Common Causes of data breaches and How to Mitigate them?

Snow

Since the COVID-19 Pandemic has forced companies to move their business to remote operation, there has been a significant increase in the number of data breaches.

Cybercriminals are currently exploiting the COVID-19 pandemic problem to initiate extremely advanced cyber-attacks on any potential industry. During the first six months of 2020, different Fortune 500 businesses were the victim of major data breaches that hackers sold account credentials, sensitive data, confidential and financial records from cybercriminal platforms of these organizations.

Here are 7 major data breaches that happened in 2020

Nintendo data breach -: Nintendo revealed in April 2020 that it was attacked by cybercriminals and 160,000 accounts have been compromised. Hackers had evidently used the stolen accounts to purchase valuable digital items.

Twitter spear-phishing attack -: This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems. the attack targeted 130,000 public figures and profiles, the attackers made $121,000 bitcoin donations after the attack.

Easy jet Data breach -: EasyJet, a low-cost airline that is based in the UK recently reported that 9 million data records and as well as 2,200 credit card information of their customers were stolen by cybercriminals. Due to the strict GDPR rules in Europe, it’s only natural for a Company like EasyJet to get fined and to pay compensation to the affected customers.

CAM4 Data Breach -: Nearly 11 billion records were exposed to recent CAM4 data leakage. Cybercriminals can use this data to target emails to extort money or for spear-phishing attacks. This is a highly sensitive issue for adult sites as most members prefer to stay anonymous.

Marriott Data Breach -: The hotel chain Marriott announced a security breach on March 31, 2020, that impacted data from more than 5.2 million hotel guests who used the loyalty application of their company.

Zoom Credentials Hack -: In the first week of April 2020, reports of more than 500.000 stolen Zoom passwords available for sale in dark web crime markets shook the users of the application. In a world that is changing globally with the COVID-19 pandemic, Zoom has increased in popularity with the move of both the education and the organizations to the home-office model.

Antheus Tecnologia Biometric -: The data was discovered on an unsecured server including 76,000 unique fingerprints, emails from company employees, telephone numbers, and more. The server did not store direct fingerprint scans, but the binary code that hackers might use to recreate them, with potentially harmful results.

Way of Data breach

It seems as though not a day goes by without a headline screaming that some organization has experienced a data breach, putting the business – and its customers and partners – at risk.

Weak and Stolen Credentials

Solution -: Use complex passwords and never share passwords.

Back Doors, Application Vulnerabilities

Solution -: Keep all software and hardware solutions fully patched and up to date.

Malware

Solution -: Be wary of accessing web sites which are not what they seem or opening emails where you are suspicious of their origin, both of which are popular methods of spreading malware!

Social Engineering

Solution -: If it looks too good to be true then it probably is too good to be true. If you were going to bequeath $10 Million US Dollars to someone you had never met, would you send them an email?

Too Many Permissions

Solution -: Keep it Simple.

Insider Threats

Solution -: know who you are dealing with, act swiftly when there is a hint of a problem and cover everything with process and procedure backed up with training.

Physical Attacks

Solution -: Be vigilant, look out for anything suspicious and report it.

Improper Configuration, User Error

Solution -: With the correct professionals in charge of securing your data and the relevant and robust processes and procedures in place to prevent user error, then mistakes and errors can be kept to a minimum and kept to those areas where they are less likely to lead to a major data breach.