Top Cyber Threats of the Year: How to Protect Yourself or Your Business
Any time a device uses the Internet, it is exposed to the possibility of a cyberattack.
These attacks occur in a variety of ways, from data breaches, ransomware and internal attacks to data leakage, impersonation attacks and leveraging social engineering by exploiting human emotion. As more and more insights are derived from data, businesses carry more risk, says Forbes. Data and personal information are highly valuable to hackers. In fact, experts say that data — such as health records — is more valuable to hackers than a credit card, since they can use this information to commit identity theft, steal funds, sell to third parties and more.
According to the FBI’s latest annual Internet Crime Report, these types of cyber attacks cost U.S. businesses and individuals $3.5 billion in 2019 alone. As cyber attackers continue to exploit gaps and introduce new threats and vulnerabilities, individuals and businesses must also equip themselves with the knowledge to protect their personal and customer information.
For smaller businesses, investing in cybersecurity has historically been seen as too expensive, making cost and a lack of resources the most significant challenges faced by companies today when it comes to adopting cybersecurity practices, says the Better Business Bureau. However, the latest research shows that businesses are beginning to allocate more resources to protecting themselves and their customers. McKinsey & Company found that 70 percent of Chief Information Security Officers plan on asking for significant increases in their cybersecurity budgets in 2021.
Top Cybersecurity Breaches
Before individuals and businesses can prevent a future attack, it helps to start by gaining a strong understanding of today’s biggest cyber threats. Here are five of the most significant cyber attacks that affected both businesses and consumers alike in 2020.
In April 2020, Japanese consumer electronics and gaming giant Nintendo suffered a data breach that affected approximately 300,000 user accounts. Rumors of a suspected cyber incident circulated quickly as players noticed unusual activity from their accounts; many reported that their virtual funds were suddenly missing, and some even discovered unauthorized purchases within their account histories. The company has since readdressed weak points in its security, emphasizing the importance of two-factor authentication.
To get started using two-factor authentication (and learn what it is), click here.
In January 2020, Marriott International suffered a data breach that affected approximately 5.2 million guests. In their official press release, Marriott warned that names, addresses, phone numbers, loyalty member data, dates of birth and other travel information — including linked airline loyalty numbers and room preferences — were obtained in the breach. The hotel chain further stated that “guest information may have been accessed using the login credentials of two employees at a franchise property. We believe this activity started in mid-January 2020.”
To check if your information has been compromised by a data breach, click here.
World Health Organization
Since the start of the COVID-19 pandemic, the World Health Organization (WHO) has seen a “fivefold increase” in the number of cyber incidents directed at WHO staff, as well as email scams targeting the public implying an association with the organization. Between March and April of 2020, hackers leaked WHO staff login credentials including nearly 25,000 private email addresses and passwords. According to WHO, a phishing campaign (a form of email spoofing) had been directed at its staff.
To learn more about email spoofing/imposters, click here.
In April 2020, more than 500,000 Zoom account details, usernames and passwords were leaked onto the web. An investigation by threat intelligence provider IntSights revealed that hackers used recycled login credentials from old compromised databases to initiate the attack.
“Unfortunately, people tend to reuse passwords,” Etay Maor says, “while I agree that passwords from 2013 may be dated, some people still use them.” As Zoom continues to face scrutiny over its privacy protections, domestic intelligence and security services like the FBI have had to issue warnings regarding the use of the app.
To learn more about protecting your passwords, click here.
In November 2020, WildWorks, the company behind the popular kids game Animal Jam, confirmed a data breach affecting 46 million accounts. In a recent statement by WildWorks, the company reveals that hackers also gained access to 7 million parent email addresses used to manage their kids’ accounts. Some of these accounts had a parent’s identity, including full name and billing address. Additionally, the stolen data dates back to over the past ten years, WildWorks says, meaning that past users may still be impacted.
To learn more about protecting your identity, click here.
How You Can Protect Yourself as a User
Now that you have an understanding of some of the major cyber threats that customers face today, you might be wondering, What do I need to do to keep myself safe? Here are a few steps you can follow to help prevent these attacks from happening to you.
1. Protect Your Password
According to a report by Verizon, 81% of data breaches can be traced back to compromised passwords. You can reduce the risk of account breaches by utilizing two-factor authentication (also known as multi-factor authentication) on your online accounts. This process typically involves sending you a temporary key to a trusted device, such as a smartphone, in order to confirm account ownership.
To help you get started using two-factor authentication on your devices, we have shared a few resources below:
- How to Set up Two-Factor Authentication on All Your Online Accounts | The Verge
- Multi-Factor Authentication for Seniors | Global Wealth Advisors
- Two-Factor Authentication: Who Has It and How to Set It Up | PCMag
- The Best Authenticator Apps for Protecting Your Accounts | Gizmodo
2. Monitor Data Breach Notifications
It is easier now than ever before to determine if your personal data has been compromised by a breach. Companies like Apple have even introduced password notifications that will automatically notify you in the event of a breach. You can also self-monitor using services like Have I Been Pwned, which allow you to insert your email address and see if it has been associated with any data breaches.
