage of those options, providing a great example of how a cloud provider is not an IT manager or cybersecurity expert.
In the WWE’s case, that means someone, somewhere — a hacker, an inside bad actor, or even just an inattentive employee — misconfigured the privacy permissions on the company’s information, shifting it from private to public or failing to implement basic security measures. Once the breach was detected by Kromtech Security Research Center, the WWE locked down the leaked data within hours and new measures were put in place to enhance protection going forward.
But proper cybersecurity measures and data compliance processes could have prevented the embarrassing and costly breach before it happened. In this day and age, it’s not a matter of if but when in regards to cyberattacks, malware and ransomware attempts, and data hacks. And where small to medium-sized businesses may have once been immune to the kind of breaches that have stricken large enterprises like the WWE, the new cybersecurity normal requires a comprehensive strategy that devotes resources to advance prevention and proactive monitoring.
Why? Because by some estimates, the economic damage from cyber crime is estimated to top $5 trillion — not million, and not billion — by 2020. And as demonstrated by the WWE hack, protecting employees is becoming just as important as protecting machines. Microsoft estimates that by 2020, four billion people will be online — twice the number connected in 2017. Some security experts estimate that more than 75% of all cyberattacks start through email, targeting specific employees and enticing them to click on illicit web links or download infected attachments.
Login credentials and passwords that allow access to an endless trove of protected information are far easier for hackers to swipe than encrypted systems. The increase in wearable technology, digitally monitored medical devices, and Internet-connected tools in our homes also gives digital criminals more opportunities to steal important data. As Ginni Rometty, IBM’s chairman, president, and CEO, said in 2016, “Cyber crime is the greatest threat to every company in the world.”
So what’s the answer? Businesses of every size and in every industry need a trusted, experienced security partner who can help to develop a smart, comprehensive IT strategy that meets the challenges of today and the evolving problems of tomorrow. At CMIT Solutions, we specialize in proactive monitoring and management, backup and disaster recovery, data encryption, multi-layered network security, and other critical components to protect your data, empower your employees, and give your company the competitive advantage it needs to succeed. Concerned about data breaches or other vulnerabilities? Contact CMIT Solutions today.