Cyberattacks are becoming more common and based on some of the victims; no one appears to be completely safe. As reported by the Identity Theft Resource Center, by September 30, 2021, the number of publicly-reported data compromises exceeded the total number of events in 2020 by 17 percent.
Regardless of the size of your company, it’s more important than ever to consider your current cybersecurity strategy. Here’s a look at the biggest cyber incidents of 2021, plus what you can do to protect your organization.
Facebook, Instagram and LinkedIn via Socialarks
Socialarks is a Chinese data-management firm that fell victim to a major attack in January 2021. Public and personal details of at least 214 million social media users were leaked because of the company’s faulty database and server, ElasticSearch. The server was publicly exposed without password protection or encryption, allowing anyone with the server IP address to access the database.
At the beginning of May 2020, the chemical distribution company Brenntag fell victim to Darkside ransomware, resulting in a ransom of $4.4 million paid in Bitcoin. In return, the company received a decryptor for encrypted files. Taking action prevented the culprits from publicly leaking stolen data. DarkSide is unique in that they are a Ransomware-as-a-Service (RaaS) operation that partners with third-party hackers or affiliates. The DarkSide team earns 20 to 30 percent commission on successful ransomware attacks.
On May 7, 2021, a ransomware attack took down the largest fuel pipeline in the United States, resulting in shortages across the East Coast. This attack resulted from a single compromised password, which investigators believe was from a dark web leak. Once again, DarkSide was responsible for this attack. Bloomberg confirmed that on May 13, 2021, Colonial Pipeline paid nearly $5 million in ransom.
JBS is the world’s largest meat processing company, and in late May 2021, the company was hacked. A ransomware attack forced the Brazil-based company to pay the equivalent of $11 million. Although the vast majority of the company’s facilities were operational, they made the tough decision to take preventative action and pay. This attack was attributed to the Russian-speaking gang, REvil.
CNA Financial Corp. is among the largest insurance companies in the United States. In late March, the company paid $40 million following a ransomware attack, which caused CNA to lose control of its network. The hackers were a group called Phoenix, which has used ransomware created by Evil Corp, a Russian cybercrime group.
Tips to Improve Cybersecurity in 2022
Based on the cyber incidents discussed above, it’s clear that no organization can ever be 100 percent secure. However, you can take steps to reduce your risk of a cyberattack or data breach.
- Create a solid cybersecurity plan to implement all security best practices. Focus on training methods, hardware, software and hypothetical incident-response scenarios. It’s recommended you partner with an IT service company.
- Train employees to recognize the warning signs of cybercrime and how to keep risks as low as possible based on their actions. For example, educate employees on phishing, a common but often preventable security threat.
- Update your software, as hackers will often target vulnerable companies. If you have security flaws and are behind in adopting the latest updates, you increase your risk of an attack.
- Update passwords regularly and never recycle old ones, enforcing secure password policies.
Managing IT issues and threats can be overwhelming, which is why you should outsource cybersecurity.DataTap is here to help you protect your organization. Get a free assessment today!