How Damaging Is A Cyber Breach To An Organisation?

“Four biggest challenges the tech industry faces in coming years are security, security, security and security.” – Pierre Nanterme, CEO, Accenture

Cyber attacks and data breaches is one of the pressing issues that organisations faced today. Organisations are at risk of IP theft, cyber espionage, data destruction, business disruption, etc. According to Lloyd[1], it was estimated that cyber attacks cost businesses as much as $400 billion a year due to business disruption and fixing damages by the attacks. Here are four case studies of companies that had fall victims to cyber attacks.

1. Target, 2013

In 2013, Thanksgiving is not all smooth sailing for retail giant, Target Corp. During the first three weeks of the holiday season, hackers have stolen data from more than 40 million credit and debit cards of shoppers who had purchased from Target.

The attack has resulted in a damage amount to a cost of more than $162 million, a big hit to their reputation. This is especially amplified by the fact that the breach came before the holiday season, lowering consumer confidence. The breach also had banks filing lawsuits against the retail giant. In December 2014, Target’s bid to dismiss a lawsuit by banks seeking to recoup money they spent reimbursing fraudulent charges and issuing new credit and debit cards.

2. Yahoo, 2013

Yahoo had admitted that it was hit with the largest security breach in history, with data from more than 1bn user accounts were compromised. The information taken could have included names, email addresses, telephone numbers, dates of birth and hashed password. The breach was encouraged by Yahoo’s outdated security system that they had failed to move away from.

The hackers used “forged cookies” – bits of code that stay in the user’s browser cache so that a website doesn’t require a login with every visit. This could allow an intruder to access users’ accounts without a password. A forged cookie could have allowed the attackers to remain logged into the hacked accounts for weeks or indefinitely.

“For years I have been urging friends and family to migrate off of Yahoo email, mainly because I watched for years as the company appeared to fall far behind its peers in blocking spam and other email-based attacks.” – Brian Krebs, Security Researcher.

This finding have seen Verizon to re-evaluate their deal of takeover with Yahoo, with a price cut. Yahoo is also hit with a class-action lawsuit following the disclosure of the hack. Needless to say, consumer confidence in Yahoo hits an all time low.

 “Yahoo failed, and continues to fail, to provide adequate protection of its users’ personal and confidential information. Yahoo users’ personal and private information has been repeatedly compromised and remains vulnerable.’’ – Yahoo user Amy Vail

3. United Parcel Service (UPS), 2014

UPS has reportedly faced malware attacks across 51 US stores. Information such as credit and debit card information are at risk of being exposed to hackers. This breach has compromised data on 105,000 customers transactions. UPS had admitted that the attackers were in the system, and were undetected for four to eight months.

As a result, UPS has offered free identity protection to customers who are affected by the breach.

4. Sony Pictures, 2014

In 2014, hackers broke into the computer systems of Sony Pictures Entertainment, and had stolen large amount of confidential documents from Hollywood studio and released them into worldwide net in the following weeks. It was rumoured that this is an outrage response by the North Korean government over the film “The Interview” that was centered on an assassination plot against the North Korean leader Kim Jong Un. The theatrical release of the film was postponed.

“While we are not yet sure of the full scope of information that the attackers have or might release, we unfortunately have to ask you to assume that information about you in the possession of the company might be in their possession.” –  Michael Lynton & Amy Pascal, Sony Pictures Executive

During disruption period, staff had to turn off their computers and disable wi-fi on their handheld device to safeguard their information. Sony Pictures was also forced to shut down its worldwide email and computer network.

It was estimated that the cost of the damage amounted to more than $15 million, inclusive of investigation and remediation.

The damage of a cyber attack can range from stealing card information to the shutdown of an organisation network system. Business leaders need to recognise the need to have clarity around the enterprise-wide effect of such events. Organisations have failed to depict an accurate picture of the impact of an cyber attack, thus not developing the risk strategies to protect their assets.

Cyber Security for Non-Technical Personnel is a course that takes participants through a journey of hacking, vulnerabilities, data breaches, etc. Participants will examine the various ways in which hackers can potentially conduct cyber attacks on organisation and individual. They will also be taught how to set up defences against attacks using the principles of Security Information and Event Management. All the knowledge obtained can then be applicable to the operations and processes of their organisation. For more information, please visit us at http://www.opuskinetic.com/training or contact us at info@opuskinetic.com

Opus Kinetic believes that people are why organisations are successful, and giving people the knowledge to perform well at their job is integral for success. We pride ourselves as the premier provider of knowledge, offering acclaimed in-house training, leadership training courses, oil and gas training courses, courses that target health safety and environment, etc. Our training courses are well researched and updated with the latest industry trends. For more information on our professional training programs, you can visit us at http://www.opuskinetic.com/training.

[1] Lloyd is a British insurance company