You can’t turn on cable news or scroll through online stories these days without coming across repeated mentions of data breaches. In fact, it doesn’t matter if you’re reading this article the day we publish it or months from now. There is almost certainly a “big breach” that just happened.
That’s because data has become the preferred new target for innovative criminals. (And that’s what they are—criminals. They’re not hoodie-wearing hackers. They’re thieves.)
And don’t make the mistake of thinking that just because your business isn’t a multi-billion dollar global operation, cybercriminals aren’t after you. They are. In fact, it’s estimated that “45% of all cyberattacks actually target SMBs.”
You really can’t afford to ignore cybersecurity, but there is some good news. The failures of other companies can teach some valuable lessons. So in this article, we’re going to explore some epic examples of data breach.
The financial impact is only part of the problem
Before we get to the breaches, let’s talk dollars.
It has been predicted that a considerable number of digital businesses, encompassing those conducting online operations, would face a substantial amount of downtime as a result of cybersecurity attacks. This prediction was made with reference to the year 2020. Downtime can have significant financial implications, with Gartner estimating the average cost of downtime to be around $5,600 per minute.
Granted, that’s a compelling number. Think about it. How long can you afford to hemorrhage that kind of money before your business is in serious trouble? But the negative impact of a data breach doesn’t stop there.
“We all know that outages cost companies money—lots of money. . . . But what about the more intangible variables like employee burnout, product velocity and brand reputation?”
– Forbes
Your staff will suffer a very real loss of morale. It’s emotionally exhausting to experience a data breach. And your customers will feel the sting, too. When any company announces a data breach, it’s natural for the general population to question trusting that company.
And talk about a win for your competition. You’ll almost certainly lose business to your rivals if they can simply make your prospects aware of your security shortcomings during their sales presentation.
But there’s more.
The good stuff you miss out on
The cost of a data breach, both tangible and intangible, is high, but there are also good things you miss out on when your cybersecurity is lacking. Here at KME, we believe the best approach to cybersecurity doesn’t just take into account possible losses. We think it’s smart to consider what you gain, too.
After all, why is it so important to protect data? Because that data represents information that’s important to people. When you put people first—that includes both your employees and your customers—strong cybersecurity becomes a no-brainer.
With that as your foundation, it’s almost inevitable that your cybersecurity strategy will actually turn into a profit center for your company. You’ll naturally build cyber-resilience—an agile, strategic approach to security that makes your business safer for your staff and your clients.
Imagine pitching that to a prospect. When you take cybersecurity seriously for the right reasons, your security strategy turns into a very real selling point.
But if you get lazy about cybersecurity, you don’t just risk a breach. You also miss out on the doors a more mindful approach would open for you.
Related: How CIOs should respond to a data breach
3 epic breaches (and what you can learn from them)
And now the breaches. There have been a lot of notable breaches in the last few years, so we’re just going to hit 3 big highlights. We’ll also tell you what you can learn from each.
1. Moller-Maersk
Based out of Copenhagen, Moller-Maersk ships about one-fifth of all the freight in the world. However, the NotPetya ransomware breach of 2017 hit them hard. The NotPetya virus was designed purely for destruction. In the words of one article, “The release of NotPetya was an act of cyberwar. . . ”
And, wouldn’t you know it, the devastating virus took advantage of a security vulnerability that had already been addressed in an update. But even one machine left unpatched would expose whole networks to the malware.
In the end, Moller-Maersk’s damages were estimated at $200-300 million.
LESSON: Stay current with updates and security patches
Read more: The Untold Story of NotPetya, the Most Devastating Cyberattack in History
2. Target
When the retail giant Target was breached back in 2013, it was big news. A go-to chain for many consumers, it was troubling to think that maybe your credit card had been compromised. The company took a hit to their reputation, suffered lost sales, and eventually had to pay an $18.5 million settlement.
And the attack wasn’t even directly against Target—at least initially.
Cybercriminals stole credentials from a third-party vendor Target had worked with. Using those credentials, they were able to gain access to Target’s data, where they installed malware designed to steal massive amounts of customer information.
LESSON: Only partner with vendors who take cybersecurity as seriously as you do
Related: Is your network security strong enough to protect your reputation?
3. Equifax
We’ll be talking about the Equifax breach of 2017 for a while—in part because an estimated 147.9 million people were affected by it and will continue to be affected by it for years to come.
Equifax was doing several things wrong, eventually leading to an incredible public failure. The vulnerability that was exploited had already been addressed in security patches, but the company had not yet applied those patches. (Just like Moller-Maersk, above.)
But on top of that, Equifax was using a “five-decades-old(!) web-facing system that allowed consumers to check their credit rating from the company’s website.” Older equipment is far more likely to be vulnerable as it often lacks the advanced technology and additional layers of security available in more recent hardware.
LESSON: Keep both hardware and software up to date
One more tip
We’re going to close this out with one final tip. It’s an important one, though admittedly also self-serving. While you could choose to take on your company’s cybersecurity strategy on your own, we don’t recommend that approach.
We know a reputable, strategic cybersecurity partner is an expense. However, the value such a partner brings to the table is very real. While you could try to stay on top of all this stuff on your own, there’s a reason cybersecurity experts exist. The protection you’ll get from a pro will definitely go further to keep you, your employees, your customers, your business and your data safe.
So we highly recommend reaching out to a cybersecurity expert.
While we’d love to be able to help, it doesn’t have to be us. Just make sure it’s someone you can trust. Someone who listens to you, someone who takes your security seriously, and someone who is attentive to your unique needs.
That’s the only way to really protect yourself from cyberattacks.
Keep reading: Are you really protected from THIS?!