cyber security data breach case study

• Talk to Expert
• Machine Identity Management
• October 20, 2023
• 9 minute read

7 Data Breach Examples Involving Human Error: Did Encryption Play a Role?

Despite an overall increase in security investment over the past decade, organizations are still plagued by data breaches. What’s more, we’re learning that many of the attacks that result in breaches misuse encryption in some way. (By comparison, just four percent of data breaches tracked by Gemalto’s Breach Level Index were “secure breaches” in that the use of encryption rendered stolen data useless). Sadly, it’s often human error that allows attackers access to encrypted channels and sensitive information. Sure, an attacker can leverage “gifts” such as zero-day vulnerabilities to break into a system, but in most cases, their success involves provoking or capitalizing on human error.

Human error has a well-documented history of causing data breaches. The 2022  Global Risks Report  released by the World Economic Forum, found that 95% of cybersecurity threats were in some way caused by human error. Meanwhile, the  2022 Data Breach Investigations Report  (DBIR) found that 82% of breaches involved the human element, including social attacks, errors and misuse. 

I think it’s interesting to look at case studies on how human error has contributed to a variety of data breaches, some more notorious than others. I’ll share the publicly known causes and impacts of these breaches. But I’d also like to highlight how the misuse of encryption often compounds the effects of human error in each type of breach.

SolarWinds: Anatomy of a Supersonic Supply Chain Attack

Data breach examples.

Here is a brief review of seven well-known data breaches caused by human error.

1. Equifax data breach—Expired certificates delayed breach detection

In the spring of 2017, the U.S. Department of Homeland Security's Computer Emergency Readiness Team (CERT) sent consumer credit reporting agency Equifax a notice about a vulnerability affecting certain versions of Apache Struts. According to former CEO Richard Smith, Equifax sent out a mass internal email about the flaw. The company’s IT security team should have used this email to fix the vulnerability, according to Smith’s testimony before the House Energy and Commerce Committee. But that didn’t happen. An automatic scan several days later also failed to identify the vulnerable version of Apache Struts. Plus, the device inspecting encrypted traffic was misconfigured because of a digital certificate that had expired ten months previously. Together, these oversights enabled a digital attacker to crack into Equifax’s system in mid-May and maintain their access until the end of July.

How encryption may become a factor in scenarios like this:  Once attackers have access to a network, they can install rogue or stolen certificates that allow them to hide exfiltration in encrypted traffic. Unless HTTPS inspection solutions are available and have full access to all keys and certificates, rogue certificates will remain undetected.

Impact:  The bad actor is thought to have exposed the personal information of 145 million people in the United States and more than 10 million UK citizens. In September 2018, the Information Commissioner’s Office  issued Equifax a fine of £500,000, the maximum penalty amount allowed under the Data Protection Act 1998, for failing to protect the personal information of up to 15 million UK citizens during the data breach.

2. Ericsson data breach—Mobile services go dark when the certificate expires

At the beginning of December 2018, a digital certificate used by Swedish multinational networking and telecommunications company Ericsson for its SGSN–MME (Serving GPRS Support Node—Mobility Management Entity) software expired. This incident caused outages for customers of various UK mobile carriers including O2, GiffGaff, and Lyca Mobile. As a result, a total of 32 million people in the United Kingdom alone lost access to 4G and SMS on 6 December. Beyond the United Kingdom, the outage reached 11 countries including Japan.

How encryption may become a factor in scenarios like this: Expired certificates do not only cause high-impact downtime; they can also leave critical systems without protection. If a security system experiences a certificate outage , cybercriminals can take advantage of the temporary lack of availability to bypass the safeguards.

Impact:  Ericsson restored the most affected customer services over the course of 6 December. The company also noted in a  blog post  that “The faulty software [for two versions of SGSN–MME] that has caused these issues is being decommissioned.”

3. LinkedIn data breach—Millions miss connections when the certificate expires

On 30 November, a certificate used by business social networking giant LinkedIn for its country subdomains expired. As reported by The Register , the incident did not affect www.linkedin.com, as LinkedIn uses a separate certificate for that particular domain. But the event, which involved a certificate issued by DigiCert SHA2 Secure Server CA, did invalidate us.linkedin.com along with the social media giant’s other subdomains. As a result, millions of users were unable to log into LinkedIn for several hours.

How encryption may become a factor in scenarios like this:  Whenever certificates expire, it may indicate that overall protection for machine identities is not up to par. Uncontrolled certificates are a prime target for cybercriminals who can use them to impersonate the company or gain illicit access.

Impact:  Later in the afternoon on 30 November, LinkedIn deployed a new certificate that helped bring its subdomains back online, thereby restoring all users’ access to the site.

4. Strathmore College data breach—Student records not adequately protected

In August 2018, it appears that an employee at Strathmore secondary college accidentally published more than 300 students’ records on the school’s intranet. These records included students' medical and mental health conditions such as Asperger’s, autism and ADHD. According to The Guardian , they also listed the exposed students’ medications along with any learning and behavioral difficulties. Overall, the records remained on Strathmore’s intranet for about a day. During that time, students and parents could have viewed and/or downloaded the information.

How encryption may become a factor in scenarios like this:  Encrypting access to student records makes it difficult for anyone who doesn’t have the proper credentials to access them. Any information left unprotected by encryption can be accessed by any cybercriminals who penetrate your perimeter.

Impact:  Strathmore’s principal said he had arranged professional development training for his staff to ensure they’re following best security practices. Meanwhile, Australia’s Department of Education announced that it would investigate what had caused the breach.

5. Veeam data breach—Customer records compromised by unprotected database

Near the end of August 2018, the Shodan search engine indexed an Amazon-hosted IP. Bob Diachenko, director of cyber risk research at Hacken.io, came across the IP on 5 September and quickly determined that the IP resolved to a database left unprotected by the lack of a password. The exposed database contained 200 gigabytes worth of data belonging to Veeam, a backup and data recovery company. Among that data were customer records including names, email addresses and some IP addresses.

How encryption may become a factor in scenarios like this:  Usernames and passwords are a relatively weak way of securing private access. Plus, if an organization does not maintain complete control of the private keys that govern access for internal systems, attackers have a better chance of gaining access.

Impact:  Within three hours of learning about the exposure, Veeam took the server offline. The company also reassured  TechCrunch  that it would “conduct a deeper investigation and… take appropriate actions based on our findings.”

6. Marine Corps data breach—Unencrypted email misfires

At the beginning of 2018, the Defense Travel System (DTS) of the United States Department of Defense (DOD) sent out an unencrypted email with an attachment to the wrong distribution list. The email, which the DTS sent within the usmc.mil official unclassified Marine domain but also to some civilian accounts, exposed the personal information of approximately 21,500 Marines, sailors and civilians. Per Marine Corp Times , the data included victims’ bank account numbers, truncated Social Security Numbers and emergency contact information.

How encryption may become a factor in scenarios like this:  If organizations are not using proper encryption, cybercriminals can insert themselves between two email servers to intercept and read the email. Sending private personal identity information over unencrypted channels essentially becomes an open invitation to cybercriminals.

Impact:  Upon learning of the breach, the Marines implemented email recall procedures to limit the number of email accounts that would receive the email. They also expressed their intention to implement additional security measures going forward.

7. Pennsylvania Department of Education data breach—Misassigned permissions

In February 2018, an employee in Pennsylvania’s Office of Administration committed an error that subsequently affected the state’s Teacher Information Management System (TIMS). As reported by PennLive , the incident temporarily enabled individuals who logged into TIMS to access personal information belonging to other users including teachers, school districts and Department of Education staff. In all, the security event is believed to have affected as many as 360,000 current and retired teachers.

How encryption may become a factor in scenarios like this: I f you do not know who’s accessing your organization’s information, then you’ll never know if it’s being accessed by cybercriminals. Encrypting access to vital information and carefully managing the identities of the machines that house it will help you control access.

Impact:  Pennsylvania’s Department of Education subsequently sent out notice letters informing victims that the incident might have exposed their personal information including their Social Security Numbers. It also offered a free one-year subscription for credit monitoring and identity protection services to affected individuals.

How machine identities are misused in a data breach

Human error can impact the success of even the strongest security strategies. As the above attacks illustrate, this can compromise the security of machine identities in numerous ways. Here are just a few:

• SSH keys grant privileged access to many internal systems. Often, these keys do not have expiration dates. And they are difficult to monitor. So, if SSH keys are revealed or compromised, attackers can use them to pivot freely within the network.
• Many phishing attacks leverage wildcard or rogue certificates to create fake sites that appear to be authentic. Such increased sophistication is often required to target higher-level executives.
• Using public-key encryption and authentication in the two-step verification makes it harder to gain malicious access. Easy access to SSH keys stored on computers or servers makes it easier for attackers to pivot laterally within the organization.
• An organization’s encryption is only as good as that of its entire vendor community. If organizations don’t control the keys and certificates that authenticate partner interactions, then they lose control of the encrypted tunnels that carry confidential information between companies.
• If organizations are not monitoring the use of all the keys and certificates that are used in encryption, then attackers can use rogue or stolen keys to create illegitimate encrypted tunnels. Organizations will not be able to detect these malicious tunnels because they appear to be the same as other legitimate tunnels into and out of the organization.

