In the last two weeks, we’ve witnessed a vast amount of data breaches and information leaks, and the issue has become very alarming. All sectors from businesses, to public health, to educational institutions, have in one way or another, reported that their servers were either hacked or they accidentally left their data open for the internet to feast.
This series of breaches have come to an epidemic – one that does not involve some sort of super-bacteria resistant to antibiotics, but is still contagious and hard to cure. These data breaches have carelessly exposed data from millions of people from around the world including information that can help criminal entities carry out their sinister motives.
Yesterday, a hacker in the name, Gnosticplayers, had put 26.42 million user data and records on sale in a dark web market place. He was asking for 1.2431 bitcoin ($4,940.00) in exchange for the data he illegally collected from six different companies last February.
“I get upset because I feel no one is learning,” the hacker said in a private conversation with reporters.
It appears that maybe he is right; no one is actually learning.
Victor Gevers, a cybersecurity expert who discovered multiple unprotected databases online, detailed that there are vast databases that are available for public consumption, and even those who know basic hacking skills can compromise these data. He highlights that these data are potent tools for cybercrimes such as email phishing, identity theft, and cyber extortion.
Additionally, Victor Gevers have discovered multiple databases online that revealed personal and identifiable information about women in China which includes their names, addresses, phone numbers, social security numbers, and interestingly, their “BreedReady” status.
Along with this discovery, Gevers also discovered two more databases that have similar code schema as the “BreedReady” database. He postulates that the said database could be made by a student for some sort of a project since the IP address is coming from a university in China.
Earlier today, the education and science giant, Elsevier, has carelessly misconfigured one of its servers exposing tons of users’ passwords and password links to reset their login credentials.
While most of the reported breaches are that of big corporations and government institutions, the majority of the violations that happen around the world involve data from small and medium businesses (SMBs). However, just because these breaches are minor and are not newsworthy, they too are as dangerous as significant leaks collectively.
According to a report issued this morning by Business in the Community (BITC), 40 percent of small businesses hadn’t changed a thing about their cybersecurity posture in the last 12 months. Some say they didn’t have any cybersecurity solutions to set up. Meanwhile, 77 percent of SMBs have no policies to help them control data and system access. This data proves that small and medium businesses have a huge responsibility in terms of cybersecurity.
“We have seen an increase in small businesses being targeted by cyber-criminals in recent years,” said Stephen Worrall, Managing Director at HSB Engineering Insurance.
“Security system gaps can leave small businesses vulnerable to cyber-attacks without them realizing, which when exploited can result in small businesses becoming victims of a data breach and potentially causing significant disruptions to their business and onward supply chain.”
The wave of cybersecurity breaches and threats that we see in the news right now highlights the growing problem of cyber vulnerability among organizations. That is the reason why it is fundamental for organizations to understand the responsibility of safeguarding the information of their members and users that they entrusted to them.
According to experts, if we want to reduce the number of successful cyber attacks that target organizations, we need to turn our attention towards small and medium-sized ones because they are the weakest link in the chain.
Understandably, these organizations have a lesser capacity to support their cybersecurity wall. Acquiring the necessary technology to secure keep data is expensive, nonetheless. However, they should be focused on by governments, and legislation should be in place to help them catch up with significant organizations regarding cybersecurity. Experts like BITC urge them to reassess how vulnerable they are to cyber attacks. By supporting small organization safeguard data, we can be one step ahead towards fighting cyber attacks and data breaches. /apr