The Worst Data Breaches of 2021 (So Far)
2021 is only half over, but there have already been a number of costly data breaches in various industries. Learn about this year’s worst breaches and how you can protect your organization from future cybersecurity threats.
Over the years, data breaches have become more common and damaging, with everyone from the smallest startups to giants like Facebook and Equifax being targeted. That’s troubling given that the average total cost of a data breach in the United States is $8.19 million.
There are a number of major cost amplifiers that contribute to the impact of a data breach. When a data breach occurs, your customers often lose trust in your organization, which can potentially cost your organization significant revenue. Another major cost amplifier is third-party breaches, when the breach of an adjacent organization — like a vendor or partner — leads to a loss of the primary company’s data.
Luckily, preventing these breaches is far from impossible. In fact, there are a few interventions your organization can make to prevent such attacks. Before we discuss these methods, however, it’s important to take a closer look at some of the worst data breaches of 2021 (thus far) in order to better understand why it’s so essential for any organization, no matter its size, to take cybersecurity seriously.
The Worst Data Breaches of 2021
2021 has already seen a large number of data breaches ranging in size, target, and impact. In particular, hackers often exploit organizations in critical industries like education, manufacturing, and energy because they are more likely to pay out.
Here are three of this year’s worst attacks that you should be aware of:
Broward County Public Schools
Early in the year, hackers broke into systems belonging to Broward County Public Schools in Florida, one of the largest school districts in the country. In the ransomware attack, the hackers stole and encrypted data from the school systems and demanded a $40 million ransom to not erase files or post student and employee personal information online. When the schools did not pay, the hackers followed through on their threat and posted around 26,000 stolen files online.
Sadly, this is far from the only instance of these kinds of attacks. There have already been at least 12 ransomware incidents involving U.S. public schools this year and that number will only grow by the end of 2021.
The manufacturing industry has become a prime target for ransomware attacks in recent years. This is unsurprising given that in this space, any delays caused by hacks could lead to huge amounts of lost revenue. In January 2021, leading crane and lifting manufacturer Palfinger was the target of an ongoing global cyberattack that disrupted its IT systems and business operations. This hack affected a large number of the company’s locations around the world and cost a significant amount in revenue due to processing and shipment delays.
One ransomware attack that made major headlines this year was the attack on Colonial Pipeline by DarkSide, an Eastern-European criminal gang. The attack forced the major pipeline system, which carries almost half of the gasoline, diesel and other fuels used on the East Coast, to shut down its full network and operations. This caused massive fears about gas shortages and many instances of unsafe gas hoarding across the south-eastern U.S. The attack also served as a stark reminder of the vulnerability of any organization to a devastating hack.
How to Protect Your Organization from a Data Breach
Although there is no stopping bad actors from trying to hack into vulnerable systems, there are ways organizations can protect themselves from falling victim to these attacks.
It’s important to remember that staying cyber secure is not a one-off effort — it’s an ongoing process that requires constant vigilance and engagement. Not only can preventative measures reduce the chances of an organization falling victim to a data breach, they can also minimize the cost of a breach if a bad actor does somehow manage to get through. Security automation, encryption, business continuity, and disaster recovery plans are all proven cost mitigators.
So, how do you protect yourself from data breaches? Try these key tactics:
- Fortify your network defenses: Make sure you have firewalls installed and that you keep them, and all your other software, up-to-date with any updates or patches that come out. This is your first line of defense and you should make sure it’s also one of your strongest. Also, be sure to secure your Wi-Fi network, implementing access controls and encryption. When it comes to accessing specific sensitive materials and company data, use password protocols (including added security measures like multi-factor authentication or biometrics) to enforce user authentication.
- Educate your employees: Your employees are often your most vulnerable endpoints. All the investments you make in cybersecurity can end up being worthless if your employees don’t understand and buy into their role in protecting your organization. That’s why educating employees should be a top priority. That education should include a focus on identifying dangerous links, phishing scams, unsecured sites, password infractions, and information mismanagement.
Implementing a Cybersecurity Architecture with Dynamic Segmentation
Zero Trust architecture has recently been growing in popularity across industries, but for IT teams looking to go one deeper, we recommend considering dynamic segmentation software.
Dynamic segmentation lets organizations enforce policies across their networks to keep traffic secure and separate regardless of its application. This is particularly useful at a time when each new device requires a huge number of decisions to be made at the edge to maintain security. Instead of having to make those decisions manually for each device, dynamic segmentation — as delivered by tools like Aruba’s Dynamic Segmentation software — lets you:
- Consolidate your policy enforcement across both your wireless and wired access layer
- Automatically shape traffic behavior using a unified engine that lets you apply rich, role-based access control
- Ensure access rights are based on application, device, and location of the user
Dynamic segmentation architecture can have a significant impact when it comes to reducing the number of breaches caused by misconfiguration since every device and application will have the same policies. Less misconfiguration means fewer vulnerabilities, which means less chance of a successful attack.
Even with Zero Trust or dynamic segmentation, organizations still need to prepare for the worst by ensuring they have a disaster recovery plan in place. While the significance of backups has been part of the cybersecurity discussion for a long time, it’s important to focus on the recovery piece of the puzzle. Ransomware attacks typically involve a bad actor encrypting your data and refusing to give you the encryption key unless you pay an exorbitant fee. By creating regular backups that hold an updated copy of your data — and developing a disaster recovery plan that lets you recover that data to your devices and systems fast — you can reduce the cost of a breach.
Stay Secure in the Face of Data Breaches with TTI
Whether you’re looking to overhaul your network architecture to be more cyber secure, or searching for the right tools and best practices to implement your disaster recovery plan, Turn-Key Technologies, Inc. (TTI) can help. We have thirty years of experience helping companies in various industries protect themselves against data breaches. Reach out today for a free consultation!
By Tony Ridzyowski