How to avoid data breaches

The best way to avoid a data breach to make sure your organization is using the most effective, up-to-date security tools and technologies. But even the best cybersecurity strategy is not complete unless it is accompanied by security awareness training for all who access and interact with sensitive corporate data. 

Because data breaches take many different forms and can happen in a multitude of ways, you need to be ever vigilant and employ a variety of strategies to protect your organization. These should include regular patching and updating of software, encrypting sensitive data, upgrading obsolete machines and enforcing strong credentials and multi-factor authentication.

In particular, a zero-trust architecture will give control and visibility over your users and machines using strategies such as least privileged access, policy enforcement, and strong encryption. Protecting your machine identities as part of your zero trust architecture will take you a long way toward breach prevention. Here are some machine identity management best practices that you should consider: 

• Locate all your machine identities.  Having a complete list of your machine identities and knowing where they’re all installed, who owns them, and how they’re used will give you the visibility you need to ensure that they are not being misused in an attack.
• Set up and enforce security policies.  To keep your machine identities safe, you need security policies that help you control every aspect of machine identities — issuance, use, ownership, management, security, and decommissioning. 
• Continuously gather machine identity intelligence.  Because the number of machines on your network is constantly changing, you need to maintain intelligence their identities, including the conditions of their use and their environment. 
• Automate the machine identity life cycle.  Automating he management of certificate requests, issuance, installation, renewals, and replacements helps you avoid error-prone manual actions that may leave your machine identities vulnerable to outage or breach. 
• Monitor for anomalous use.  After you’ve established a baseline of normal machine identity usage, you can start monitoring and flagging anomalous behavior, which can indicate a machine identity compromise.
• Set up notifications and alerts.  Finding and evaluating potential machine identity issues before they exposures is critical. This will help you take immediate action before attackers can take advantage of weak or unprotected machine identities.
• Remediate machine identities that don’t conform to policy.  When you discover machine identities that are noncompliant, you must quickly respond to any security incident that requires bulk remediation.

Training your users about the importance of machine identities will help reduce user errors. And advances in AI and RPA will also play a factor in the future. But for now, your best bet in preventing encryption from being misused in an attack on your organization is an automated machine identity management solution that allows you to maintain full visibility and control of your machine identities. Automation will help you reduce the inherent risks of human error as well as maintain greater control over how you enforce security policies for all encrypted communications. 

( This post has been updated. It was originally published Posted on October 15, 2020. ) 

Related posts

• Marriott Data Breach: 500 Million Reasons Why It’s Critical to Protect Machine Identities
• Breaches Are Like Spilled Milk: It Doesn’t Help to Cry
• The Major Data Breaches of 2017: Did Machine Identities Play a Factor?

Machine Identity Security Summit 2024

Help us forge a new era of cybersecurity

☕ We're spilling all the machine identiTEA Oct. 1-3, but these insights are too valuable to just toss in the harbor! Browse the agenda and register now.

• Data Breach

Type to search

Cybersecurity Case Studies and Real-World Examples

image courtesy pixabay.com

Table of Contents

In the ever-evolving landscape of cybersecurity, the battle between hackers and defenders continues to shape the digital domain. To understand the gravity of cybersecurity challenges, one need only examine real-world examples—breaches that have rocked industries, compromised sensitive data, and left organizations scrambling to shore up their defenses. In this exploration, we’ll dissect notable cybersecurity case studies, unravel the tactics employed by cybercriminals , and extract valuable lessons for strengthening digital defenses.

Equifax: The Breach that Shattered Trust

In 2017, Equifax, one of the largest credit reporting agencies, fell victim to a massive data breach that exposed the personal information of nearly 147 million individuals. The breach included sensitive data such as names, Social Security numbers, birthdates, and addresses, leaving millions vulnerable to identity theft and fraud.

Lessons Learned

1. Patch Management is Crucial:

The breach exploited a known vulnerability in the Apache Struts web application framework. Equifax failed to patch the vulnerability promptly, highlighting the critical importance of timely patch management. Organizations must prioritize staying current with security patches to prevent known vulnerabilities from being exploited.

2. Transparency Builds Trust:

Equifax faced severe backlash not only for the breach itself but also for its delayed and unclear communication with affected individuals. Transparency in communication is paramount during a cybersecurity incident. Organizations should proactively communicate the extent of the breach, steps taken to address it, and measures for affected individuals to protect themselves.

Target: A Cybersecurity Bullseye

In 2013, retail giant Target suffered a significant breach during the holiday shopping season. Hackers gained access to Target’s network through a third-party HVAC contractor, eventually compromising the credit card information of over 40 million customers and the personal information of 70 million individuals.

1. Third-Party Risks Require Vigilance:

Target’s breach underscored the risks associated with third-party vendors. Organizations must thoroughly vet and monitor the cybersecurity practices of vendors with access to their networks. Note that a chain is only as strong as its weakest link.

2. Advanced Threat Detection is Vital:

Target failed to detect the initial stages of the breach, allowing hackers to remain undetected for an extended period. Implementing robust advanced threat detection systems is crucial for identifying and mitigating breaches in their early stages.

WannaCry: A Global Ransomware Epidemic

In 2017, the WannaCry ransomware swept across the globe, infecting hundreds of thousands of computers in over 150 countries. Exploiting a vulnerability in Microsoft Windows, WannaCry encrypted users’ files and demanded ransom payments in Bitcoin for their release.

1. Regular System Updates are Non-Negotiable:

WannaCry leveraged a vulnerability that had been addressed by a Microsoft security update months before the outbreak. Organizations fell victim due to delayed or neglected updates. Regularly updating operating systems and software is fundamental to thwarting ransomware attacks .

2. Backup and Recovery Planning is Essential:

Organizations that had robust backup and recovery plans were able to restore their systems without succumbing to ransom demands. Implementing regular backup procedures and testing the restoration process can mitigate the impact of ransomware attacks.

Sony Pictures Hack: A Cyber Espionage Saga

In 2014, Sony Pictures Entertainment became the target of a devastating cyberattack that exposed an array of sensitive information, including unreleased films, executive emails, and employee records. The attackers, linked to North Korea, sought to retaliate against the film “The Interview,” which portrayed the fictional assassination of North Korea’s leader.

1. Diverse Attack Vectors:

The Sony hack demonstrated that cyber threats can come from unexpected sources and employ diverse attack vectors. Organizations must not only guard against common threats but also be prepared for unconventional methods employed by cyber adversaries .

2. Nation-State Threats:

The involvement of a nation-state in the attack highlighted the increasing role of geopolitical motivations in cyber incidents. Organizations should be aware of the potential for state-sponsored cyber threats and implement measures to defend against politically motivated attacks.

Marriott International: Prolonged Exposure and Ongoing Impact

In 2018, Marriott International disclosed a data breach that had persisted undetected for several years. The breach exposed personal information, including passport numbers, of approximately 500 million guests. The prolonged exposure raised concerns about the importance of timely detection and response.

1. Extended Dwell Time Matters:

Marriott’s breach highlighted the significance of dwell time—the duration a threat actor remains undetected within a network. Organizations should invest in advanced threat detection capabilities to minimize dwell time and swiftly identify and mitigate potential threats.

2. Post-Breach Communication:

Marriott faced criticism for the delayed communication of the breach to affected individuals. Prompt and transparent communication is vital in maintaining trust and allowing individuals to take necessary actions to protect themselves.

SolarWinds Supply Chain Attack: A Wake-Up Call

In late 2020, the SolarWinds supply chain attack sent shockwaves through the cybersecurity community. Sophisticated threat actors compromised SolarWinds’ software updates, enabling them to infiltrate thousands of organizations, including government agencies and major corporations.

1. Supply Chain Vulnerabilities:

The incident underscored the vulnerability of the software supply chain. Organizations must conduct thorough assessments of their suppliers’ cybersecurity practices and scrutinize the security of third-party software and services.

2. Continuous Monitoring is Essential:

The SolarWinds attack highlighted the importance of continuous monitoring and threat detection. Organizations should implement robust monitoring systems to identify anomalous behavior and potential indicators of compromise.

Notable Lessons and Ongoing Challenges

1. Human Element:

Many breaches involve human error, whether through clicking on phishing emails or neglecting cybersecurity best practices. Cybersecurity awareness training is a powerful tool in mitigating the human factor. Employees should be educated on identifying phishing attempts, using secure passwords, and understanding their role in maintaining a secure environment.

2. Zero Trust Architecture:

The concept of Zero Trust, where trust is never assumed, has gained prominence. Organizations should adopt a mindset that verifies every user, device, and network transaction, minimizing the attack surface and preventing lateral movement by potential intruders.

