As long as illegal money can be made while remaining anonymous, cyberattacks against businesses large and small will continue to increase. Constant vigilance is thus necessary in order to stay ahead of hackers and vulnerability discovery.
In the past month, there was a series of security breaches at big businesses, including two billion dollar companies, Houzz and Airbus. The attacks led to the stealing of users’ private data and business information.
What is a Data Breach?
A data breach occurs when an organization or an individual’s information is accessed without authorization. Data breach is expensive to manage. It can result in loss of trust and reputation of the company involved and can potentially put customers at risk. Sensitive information such as name, credit cards numbers, and social security numbers are often targeted by cyber attackers.
As more information is moved to the digital world, there would be more cyber-attacks to steal data for profit purpose.
Houzz Data Breach
Houzz, a home improvement and decorating website announced in January 2019 that it suffered a cyber-attack. Personal user data such as usernames, passwords, and their corresponding IP addresses were retrieved by an unauthorized party.
Other linked data were also accessed. These include Houzz members user IDs, previous usernames, one-way encrypted pass, IP address, zip codes, and city. Fortunately, Houzz user’s social security number, credit cards, and bank accounts were said to be safe from the attack.
For users who registered through Facebook, their public Facebook IDs were also exposed.
While the hack was discovered in December 2018, it is not clear when the attack started. The hacker might have been sitting on the server for a long time undetected. Houzz said it was currently investigating the breach with the help of security and forensic experts.
According to the company, not all users were affected by the attack. However, it has been advised for all members to change their account password as a protective measure.
Implications of Houzz Data Breach
While credit cards and bank account details were not compromised, the stealing of personal data still poses a significant cyber risk to Houzz customers.
For instance, members’ name and other personal information may be used for identity fraud when sold on the dark web. Victims whose identity were stolen might be linked to crimes or financial transaction they were never a part of.
Also, since the Houzz attackers accessed customers’ username and password combination, they could try the same password on other popular websites. This allows them to try and hijack accounts of users who use the same login credentials on multiple websites.
This breach is further proof that reusing passwords is unsafe for sensitive accounts.
The Airbus Hack
Airbus is involved in the manufacturing of aircraft equipment for civil and military use. It was recently a target of a hack attack.
Airbus reported that the attack was targeted at its business information system. This could mean that the attackers were after Airbus business and technology secrets. With that said, Airbus invests heavily in R & D innovation.
Airbus along with security professionals are currently investigating the hack to determine the source and the extent of damage done.
Professional contact and identification details of some European Airbus employees were accessed by the hackers. Since the hackers went for such information, they must have a good use for it. A good encryption setup would have rendered such data useless to attackers.
This attack means that business must continuously employ security countermeasures to protect their system and keep hackers away.
The publicized hack cases are those involving big corporations. Small and medium businesses which are the target of most attacks often don’t make the news. For SMBs with no proper security setup, attackers may stay on their computer system undetected. These attackers are monitoring and stealing business and personal data.
Therefore, it is highly recommended for small business owners to engage in cybersecurity services offered by a managed service provider (MSP). An MSP can help a business implement security policies and deploy a system-wide defense system. This type of security program includes a wide range of systems such as firewall, encryption technology and 24 hours remote server monitoring.
With a solid security plan in place, your business will be less attractive to hackers.
If you are experiencing any cyber security issues or have concerns your company could become a victim of a data breach, please contact SDTEK today.