On July 19th, Capital One revealed that the confidential information of more than 100 million customers was compromised. The hacker didn’t cover her tracks well and was quickly caught, but not before she exposed the flimsy cybersecurity defenses of an international financial giant.
All that stood between the cyber thief and the names, email addresses, passwords, and credit applications of 100 million Americans and 6 million Canadians was a simple web-based firewall—just one layer in what is usually referred to as a “defense-in-depth” security strategy But at least that IT protection was more robust than Honda Motor Company’s.
The eighth-largest auto manufacturer in the world, currently worth approximately $50 billion, left an employee database publicly accessible to anyone online. That’s how a security researcher using the open-Internet search engine Shodan accessed more than 40 gigabytes of sensitive data.
Honda encrypted the data immediately. But there’s no telling how many hackers had quietly stolen the hostnames, IP addresses, and security patch statuses of Honda’s more than 215,000 employees. Even worse, security researchers believe the database could provide an intricate map of Honda’s internal corporate network—and the cybersecurity defenses surrounding it.
Hackers who glean that kind of information can exploit it in a number of ways:
1) By sending out spearfishing emails that appear to come from executives.
These can seem to be written in the voice of that executive, or even ask for sign-off on an important financial transaction in a way that sounds similar to past requests.
2) By installing malware, ransomware, or other illicit applications to track use.
These can log keystrokes and record passwords, direct users to download dangerous attachments, and encrypt an entire computer’s (or network’s) data in an instant.
3) By negatively impacting a company’s reputation.
In the case of both Capital One and Honda, detection of data compromise came quickly. The Capital One hacker was a disgruntled software engineer who bragged about her cybercrime online, while the Honda hack falls more in the ethical “white hat” category, where benevolent hackers purposefully point out vulnerabilities to strengthen the Internet-wide level of cybersecurity.
But Capital One and Honda have no doubt lost considerable trust with the general public and will spend years atoning for it. There’s a good chance it could cost top executives their jobs, too; in the wake of its $300 million data breach, Target’s CEO was forced out in 2014, and Equifax’s CEO resigned in 2017 after the credit bureau exposed the personal information of nearly 150 million Americans.
These cybersecurity statistics are grim, but the good news is age-old: “An ounce of prevention is worth a pound of cure.”
All of the above-mentioned breaches occurred because of shoddy IT protections—no multi-layered defenses for data, no 24/7 monitoring for security incidents, and certainly no committed IT partner there to address issues in a proactive, not reactive, way.
At CMIT Solutions, we deliver those kinds of protections day in and day out, for clients big and small. We understand the way information is transmitted, encrypted, and stored. We monitor network access and Internet traffic, identifying potential intrusions. We defend devices, building a protective wall around the entire IT ecosystem of a business. And we empower employees with training and support so that technology can help them work smarter, faster, and smoother—not harder.
Does the deluge of recent data breaches get you down? Are you unsure about the strength of your company’s cybersecurity defenses? Contact CMIT Solutions today. We worry about IT so you don’t have to, no matter what new hack hits the news.