3. Cybersecurity Collaboration:

Cybersecurity is a collective effort. Information sharing within the cybersecurity community, between organizations, and with law enforcement agencies is crucial for staying ahead of emerging threats. Collaborative efforts can help identify patterns and vulnerabilities that may not be apparent to individual entities.

4. Regulatory Compliance:

The landscape of data protection and privacy regulations is evolving. Compliance with regulations such as GDPR, HIPAA, or CCPA is not only a legal requirement but also a cybersecurity best practice. Understanding and adhering to these regulations enhances data protection and builds trust with customers.

5. Encryption and Data Protection:

The importance of encryption and data protection cannot be overstated. In various breaches, including those of Equifax and Marriott, the compromised data was not adequately encrypted, making it easier for attackers to exploit sensitive information. Encrypting data at rest and in transit is a fundamental cybersecurity practice.

6. Agile Incident Response:

Cybersecurity incidents are inevitable, but a swift and agile incident response is crucial in minimizing damage. Organizations should regularly test and update their incident response plans to ensure they can respond effectively to evolving threats.

7. User Awareness and Training:

Human error remains a significant factor in many breaches. User awareness and training programs are essential for educating employees about cybersecurity risks , promoting responsible online behavior, and reducing the likelihood of falling victim to phishing or social engineering attacks.

8. Continuous Adaptation:

Cyber threats constantly evolve, necessitating a culture of continuous adaptation. Organizations should regularly reassess and update their cybersecurity strategies to address emerging threats and vulnerabilities.

Conclusion: Navigating the Cybersecurity Landscape

The world of cybersecurity is a battlefield where the landscape is ever-changing, and the adversaries are relentless. Real-world case studies serve as poignant reminders of the importance of proactive cybersecurity measures . As organizations adapt to emerging technologies, such as cloud computing, IoT, and AI, the need for robust cybersecurity practices becomes more pronounced. Real-world case studies offer invaluable insights into the tactics of cyber adversaries and the strategies employed by organizations to defend against evolving threats.

Prabhakar Pillai

I am a computer engineer from Pune University. Have a passion for technical/software blogging. Wrote blogs in the past on SaaS, Microservices, Cloud Computing, DevOps, IoT, Big Data & AI. Currently, I am blogging on Cybersecurity as a hobby.

14 Comments

Hi, I believe your website mmight be having browser compatibility problems. Whenever I lokok att your blog in Safari, it looks fine but when opening in Internet Explorer, it has some overlapping issues. I just wanted to provide you with a quick heads up! Other than that, excellent blog!

Consider opening in chrome or Microsoftedge. Thank you for the comments

Hey! Loved your post.

This was a very insightful read. I learned a lot from it.

This is fantastic! Please continue with this great work.

Thank you for addressing such an important topic in this post Your words are powerful and have the potential to make a real difference in the world

Your writing is so engaging and easy to read It makes it a pleasure to visit your blog and learn from your insights and experiences

Your blog posts are always full of valuable information, thank you! Share the post on Facebook.

This is a must-read article for anyone interested in the topic. It’s well-written, informative, and full of practical advice. Keep up the good work!

I just wanted to say how much I appreciate your work. This article, like many others on your blog, is filled with thoughtful insights and a wonderful sense of optimism. It’s evident that you put a lot of effort into creating content that not only informs but also uplifts. Thank you.

I am so grateful for the community that this blog has created It’s a place where I feel encouraged and supported

Thank you for this insightful article. It’s well-researched and provides a lot of useful information. I learned a lot and will definitely be returning for more.

Security Framework and Defense Mechanisms for IoT Reactive Jamming Attacks – Download ebook – https://mazkingin.com/security-framework-and-defense-mechanisms-for-iot-reactive-jamming-attacks/

Leave a Comment Cancel Comment

Your email address will not be published. Required fields are marked *

Save my name, email, and website in this browser for the next time I comment.

A Systematic Analysis of the Capital One Data Breach: Critical Lessons Learned

New citation alert added.

This alert has been successfully added and will be sent to:

You will be notified whenever a record that you have chosen has been cited.

To manage your alert preferences, click on the button below.

New Citation Alert!

Please log in to your account

Information & Contributors

Bibliometrics & citations, view options, 1 introduction, 2 cybersafety method of analysis, 3 the incident, 3.1 historical context, 3.2 technical details.

4 Cybersafety Analysis of the Incident

4.1 the system, hazards, and safety & security constraints.

4.2 Hierarchical Functional Control Structure

4.2.1 Technical Controllers.

4.2.1.1 web application firewall (loop #1)., 4.2.1.2 identity and access management (iam) (loop #2)., 4.2.2 operational controllers., 4.2.2.1 information technology (loop #4)., 4.2.2.2 information security (loop #3)., 4.2.2.3 cloud provider – aws (loop #5)., 4.2.3 management controllers., 4.2.3.1 senior leadership (loop #6)., 4.2.4 board of directors and internal audit (loop #7, #8)..

4.2.5 Regulatory Controllers (Loop #9).

5 recommendations, 6 cybersafety performance evaluation, 7 conclusions.

• Tariq M (2024) Enhancing Cybersecurity Protocols in Modern Healthcare Systems Transformative Approaches to Patient Literacy and Healthcare Innovation 10.4018/979-8-3693-3661-8.ch011 (223-241) Online publication date: 9-Feb-2024 https://doi.org/10.4018/979-8-3693-3661-8.ch011
• Naseema N Akhtar S Al Hinai A (2024) Disrupting Financial Services Harnessing Blockchain-Digital Twin Fusion for Sustainable Investments 10.4018/979-8-3693-1878-2.ch015 (363-383) Online publication date: 16-Feb-2024 https://doi.org/10.4018/979-8-3693-1878-2.ch015
• Cohen B Hu A Patino D Coffman J (2024) This Is Going on Your Permanent Record: A Legal Analysis of Educational Data in the Cloud ACM Journal on Responsible Computing 10.1145/3675230 1 :3 (1-27) Online publication date: 4-Jul-2024 https://dl.acm.org/doi/10.1145/3675230
• Show More Cited By

Index Terms

Security and privacy

Systems security

Recommendations

Security, privacy, and the role of law.

US President Barack Obama promised a "new comprehensive approach" to cybersecurity and guaranteed to preserve "personal privacy and civil liberties," but the administration has stopped short of committing to the legal changes necessary to protect either ...

An analysis of HIPAA breach data

As software developers, we have a responsibility to protect our user's data. When this data is protected health information (PHI), breaches can have serious financial and reputational consequences. The goal of this research is to analyze trends in ...

The Cyberethics, Cybersafety, and Cybersecurity at Schools

The 2006 Megan Meier case, where a teenage girl who was bullied on the Internet through e-mail and Myspace which was said to ultimately lead to her suicide, shed light on the cyber bullying issue in schools. This article uses a case study approach to ...

Information

Published in.

Purdue University, USA

Association for Computing Machinery

New York, NY, United States

Publication History

Permissions, check for updates, author tags.

• Capital One breach
• cybersafety
• cybersecurity
• Research-article

Contributors

Other metrics, bibliometrics, article metrics.

• 11 Total Citations View Citations
• 31,235 Total Downloads
• Downloads (Last 12 months) 25,375
• Downloads (Last 6 weeks) 3,488
• Esposito M Falessi D (2024) VALIDATE Information and Software Technology 10.1016/j.infsof.2024.107448 170 :C Online publication date: 1-Jun-2024 https://dl.acm.org/doi/10.1016/j.infsof.2024.107448
• Hilario E Azam S Sundaram J Imran Mohammed K Shanmugam B (2024) Generative AI for pentesting: the good, the bad, the ugly International Journal of Information Security 10.1007/s10207-024-00835-x 23 :3 (2075-2097) Online publication date: 15-Mar-2024 https://dl.acm.org/doi/10.1007/s10207-024-00835-x
• Esposito M Moreschini S Lenarduzzi V Hästbacka D Falessi D (2023) Can We Trust the Default Vulnerabilities Severity? 2023 IEEE 23rd International Working Conference on Source Code Analysis and Manipulation (SCAM) 10.1109/SCAM59687.2023.00037 (265-270) Online publication date: 2-Oct-2023 https://doi.org/10.1109/SCAM59687.2023.00037
• Kaneko R Saito T (2023) DNS Rebinding Attacks Against Browsers on Azure Virtual Machines 2023 IEEE 23rd International Conference on Software Quality, Reliability, and Security Companion (QRS-C) 10.1109/QRS-C60940.2023.00100 (564-571) Online publication date: 22-Oct-2023 https://doi.org/10.1109/QRS-C60940.2023.00100
• Nikita N Parashar G (2023) Enterprise Security Architecture For Cloud Computing: A Review 2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT) 10.1109/ICCCNT56998.2023.10307676 (1-7) Online publication date: 6-Jul-2023 https://doi.org/10.1109/ICCCNT56998.2023.10307676
• Guffey J Li Y (2023) Cloud Service Misconfigurations: Emerging Threats, Enterprise Data Breaches and Solutions 2023 IEEE 13th Annual Computing and Communication Workshop and Conference (CCWC) 10.1109/CCWC57344.2023.10099296 (0806-0812) Online publication date: 8-Mar-2023 https://doi.org/10.1109/CCWC57344.2023.10099296
• Ebert N Schaltegger T Ambuehl B Schöni L Zimmermann V Knieps M (2023) Learning from safety science Computers and Security 10.1016/j.cose.2023.103435 134 :C Online publication date: 1-Nov-2023 https://dl.acm.org/doi/10.1016/j.cose.2023.103435

View options

View or Download as a PDF file.