If you’d like to check if your online accounts have been breached, here are a few more places to get started:
- Stolen Passwords List | BreachAlarm
- How to Find Out if Your Password Has Been Stolen | PC Mag
- How to View Gmail Login History | Google
- Has Your Password Been Stolen? Here’s How To Find Out | Forbes
3. Protect Yourself Against Identity Theft
According to a report by IdentityForce, 65% of data breaches result in identity theft, making it the most common threat to users. Once cyber attackers acquire your personal information, they could potentially take out a mortgage in your name, empty your checking/savings accounts, undergo medical treatment through your health insurance plan or even file a tax return and claim your refund. You can help to prevent identity theft by engaging in protective measures such as requesting a free credit report, reviewing your monthly statements, shredding personal finance documents and setting up fraud alerts.
In addition to these protective strategies, it is also important to ensure you’re safeguarded in the event that your data does get breached.
- Warning Signs of ID Theft | USA.gov
- Identity Theft Recovery Steps | FTV.gov
- How to Freeze Your Credit Files | USA.gov
- Free Identity Theft Resources | FTC.gov
How You Can Protect Your Business
As businesses collect more and more consumer data, high-profile data breaches like those outlined above have become increasingly common. A recent Cost of a Data Breach Study revealed that the average breach costs a company nearly $4 million — these financial losses only represent a fraction of the potential business impact. For example, a 2019 Consumer Survey (PDF 2.4 MB) by Ping Identity revealed that 81% of customers would stop engaging with a brand online following a data breach.
These types of cyber incidents pose a significant problem that can disrupt nearly any business, causing financial and reputational harm. More than ever, it is important to take preventative measures and develop a cybersecurity incident response plan to protect your business and customers. Here are some tips and resources that can help you get started.
1. Choose a Secure Web Hosting Provider
Security should be a top concern when choosing a web hosting provider for your company website. If your business incorporates an online store or eCommerce component, it is critical that your website includes the right security measures to ensure the safety of your customers and their sensitive data like credit card information and personal addresses. The Federal Trade Commission suggests looking for hosting providers that offer features such as email authentication, software updates and user website management to further protect customer information.
Here are several resources that you might find useful as you choose a web hosting provider:
- Hiring a Web Host: What To Look For and Ask | FTC.gov
- Is Your Web Host Taking Cybersecurity Seriously? | SecurityBoulevard
- 11 Online Free Tools to Scan Website Security Vulnerabilities | Geekflare
- 6 Tips For Choosing the Right Hosting Provider | RedSwitches
2. Utilize Email Authentication
Today’s cyber criminals can set up email addresses that look like they’re coming directly from a trusted company, then use those accounts to send out messages to unsuspecting customers. This practice is called email spoofing, and the scammer is what is called a business email imposter. If you’re planning to set up a business email, it is important to ensure the email provider offers email authentication technology. The Federal Trade Commission also recommends training your staff to spot phishing emails and immediately notify customers as part of a cybersecurity response plan.
The following is a list of resources you may find useful if you are planning on using email as part of your business operations:
- Cybersecurity for Small Business: Business Email Imposters | FTC.gov
- Set Up Email Domain Authentication | MailChimp
- Your Comprehensive Guide to Prevent Email Spoofing | SecurityBoulevard
- Email Spoofing 101: A Quick Guide to Protecting Your Business | ImmenseNetworks
3. Create a Ransomware Response Plan
Ransomware attacks involve hackers holding data hostage in exchange for money or other demands. According to a report from the cybersecurity firm Emisof, the potential cost of ransomware in the United States reached over $7.5 billion in 2019. These attacks are typically carried out through scam emails, server vulnerabilities, infected websites and online ads, reports the Federal Trade Commission. The law enforcement agency also stresses the importance of having a ransomware response plan that includes regular backups and staff orientation and training.
If you’d like to learn more about taking actionable steps to prevent a ransomware attack and protect your business in the event an attack occurs, these resources may be helpful for you:
- Ransomware Guidance and Resources | CISA.gov
- The Ultimate Small Business Owner’s Guide to Ransomware | PaceTechnical
- How to Protect and Recover Your Business from Ransomware | PCMag
- Ransomware Playbook | Cyber Readiness Institute
It is more important than ever to keep yourself or your business safe online. Taking proactive and preventative measures can make the difference between you or your business staying safe or becoming the victim of an attack. Understanding the potential threats you or your business may face, along with following the tips above, can help better secure your technology and personal information from the threats of cybercrime.