Cyber breaches are relentless and pose ongoing challenges for organisations to protect their data.
The reality is that no organisation, regardless of size or industry, is immune to the potential consequences of a data breach (we hate to be the ones to tell you!).
In this blog, we will focus on learning from real-life examples of businesses that navigated and recovered from cyber breaches.
Examining their experiences gives us insights into practical strategies for enhancing resilience and security.
Let’s get into it!
In early December 2022, Activision, a prominent video game maker, fell victim to a data breach.
Hackers exploited an employee through SMS phishing, gaining unauthorised access to the company's internal systems.
An in-depth analysis of the leaked data by 'Insider Gaming,' a respected video game publication, revealed that the breach exposed extensive employee details such as full names, email addresses, phone numbers, salaries, and work locations.
Following an investigation, it was determined that no sensitive employee data, game code, or player data was accessed.
Notably, a Slack account owned by an Activision employee provided hackers an entry point, enabling them to deceive other employees into clicking malicious links.
This breach was attributed to human error, as an unwitting employee clicked on malicious links within an SMS phishing text, inadvertently enabling the breach.
Upon discovering the breach, Activision's dedicated information security team swiftly initiated countermeasures to address the SMS phishing attempt and rectify the situation.
Activision's rapid response and comprehensive investigation effectively curtailed the breach's impact.
This incident shows the importance of addressing human error and rapidly securing sensitive information.
It serves as a reminder that continuous cybersecurity training and vigilant practices are essential within organisations to avoid similar breaches.
In October 2018, Cathay Pacific, Hong Kong-headquartered airline, unveiled a security breach that had occurred in 2014 yet had remained completely undetected.
This incident involved unauthorised entry by hackers into their systems, compromising sensitive passenger data, which included personal information like names, contact details, and passport information.
A hacking group had utilised password-stealing malware to breach administrative systems, affecting 9.4 million global passengers.
The breach was attributed to human error, as a lack of robust password security measures allowed hackers to exploit cyber vulnerabilities and gain access to the airline's systems.
In response to this breach, Cathay Pacific undertook a series of comprehensive measures to enhance their cybersecurity.
These measures included a dedicated focus on data governance, network security protocols, stringent access controls, comprehensive cybersecurity education programs for employees, and an advanced incident response framework.
Cathay Pacific also acknowledged the ongoing need to invest in evolving IT security systems due to the continuously escalating landscape of cyber threats.
As a consequence of this breach, the UK Information Commissioner’s Office (ICO) imposed a fine of £500,000.
This incident prompted the company to reiterate its commitment to collaborating with authorities and emphasise its dedication to protecting personal data.
This case highlights the crucial significance of proactive cybersecurity measures and the persistent drive for continuous enhancements to mitigate evolving cyber threats effectively.
In January 2020, Marriott Hotel & Resorts experienced a significant security breach caused by hackers exploiting vulnerabilities in a third-party application used for guest services.
The breach resulted from the compromised credentials of two Marriott employees, granting unauthorised access to 5.2 million guest records.
A human error led to records containing sensitive data such as passport details, contact information, gender, birthdates, loyalty account specifics, and preferences being compromised.
Marriott's security team promptly intervened after detecting irregular activities and resolved the breach by the end of February 2020.
Subsequently, Marriott Hotels & Resorts faced a fine of £18.4 million.
The hotel chain contacted affected guests through emails, established a dedicated website, and introduced a call centre to assist guests.
These resources included a step-by-step guide to respond to the breach and details about enrolling in a personal information monitoring service for those affected.
A spokesperson from Marriott stated "Marriott remains committed to the privacy and security of its guests’ information and continues to make significant investments in security measures for its systems." The U.K.'s Information Commissioner's Office (ICO) subsequently reduced the data breach penalty for Marriott to £14.4 million.
This adjustment underscores Marriott's commitment to prioritising the security and privacy of guest data going forward.
By adopting these proactive measures, your organisation can significantly reduce the risk of falling victim to cyber-attacks and protect sensitive information from potential breaches.
At Bob's Business, we understand human error's vital role in cyber attacks and the critical importance of protecting your organisation against potential breaches.
Our comprehensive cybersecurity awareness training empowers your employees with the knowledge and skills they need to become the first line of defence against cyber attacks.
Get in touch with us today to learn how Bob's Business can partner with your organisation to enhance cybersecurity awareness and ensure a safer digital environment for your business.