View online with eReader .

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Share this publication link.

Copying failed.

Share on social media

Affiliations, export citations.

• Please download or close your previous search result export first before starting a new bulk export. Preview is not available. By clicking download, a status dialog will open to start the export process. The process may take a few minutes but once it finishes a file will be downloadable from your browser. You may continue to browse the DL while the export process is in progress. Download
• Download citation
• Copy citation

We are preparing your search results for download ...

We will inform you here when the file is ready.

Your file of search results citations is now ready.

Your search export query has expired. Please try again.

Case Studies: Notable Breaches

Cyber attacks and data breaches are unfortunately common in modern times, and they often have serious consequences. In this article, we’ll look at three examples of successful breaches to learn what happened before, during, and after the attack. We’ll also discuss key takeaways and lessons from these events.

Breach 1: Uber

In late 2016, attackers used a password obtained in an unrelated data breach to gain access to an Uber engineer’s personal GitHub account. From this account, the attackers were able to access one of Uber’s internal repositories, which contained a private key used to access Uber’s datastores. These datastores contained unencrypted personal information for approximately 57 million Uber drivers and riders. The attackers downloaded copies of this private user information violating the information’s confidentiality. The attackers then contacted Uber, informed them that they had compromised Uber’s databases, and demanded a ransom to delete the stolen data.

Uber was contacted by the attackers on November 14th, 2016, and Uber chose to pay the ransom. Uber had the attackers sign non-disclosure agreements regarding the stolen information.

What Uber did not do, however, was disclose the breach. Uber was also under investigation at the time for a different breach that occurred in 2014. Uber didn’t disclose the breach until November 21, 2017, following the appointment of a new CEO. In addition to being highly unethical, Uber’s failure to disclose the breach was also illegal. In addition to the $100,000 ransom, Uber paid $148 million as part of the settlement.

Lessons learned

• Failing to disclose breaches is unethical and illegal. Prompt disclosure is crucial to maintaining the trust of customers and complying with the law.
• Mistakenly including keys or other sensitive data in source-control repositories is a common mistake with potentially serious repercussions. Administrative and technical controls should be put in place to prevent sensitive data from being included in repositories, even internal repositories.
• Allowing access to internal resources with personal, external accounts is a security risk. Internal resources should be accessed using work accounts with strong security policies.
• Don’t store private user information in an unencrypted format.

Breach 2: Target

In late November of 2013, attackers gained access to Target’s internal network using credentials stolen from a third-party vendor with network access. Improper network segmentation let the attackers gain access to Target’s point-of-sale (POS) system, which they installed malware onto. This malware stole the details of over 40 million credit cards used at Target’s stores, along with the personal information of over 70 million people. Target had antimalware software monitoring their system, but it was improperly monitored and configured. The software was not able to automatically remove the malware, and the alerts it raised went uninvestigated.

Target discovered the breach on December 12th, 2013, and quickly responded, working with federal and private investigators to conduct a forensic investigation and remove the malware. While the breach was disclosed to card processors by the 16th, it was not disclosed to the public until the 18th when Brian Krebs, a security researcher, broke the story. In the aftermath of the breach, Target invested 100 million dollars into improving its cybersecurity and paid out an additional 18.5 million dollars in settlement costs.

• Promptly responding to breaches is crucial to maintain both legal compliance, and professional image. While Target’s public disclosure was delayed, there can be valid investigative reasons to delay public disclosure.
• Proper configuration is a requirement for security systems to be effective.
• Conducting a proper investigation of security alerts is crucial to catching attacks before they get out of control. Improperly configured alerts, particularly high volumes of false alarms, can cause legitimate alerts to be ignored.
• High-value targets should be hardened against attack. Target’s POS terminals were not hardened against tampering, allowing the attackers to violate their integrity and install malware.

Breach 3: SolarWinds

In September of 2019, a group of hackers covertly gained access to SolarWinds, a company that develops enterprise IT and cybersecurity software. The attackers tested and deployed Sunspot, a piece of custom malware, targeting Orion, one of SolarWinds’ products. Sunspot secretly added a backdoor to Orion, which was then digitally signed by SolarWinds’ update system which made it appear legitimate and pushed to customers through software updates. The backdoor allowed the attackers to install additional malware, known as Teardrop, onto the networks of SolarWinds customers, causing a massive breach of confidentiality and integrity.

SolarWinds did not become aware of the attack until December of 2020 when FireEye, another cybersecurity company, discovered the backdoor while investigating how they themselves had been breached. In the ensuing investigation, it was determined that the attackers had used the backdoor to attack approximately 100 companies including Boeing and 9 federal agencies, including the United States Department of Defense and Justice Department. The attack has been publicly attributed to Russia by multiple United States government organizations, including the FBI and NSA. This attack is one of the largest and most serious cases of cyber-espionage in history.

• Organizations should know their threat landscape. Organizations that provide software, particularly to high-value targets such as Fortune 500 companies and government agencies, should consider themselves potential targets for APT groups.
• Supply chain attacks are a real and serious threat, and organizations should be aware that the tools they use could become compromised.
• Security needs to be proactive, in addition to reactive. Additional proactive security measures and investigation by SolarWinds might have caught the addition of malicious code to Orion sooner.

Cyberattacks and security breaches have become a semi-regular occurrence, but that doesn’t mean we should simply accept them as a fact of life. It’s important to analyze and understand how security has failed in the past in order to improve it for the future. Organizations have a responsibility to protect the confidentiality, integrity, and availability of data entrusted to them by implementing good security practices and responding promptly and ethically when a breach does happen.

The Codecademy Team, composed of experienced educators and tech experts, is dedicated to making tech skills accessible to all. We empower learners worldwide with expert-reviewed content that develops and enhances the technical skills needed to advance and succeed in their careers.

Related articles

Other cyber attacks, the evolution of cybersecurity, learn more on codecademy, cybersecurity for business, introduction to cybersecurity.

Cyber Case Study: Anthem Data Breach

by Kelli Young | Sep 27, 2021 | Case Study , Cyber Liability Insurance

In late 2014, Anthem—a well-known health insurance company that provides coverage to more than 100 million Americans—suffered a large-scale data breach. Foreign cyber-criminals leveraged malicious email tactics to access Anthem’s computer systems and subsequently compromise millions of members’ personal information. The Anthem data breach was revealed to the public in early 2015, causing widespread alarm among Anthem’s members and costing the company hundreds of millions of dollars in recovery efforts and legal expenses.

This breach has since been dubbed one of the most devastating cyber incidents within the U.S. health care industry, contributing to a nationwide conversation about the importance of data protection. In the aftermath, organizations can learn various cybersecurity lessons by reviewing the details of this incident, its impact and Anthem’s mistakes along the way. Here’s what your organization needs to know.

The Details of the Anthem Data Breach

After infiltrating Anthem’s data warehouse, the cybercriminals began transporting records from this system. By December 10, 2014, Deep Panda had exfiltrated nearly 80 million Anthem members’ records. These records included a wide range of personal details—including names, birthdates, Social Security numbers, health care identification numbers, contact information (e.g., email and home addresses) and income data. Fortunately, members’ credit card information, medical history and claims data were not compromised.

On January 27, 2015—more than one month after the data warehouse exfiltration—Anthem discovered that the breach had taken place. Within days, the company informed the federal authorities of the incident. The following week, Anthem shared the details of the breach with the public through a written press release on February 4, 2015. Later that month, the company hired a cybersecurity firm to investigate how the breach occurred and develop measures to prevent future incidents. In the following years, the U.S. Department of Justice eventually indicted multiple Chinese hackers associated with Deep Panda for their involvement in the incident.

The Impact of the Anthem Data Breach

In addition to compromised data, Anthem faced several consequences following the large-scale breach.

Recovery costs The company incurred significant recovery expenses after the breach took place. In fact, the incident is estimated to have cost Anthem a total of nearly $260 million. Breaking down these expenses, the company first spent over $30 million in the process of notifying the public of the breach. In an attempt to support members affected by the incident, Anthem then spent $112 million to offer these individuals credit monitoring and identity theft protection. From there, the company spent an additional $2.5 million to receive assistance from expert consultants during the investigation. Lastly, Anthem spent $115 million to bolster multiple workplace cybersecurity measures and implement enhanced data protection protocols.

Reputational damages Anthem also received widespread criticism from its members, the media and security experts after the breach. Although the company possessed various cybersecurity measures and an incident response plan that helped mitigate damages upon discovering the breach, Anthem still experienced scrutiny for its lackluster data protection procedures. Namely, the company failed to encrypt the records held in its data warehouse—a vital step that could have kept members’ personal details private from Deep Panda and largely minimized the incident’s overall impact.

Legal ramifications In the years following the breach, Anthem faced numerous lawsuits from various avenues. The company first reached a $115 million class-action settlement in 2017 with individuals impacted by the incident. In 2018, Anthem then paid a record-setting $16 million settlement to the Office for Civil Rights for Health Insurance Portability and Accountability Act (HIPAA) violations stemming from the breach. Prior to this settlement, the highest HIPAA penalty recorded was less than $6 million. Most recently, Anthem paid a $39.5 million settlement in 2020 to a coalition of 44 states to resolve a variety of breach-related claims.

In total, the incident is estimated to have cost Anthem a total of nearly $260 million.

Lessons learned from the anthem data breach.

There are several cybersecurity takeaways from the Anthem data breach. Specifically, the incident emphasized these critical lessons.

Employee training is critical. Employees are often the first line of defense against cyber incidents. This point was certainly emphasized during the Anthem data breach. If Anthem’s staff had been able to recognize Deep Panda’s deceptive email tactics, this incident likely could have been prevented altogether. With this in mind, it’s vital for all employees to receive sufficient workplace cybersecurity training. Knowing how to detect and respond to potential cyberthreats—such as phishing scams—can help employees stop cybercriminals in their tracks. Specifically, employees should be educated on these security best practices:

• Avoid opening or responding to emails from unfamiliar individuals or organizations. If an email claims to be from a trusted source, verify their identity by double-checking the address.
• Never click on suspicious links or pop-ups, whether they’re in an email or on a website. Don’t download attachments or software programs from unknown sources or locations.
• Utilize unique, complicated passwords for all workplace accounts. Never share credentials or other sensitive information online.

Data protection should be a top priority. Despite having other valuable cybersecurity measures in place during the breach, Anthem left its members’ records vulnerable by neglecting to implement data protection protocols. Especially within the health care sector, leaving data unprotected can have severe consequences; since health care data often includes information (e.g., individuals’ personal details and intellectual property pertaining to medical research) that’s considered highly valuable to cybercriminals, the likelihood that such data will be targeted in a breach is increased. In fact, a stolen health care record is typically valued at approximately $250 on the black market, whereas the next highest value record (e.g., stolen credit card information) drops to just $5.40. In any case, Anthem’s data security shortcomings showcased how crucial it is to take extra steps to safeguard sensitive information so related losses during cyber incidents are prevented. Key data protection measures include:

• Encrypting all sensitive workplace data
• Restricting employees’ access to sensitive data on an as-needed basis
• Requiring employees to utilize multi- factor authentication before accessing sensitive data
• Segmenting workplace networks
• Conducting routine data backups in a secure, offline location

Effective security software is a must. Apart from employee training and data protection, a wide range of security software could have helped Anthem detect, mitigate and potentially prevent this breach. Although this software may seem like an expensive investment, it’s well worth it to avoid devastating cyber incidents. Necessary security software to consider includes network monitoring systems, antivirus programs, endpoint detection products and patch management tools. This software should be utilized on all workplace technology and updated regularly to ensure effectiveness. Also, it’s valuable to conduct routine penetration testing to determine whether this software possesses any security gaps or ongoing vulnerabilities. If such testing reveals any problems, these issues should be addressed immediately.

Proper coverage can provide much needed protection. Finally, this breach made it clear that no organization—not even a major health insurance company—is immune to cyber-related losses. That’s why it’s crucial to ensure adequate protection against potential cyber incidents securing proper coverage. Make sure your organization works with a trusted insurance professional when navigating these coverage decisions.

We are here to help.

If you’d like additional information and resources, we’re here to help you analyze your needs and make the right coverage decisions to protect your operations from unnecessary risk. You can download a free copy of our  eBook , or if you’re ready make Cyber Liability Insurance a part of your insurance portfolio,  Request a Proposal  or download and get started on our  Cyber & Data Breach Insurance Application  and we’ll get to work for you.

Recent Posts

• Cyber Solutions: Defending AI Systems From Malicious Data Poisoning Attacks
• Live Well Work Well – August 2024
• Cybersecurity Awareness Programs: Benefits and Implementation
• Cyber Case Study: Colonial Pipeline Ransomware Attack
• Understanding the Difference Between Life Insurance and Annuities

• New Zealand
• United States
• United Kingdom

Case Studies in Cyber Security: Learning from Notable Incidents and Breaches

Stay Informed With Our Weekly Newsletter

Receive crucial updates on the ever-evolving landscape of technology and innovation.

By clicking 'Sign Up', I acknowledge that my information will be used in accordance with the Institute of Data's Privacy Policy .

The importance of cyber security cannot be overstated in today’s digital age.

With technological advancements, businesses and individuals increasingly rely on the Internet and digital platforms for various activities.

However, this reliance also exposes us to potential cyber threats and breaches that can have significant impacts.

According to findings by IBM and the Ponemon Institute, security teams typically require, on average, approximately 277 days to detect and mitigate a data breach.

By understanding the role of cyber security and dissecting notable case studies in cyber security, we can learn valuable lessons that can help us improve our overall cyber security strategies.

Understanding the importance of cyber security

It encompasses various measures and practices that are designed to prevent unauthorised access, use, or disclosure of data.

In a world where cybercriminals are constantly evolving their techniques, examining case studies in cyber security and having a robust strategy is essential.

The role of cyber security in today’s digital age

In today’s interconnected world, businesses and individuals rely heavily on digital platforms and online services.

From online banking to e-commerce, from social networking to remote working, our lives revolve around the digital landscape.

With such heavy dependence, cyber threats and breaches become a real and constant danger.

The evolving nature of cyber security threats calls for continuous vigilance and proactive measures, like consistently reviewing case studies in cyber security.

Cyber security professionals need to be well-versed in the latest threats, vulnerabilities, and solutions to mitigate risks effectively.

The potential impact of cyber security breaches

Cyber security breaches can have severe consequences for organisations and individuals alike.

They can result in unauthorised access to sensitive information, financial loss, reputational damage, and legal implications.

The impact of a breach can extend far beyond immediate financial losses, as organisations can suffer long-term damage to their brand and customer trust.

For individuals, cyber security breaches can result in identity theft, personal financial loss, and compromised privacy.

The consequences of a breach can be emotionally and financially distressing, affecting individuals’ lives for years to come.

Now let’s look at some important case studies in cyber security.

Dissecting notable case studies in cyber security

Examining case studies in cyber security incidents allows us to gain a deeper understanding of a breach’s anatomy and the emerging common themes.

The sony pictures hack

In 2014, cyber attackers infiltrated Sony Pictures’ network, releasing confidential data, including employees’ personal details and private communications between executives.

This breach led to significant reputational harm and financial setbacks for Sony, prompting substantial investments in cyber security improvements and numerous legal settlements.

Case studies in cyber security like this one underscore the critical need for enhanced network security measures and more rigorous data handling and protection protocols.

The Equifax data breach

Equifax suffered a massive breach in 2017 when hackers exploited a web application vulnerability to access the personal data of roughly 147 million consumers.

This incident ranks among the most substantial losses of consumer data to date, resulting in severe reputational and financial damage to Equifax.

Case studies in cyber security like this highlight the critical importance of keeping software up to date and the need for a thorough vulnerability management strategy to prevent similar breaches.

The WannaCry ransomware attack

The WannaCry ransomware is another case study in cyber security from 2017.

It was a global crisis, impacting hundreds of thousands of computers across 150 countries by exploiting vulnerabilities in outdated Microsoft Windows systems.

The attack disrupted critical services in sectors such as healthcare and transportation, leading to extensive financial losses worldwide.

This event demonstrated the importance of regular system updates, effective backup protocols, and ongoing employee training to mitigate the risks of phishing and other cyber threats .

How to apply these lessons to improve cyber security

Applying the lessons learned from past case studies in cyber security requires a holistic and proactive approach.

Organisations should conduct regular vulnerability assessments and penetration testing to identify weaknesses within their infrastructure.

These assessments provide valuable insights into potential vulnerabilities that can be addressed to strengthen overall cyber security.

In addition, continuous education and awareness programs should be implemented to ensure employees are well-informed about the latest threats and trained on cyber security best practices.

Regular training sessions, simulated phishing campaigns, and security awareness workshops can contribute to creating a security-conscious culture within the organisation.

Consider an online training program like the Institute of Data’s Cyber Security Program , which can teach you the necessary skills and provide real-world project experience to enter or upskill into the cyber security domain.

Strategies for enhancing cyber security

Effective cyber security strategies go beyond implementing technical controls and educating employees.

They encompass a comprehensive approach that addresses various aspects of cyber security, including prevention, detection, response, and recovery.

Best practices for preventing cyber security breaches

• Implementing multi-factor authentication (MFA) for all accounts
• Regularly patching and updating systems and software
• Using strong, unique passwords or password managers
• Encrypting sensitive data both at rest and in transit
• Restricting user access based on the principle of least privilege
• Implementing robust firewalls and network segmentation
• Conducting regular vulnerability assessments and penetration testing
• Monitoring network traffic and system logs for anomalies
• Regularly backing up critical data and testing the restore process
• Establishing incident response plans and conducting tabletop exercises

The future of cyber security: predictions and precautions

As technology continues to evolve, so do cyber threats.

It is essential to anticipate future trends and adopt proactive measures to strengthen our cyber security defences.

Emerging technologies like artificial intelligence and the Internet of Things present both opportunities and challenges.

While they enhance convenience and efficiency, they also introduce new attack vectors.

It is crucial for cyber security professionals to stay abreast of these developments and implement necessary safeguards.

Learning from case studies in cyber security allows us to understand the evolving landscape of cyber security better.

Dissecting these incidents, identifying key lessons, and applying best practices can strengthen our overall cyber security strategies.

As the digital age continues to advance, we must remain vigilant and proactive in our efforts to protect our digital assets and sensitive information.

Enrol in the Institute of Data’s Cyber Security Program to examine important case studies in cyber security, improve your knowledge of cyber security language, and stay ahead of evolving challenges.

Alternatively, if you’re interested in learning more about the program and how it can benefit your career, book a free career consultation with a member of our team today.

Follow us on social media to stay up to date with the latest tech news

Stay connected with Institute of Data

Redesigning Her Future: Pia’s Transition from Architecture to Data Science

How to Re-enter the Workforce After a Long Break

From Engineering to Data Science: Simon’s Journey into Tech

Maximising Your Education: How to Successfully Transition Into a Software Engineering Career

Prevent Resource Theft: Safeguarding Your Business’s Resources

Combatting Ransomware Attacks: Exclusive Prevention and Response Tactics

© Institute of Data. All rights reserved.

Copy Link to Clipboard

• Digital Marketing
• Facebook Marketing
• Instagram Marketing
• Ecommerce Marketing
• Content Marketing
• Data Science Certification
• Machine Learning
• Artificial Intelligence
• Data Analytics
• Graphic Design
• Adobe Illustrator
• Web Designing
• UX UI Design
• Interior Design
• Front End Development
• Back End Development Courses
• Business Analytics
• Entrepreneurship
• Supply Chain
• Financial Modeling
• Corporate Finance
• Project Finance
• Harvard University
• Stanford University
• Yale University
• Princeton University
• Duke University
• UC Berkeley
• Harvard University Executive Programs
• MIT Executive Programs
• Stanford University Executive Programs
• Oxford University Executive Programs
• Cambridge University Executive Programs
• Yale University Executive Programs
• Kellog Executive Programs
• CMU Executive Programs
• 45000+ Free Courses
• Free Certification Courses
• Free DigitalDefynd Certificate
• Free Harvard University Courses
• Free MIT Courses
• Free Excel Courses
• Free Google Courses
• Free Finance Courses
• Free Coding Courses
• Free Digital Marketing Courses

25 Cybersecurity Case Studies [Deep Analysis][2024]

In our digital world, robust cybersecurity is critical. Each of the 15 case studies in this collection explores the challenges, strategies, and results of securing digital assets against cyber threats. Covering real-world scenarios from various organizations, these case studies offer insights into innovative security solutions and underscore the necessity of protecting information from increasingly sophisticated cybercriminals.

25 Cybersecurity Case Studies  

Case study 1: enhancing network security with predictive analytics (cisco)  .

Challenge:  Cisco encountered difficulties in protecting its extensive network infrastructure from complex cyber threats, aiming to enhance security by predicting breaches before they happen.  

Solution:  Cisco created a predictive analytics tool using machine learning to evaluate network traffic patterns and spot anomalies signaling potential threats. Integrated with their current security protocols, this system allows for dynamic defense adjustments and real-time alerts to system administrators about possible vulnerabilities.  

Overall Impact:

1. Improved Security Posture:  The predictive system enabled proactive responses to potential threats, significantly reducing the incidence of successful cyber attacks.

2. Enhanced Operational Efficiency: Automating threat detection and response processes allowed Cisco to manage network security more efficiently, with fewer resources dedicated to manual monitoring.  

Key Takeaways:

1. Proactive Security Measures:  Employing predictive cybersecurity analytics helps organizations avoid potential threats.

2. Integration of Machine Learning:  Machine learning is crucial for effectively detecting patterns and anomalies that human analysts might overlook, leading to stronger security measures.

Case Study 2: Strengthening Endpoint Security through Advanced Encryption (Microsoft)  

Challenge:  Microsoft faced difficulties securing many global devices, particularly protecting sensitive data across diverse platforms susceptible to advanced cyber-attacks.

Solution:  Microsoft deployed an advanced encryption system enhanced with multi-factor authentication to secure data, whether stored or in transit. This solution integrates smoothly with Microsoft’s existing security frameworks, employs robust encryption algorithms, and adapts continuously to emerging security threats.

1. Robust Data Protection:  By encrypting data on all endpoints, Microsoft significantly minimized the risk of data breaches, ensuring that sensitive information remains inaccessible to unauthorized parties.

2. Increased User Confidence: The enhanced security measures fostered greater trust among users, encouraging the adoption of Microsoft products and services in environments requiring stringent security protocols.  

1. Essential Role of Encryption:  Encryption remains a critical tool in protecting data across devices, serving as a fundamental component of comprehensive cybersecurity strategies.

2. Adaptive Security Systems: Implementing flexible, adaptive security solutions is essential to effectively address the dynamic nature of cyber threats, ensuring ongoing protection against potential vulnerabilities.

Case Study 3: Implementing Zero Trust Architecture for Enhanced Data Security (IBM)  

Challenge:  With the increase in remote work, IBM needed to bolster its data security strategy to protect against vulnerabilities in its internal networks and ensure that only verified users and devices accessed specific network segments.  

Solution:  IBM implemented a Zero Trust security model requiring rigorous verification for every access attempt across its network. This model employs strict identity checks, network micro-segmentation, and least privilege access controls, coupled with real-time threat detection and response to enhance security dynamically.

1. Enhanced Security Compliance:  The implementation of Zero Trust architecture helped IBM meet stringent compliance requirements and protect sensitive data effectively.

2. Reduced Data Breach Incidents:  By enforcing strict access controls and continuous verification, IBM significantly lowered the risk of data breaches.

1. Necessity of Zero Trust:  Adopting a Zero Trust approach is crucial for organizations looking to protect critical data in increasingly complex IT environments.

2. Continuous Verification:  Regular and comprehensive verification processes are essential for maintaining security integrity in a dynamic threat landscape.

Related: Cybersecurity Interview Questions

Case Study 4: Revolutionizing Threat Detection with AI-Powered Security Systems (Palo Alto Networks)

  Challenge:  Palo Alto Networks struggled to manage the large volumes of security data and keep pace with rapidly evolving cyber threats, as traditional methods faltered against advanced threats and sophisticated malware.

Solution:  Palo Alto Networks introduced an AI-powered security platform that uses developed machine learning algorithms to analyze extensive network data. This system automates threat detection by identifying subtle patterns indicative of cyber threats, allowing quicker and more precise responses.

1. Improved Threat Detection Rates:  The AI-driven system significantly improved identifying and responding to threats, decreasing the time from detection to resolution.

2. Scalable Security Solutions:  The automation and scalability of the AI system allowed Palo Alto Networks to offer more robust security solutions to a larger client base without compromising efficiency or effectiveness.

1. Leveraging Artificial Intelligence:  AI is transforming the field of cybersecurity by enabling the analysis of complex data sets and the identification of threats that human analysts would miss.

2. Automation in Cyber Defense:  Embracing automation in cybersecurity operations is crucial for organizations to efficiently manage the increasing number of threats and reduce human error.

Case Study 5: Enhancing Phishing Defense with Real-Time User Education (Google)

  Challenge: With its vast ecosystem and user base, Google was highly susceptible to sophisticated phishing attacks that traditional security measures couldn’t adequately counter.

Solution:  Google introduced a real-time user education program within its email services. This system flags suspicious emails and offers users contextual information and tips on recognizing phishing attempts, supported by machine learning algorithms that continuously adapt to new phishing strategies.

1. Increased User Awareness:  By educating users at the moment of potential danger, Google has significantly increased awareness and prevention of phishing attacks among its user base.

2. Reduced Successful Phishing Attacks: The proactive educational approach has led to a noticeable decrease in successful phishing attacks, enhancing overall user security.  

1. Importance of User Education:  Continuous user education is vital in combating phishing and other forms of social engineering.

2. Adaptive Learning Systems:  Utilizing adaptive learning systems that evolve with changing attack vectors is crucial for effective cybersecurity.

Case Study 6: Securing IoT Devices with Blockchain Technology (Samsung)

Challenge:  As a prominent IoT device manufacturer, Samsung encountered difficulties in protecting its devices from escalating cyber threats, hindered by IoT networks’ decentralized and diverse nature.  

Solution:  Samsung innovated by using blockchain technology to secure its IoT devices, establishing a decentralized ledger for each device that transparently and securely records all transactions and data exchanges, thwarting unauthorized tampering. This blockchain system seamlessly integrates with Samsung’s existing security protocols, enhancing the overall security of its IoT devices.  

1. Enhanced Device Integrity:  The blockchain technology ensured the integrity of device communications and data exchanges, significantly decreasing the risk of tampering and unauthorized access.

2. Increased Trust in IoT Devices: The robust security features blockchain technology provides have increased consumer trust in Samsung’s IoT products, fostering greater adoption.  

1. Blockchain as a Security Enhancer:  Blockchain technology can enhance security for IoT and other decentralized networks.

2. Holistic Security Approaches:  Adopting comprehensive, multi-layered security strategies is essential for protecting complex and interconnected device ecosystems.

Related: How to Move from Sales to a Cybersecurity Career?

Case Study 7: Implementing Secure Biometric Authentication for Mobile Banking (HSBC)

Challenge:  With the rise in mobile banking, HSBC faced growing security threats, such as identity theft and unauthorized account access, as traditional password-based methods fell short.

Solution:  HSBC introduced a secure biometric authentication system across its mobile banking platforms, employing fingerprint scanning and facial recognition technologies enhanced by AI. This integration improved accuracy and reduced false positives, bolstering security while streamlining user access to banking services.

1. Strengthened Account Security:  Introducing biometric authentication significantly minimized the risk of illegal access, providing a more secure banking experience.

2. Improved User Satisfaction:  Customers appreciated the ease of use and increased security, leading to higher adoption rates of mobile banking services.

1. Biometric Security:  Biometrics offer a powerful alternative to traditional security measures, providing enhanced security and user convenience.

4. Adaptation to User Needs: Security measures that align with user convenience can drive higher engagement and adoption rates, benefiting both users and service providers.

Case Study 8: Advanced Threat Intelligence Sharing in the Financial Sector (JPMorgan Chase)  

Challenge:  JPMorgan Chase faced escalating cyber threats targeting the financial sector, with traditional defense strategies proving inadequate against these threats’ dynamic and sophisticated nature.  

Solution:  JPMorgan Chase initiated a threat intelligence sharing platform among leading financial institutions, enabling the real-time exchange of cyber threat information. This collaboration enhances predictive capabilities and attack mitigation, leveraging advanced technologies and collective expertise to fortify cybersecurity defenses.

1. Enhanced Predictive Capabilities:  The collaborative platform significantly improved the predictive capabilities of each member institution, allowing for more proactive security measures.

2. Strengthened Sector-Wide Security: The shared intelligence contributed to a stronger, more unified defense posture across the financial sector, reducing the overall incidence of successful cyber attacks.  

1. Collaboration is Key:  Sharing threat intelligence across organizations can significantly enhance the collective ability to counteract cyber threats.

2. Sector-Wide Security Approaches: Developing industry-wide security strategies is crucial in sectors where collaborative defense can provide a competitive advantage and enhance overall security.

Case Study 9: Reducing Ransomware Impact Through Advanced Backup Strategies (Adobe)  

Challenge:  Adobe faced heightened ransomware threats, risking data encryption and operational disruptions, compounded by the complexity and size of its extensive data repositories.  

Solution:  Adobe deployed a comprehensive data backup and recovery strategy featuring real-time data replication and off-site storage. This approach maintains multiple backups in varied locations, minimizing ransomware impact. Additionally, machine learning algorithms monitor for ransomware indicators, triggering immediate backup actions to prevent significant data encryption.  

1. Minimized Downtime:  The proactive backup strategy allowed Adobe to quickly restore services after a ransomware attack, minimizing downtime and operational disruptions.

2. Enhanced Data Protection: By securing backups in separate locations and continuously updating them, Adobe strengthened its resilience against data loss due to ransomware.  

1. Proactive Backup Measures:  Advanced, proactive backup strategies are essential in mitigating the effect of ransomware attacks.

2. Machine Learning in Data Protection:  Leveraging machine learning for early detection and response can significantly enhance data security measures.

Related: Cybersecurity Manager Interview Questions

Case Study 10: Enhancing Cloud Security with Automated Compliance Tools (Amazon Web Services)

Challenge:  As cloud computing became essential for businesses globally, Amazon Web Services (AWS) must ensure compliance with diverse international security standards to protect customer data and sustain trust.

Solution:  AWS introduced automated compliance tools into its cloud platform, continuously monitoring and auditing AWS services against global standards. These tools, enhanced with AI for data analysis, swiftly detect and correct compliance deviations, upholding stringent security compliance across all customer data.

1. Streamlined Compliance Processes:  Automating compliance checks significantly streamlined the process, reducing the manual workload and enhancing efficiency.

2. Consistent Security Standards:  The consistent monitoring and quick resolution of compliance issues helped AWS maintain high-security standards, boosting customer confidence in cloud security.  

1. Importance of Compliance Automation:  Automation in compliance monitoring is crucial for maintaining high-security standards in cloud environments.

2. AI and Security Compliance:  AI plays a vital role in analyzing vast amounts of compliance data, ensuring that cloud services adhere to stringent security protocols.

Case Study 11: Implementing Multi-Factor Authentication for Global Remote Workforce (Deloitte)  

Challenge:  With a shift to remote work, Deloitte faced increased security risks, particularly unauthorized access to sensitive data, as traditional single-factor authentication proved inadequate for their global team.  

Solution:  Deloitte implemented a robust multi-factor authentication (MFA) system across its operations, requiring employees to use multiple verification methods to access company networks. This system includes biometric options like fingerprint and facial recognition alongside traditional methods such as SMS codes and apps, enhancing security while providing flexibility.  

1. Enhanced Security Posture:  The introduction of MFA greatly strengthened Deloitte’s defense against unauthorized access, particularly in a remote working environment.

2. Increased Employee Compliance:  The user-friendly nature of the MFA system ensured high levels of employee compliance and minimal disruption to workflow.

1. Necessity of Multi-Factor Authentication:  MFA is a critical security measure for organizations with remote or hybrid work models to protect against unauthorized access.

2. Balancing Security and Usability:  It’s crucial to implement safety measures that are both effective and user-friendly to ensure high adoption and compliance rates among employees.

Case Study 12: Fortifying Financial Transactions with Real-Time Fraud Detection Systems (Mastercard)

Challenge:  Mastercard dealt with the continuous challenge of fraudulent transactions, which affected their customers’ trust and led to significant financial losses. The evolving sophistication of fraud techniques required a more dynamic and predictive approach to detection and prevention.

Solution:  Mastercard developed a real-time fraud detection system powered by advanced analytics and machine learning. This system analyzes transaction data across millions of transactions globally to identify unusual patterns and potential fraud. It operates in real-time, providing instant decisions to block or flag suspicious transactions, significantly enhancing financial operations’ security.

1. Reduced Incidence of Fraud:  The real-time detection system has markedly decreased the number of fraudulent transactions, protecting customers and merchants.

2. Enhanced Customer Trust:  With strengthened security measures, customers feel more secure when using Mastercard, leading to increased loyalty and usage.

1. Real-Time Analytics in Fraud Detection:  Real-time analytics is essential for detecting and preventing fraud in the fast-paced world of financial transactions.

2. Leveraging Machine Learning:  Machine learning is invaluable in recognizing and adapting to new fraudulent tactics maintaining a high level of security as threats evolve.

Related: Ways Manufacturing Sector Can Mitigate Cybersecurity Risks

Case Study 13: Cyber Resilience in the Energy Sector Through Advanced Network Segmentation (BP)

Challenge:  BP, a global energy company, faced significant cyber threats to disrupt its operations and compromise sensitive data. The interconnected nature of its global infrastructure posed particular vulnerabilities, especially in an industry frequently targeted by sophisticated cyber-attacks.

Solution:  BP implemented advanced network segmentation as a key strategy to enhance its cyber resilience. This approach divides the network into distinct zones, each with security controls, effectively isolating critical infrastructure from less sensitive areas. This segmentation is reinforced with stringent access controls and real-time monitoring systems that detect and respond to threats before they can propagate across the network.

1. Strengthened Infrastructure Security:  Network segmentation significantly reduced the potential effect of a breach by limiting the movement of a threat within isolated network segments.

2. Improved Incident Response: The clear division of network zones allowed faster identification and isolation of security incidents, enhancing BP’s overall response capabilities.  

1. Importance of Network Segmentation:  Effective segmentation is critical in protecting essential services and sensitive data in large, interconnected networks.

2. Proactive Defense Strategy:  A proactive approach to network security, including segmentation and real-time monitoring, is essential for high-risk industries like energy.

Case Study 14: Protecting Healthcare Data with End-to-End Encryption (Mayo Clinic)

Challenge:  The Mayo Clinic, a leading healthcare organization, faced the dual challenges of protecting patient privacy and complying with stringent healthcare regulations such as HIPAA. The risk of data leaks and illegal access to sensitivehealth information was a constant concern.

Solution:  The Mayo Clinic addressed these challenges by implementing end-to-end encryption across all its digital communication channels and data storage systems. This encryption ensures that patient data is secure from the point of origin to the point of destination, making it inaccessible to unauthorized users, even if intercepted during transmission.  

1. Enhanced Patient Data Protection:  End-to-end encryption significantly bolstered the security of patient information, virtually eliminating the risk of interception by unauthorized parties.

2. Regulatory Compliance Assurance: This robust security measure helped the Mayo Clinic maintain compliance with healthcare regulations, reducing legal risks and enhancing patient trust.  

1. Critical Role of Encryption in Healthcare:  End-to-end encryption is indispensable for protecting sensitive health information and ensuring compliance with healthcare regulations.

2. Building Patient Trust: Strengthening data security measures is essential in healthcare to maintain patient confidence and trust in the confidentiality of their health records.

Case Study 15: Implementing AI-Driven Security Operations Center (SOC) for Real-Time Threat Management (Sony)

Challenge:  Sony, a global conglomerate with diverse business units, faced complex security challenges across its vast digital assets and technology infrastructure. Managing these risks required a more sophisticated approach than traditional security operations centers could offer.

Solution:  Sony enhanced its security operations by implementing an AI-driven Security Operations Center (SOC). Utilizing machine learning and artificial intelligence, this system monitors and analyzes threats in real-time. It automatically detects patterns of cyber threats and initiates responses to potential security incidents without human intervention.  

1. Elevated Threat Detection and Response:  The AI-driven SOC enabled Sony to detect and respond to threats more quickly and accurately, significantly enhancing the effectiveness of its cybersecurity efforts.

2. Reduced Operational Costs:  Automating routine monitoring and response tasks reduced the workload on human analysts, allowing Sony to allocate resources more efficiently and reduce operational costs.  

1. Advantages of AI in Cybersecurity:  Utilizing AI technologies in security operations centers can greatly enhance threat detection and response speed and accuracy.

2. Operational Efficiency:  Integrating AI into cybersecurity operations helps streamline processes and reduce the dependence on manual intervention, leading to cost savings and improved security management.

Related: Predictions About the Future of Cybersecurity

Case Study 16: Securing Online Transactions with Behavioral Biometrics (Visa)  

Challenge:  Visa faced ongoing challenges with securing online transactions, especially against sophisticated fraud techniques like social engineering and credential stuffing, which traditional authentication methods often failed to detect.  

Solution:  Visa implemented a real-time behavioral biometrics system that scrutinizes user behavior patterns like typing speed, mouse movements, and device interactions. This technology enhances security by verifying users’ identities based on their unique behavioral traits, integrating seamlessly with existing security frameworks. This adds a robust layer of protection, ensuring transactions are safeguarded against unauthorized access.  

1. Reduced Fraud Incidents : The behavioral biometrics technology significantly decreased instances of online fraud, providing a more secure transaction environment for users.

2. Enhanced User Experience : By adding this passive authentication layer, Visa improved the user experience, as customers did not need to perform additional steps to prove their identity.  

1. Behavioral Biometrics as a Fraud Prevention Tool : Behavioral biometrics offer a subtle yet powerful means of authenticating users, significantly enhancing online transaction security.

2. Seamless Security Integration : Integrating advanced security technologies like behavioral biometrics can boost security without compromising user convenience.  

Case Study 17: Streamlining Regulatory Compliance with AI-Driven Audit Trails (Goldman Sachs)

Challenge:  Goldman Sachs needed to maintain stringent compliance with financial regulations globally, which required detailed and accurate tracking of all transaction data. This task was becoming increasingly cumbersome and error-prone.

Solution:  Goldman Sachs introduced an AI-driven platform that automatically generates and maintains audit trails for all transactions. This system uses machine learning algorithms to ensure all data is captured accurately and formatted for compliance reviews, greatly reducing human error and the resources needed for manual audits.  

1. Enhanced Compliance Accuracy : The AI-driven audit trails improved regulatory compliance by ensuring all transactions were accurately recorded and easily accessible during audits.

2. Reduced Operational Costs : By automating the audit process, Goldman Sachs minimized the need for extensive manual labor, reducing operational costs and enhancing efficiency.  

1. AI in Compliance : Utilizing AI to automate compliance tasks can significantly increase accuracy and efficiency.

2. Cost-Effective Regulatory Practices : Automating complex compliance requirements with AI technologies can reduce costs and streamline operations, particularly in highly regulated industries like finance.

Related: Biotech Cybersecurity Case Studies

Case Study 18: Enhancing Cybersecurity with Advanced SIEM Tools (Hewlett Packard Enterprise)

Challenge:  Hewlett Packard Enterprise (HPE) faced complex cybersecurity threats across its global IT infrastructure, requiring a solution that could provide comprehensive visibility and fast response times to potential security incidents.  

Solution:  HPE implemented an advanced Security Information and Event Management (SIEM) system that seamlessly consolidates data from multiple network sources. This integration allows for enhanced monitoring and management of security events. This platform utilizes sophisticated analytics to detect anomalies and potential threats, providing real-time alerts and enabling quick, informed decisions on incident responses.  

1. Increased Threat Detection Capability : The SIEM system enhanced HPE’s ability to swiftly detect and respond to threats, improving overall cybersecurity measures.

Streamlined Security Operations : By integrating various data inputs into a single system, HPE streamlined its security operations, enhancing the efficiency and effectiveness of its response to cyber incidents.

1. Integration of Advanced Analytics : Utilizing advanced analytics in SIEM tools can significantly improve the detection and management of cybersecurity threats.

2. Real-time Monitoring and Response : Implementing systems equipped with real-time monitoring and rapid response capabilities is crucial to maintain a robust security posture. These systems ensure timely detection and effective management of potential threats.

Case Study 19: Cybersecurity Enhancement through Cloud-Based Identity and Access Management (Salesforce)  

Challenge:  Salesforce needed to enhance its identity and access management controls to secure its cloud-based services against unauthorized access and potential data breaches.  

Solution:  Salesforce implemented a cloud-based Identity and Access Management (IAM) framework, enhancing security with robust identity verification, access control, and user activity monitoring. Key features include multi-factor authentication, single sign-on, and role-based access control, essential for safeguarding sensitive data and applications.  

1. Improved Access Control : The cloud-based IAM solution strengthened Salesforce’s ability to control and monitor access to its services, significantly reducing the risk of unauthorized access.

2. Enhanced Data Security : With stronger identity verification processes and detailed access logs, Salesforce enhanced the security of its customer data and applications.  

1. Importance of Robust IAM Systems : Effective identity and access management systems protect cloud environments from unauthorized access and breaches.

2. Cloud-Based Security Solutions : Using cloud-based security solutions offers scalability and flexibility, enabling businesses to adapt to evolving security requirements swiftly. This adaptability ensures that organizations can efficiently meet their security needs as they change.

Related: Aviation Cybersecurity Case Studies

Case Study 20: Securing Remote Work with Virtual Desktop Infrastructure (VDI) (Dell Technologies)  

Challenge:  Dell Technologies recognized the need to secure a rapidly expanding remote workforce to protect sensitive data and maintain productivity across dispersed teams.  

Solution:  Dell deployed a Virtual Desktop Infrastructure (VDI) solution, enabling remote employees to access their work environments from any location securely. This system centralizes desktop management and enhances security by hosting all operations and data on internal servers, minimizing endpoint vulnerabilities.  

1. Enhanced Data Security : Centralizing data storage and operations significantly reduced the risk of data breaches associated with remote work.

2. Increased Workforce Flexibility : The VDI system enabled Dell employees to access their work securely and efficiently from various remote locations, supporting business continuity and operational flexibility.

1. Centralized Management for Enhanced Security : Using VDI to centralize desktop management can significantly enhance security by reducing endpoint vulnerabilities.

2. Support for Remote Work : Implementing VDI is crucial for businesses looking to secure and support a diverse and geographically dispersed workforce.

Case Study 21: Implementing Intrusion Detection Systems for Network Security (AT&T)  

Challenge:  AT&T needed to bolster its defenses against increasingly sophisticated cyber-attacks aimed at its vast network infrastructure.

Solution:   AT&T implemented a sophisticated Intrusion Detection System (IDS) that monitors network traffic to detect suspicious activities. This system enhances network security by identifying potential threats in real time. This system utilizes deep learning algorithms to scrutinize traffic patterns and pinpoint anomalies, effectively detecting potential intrusions. The IDS enhances AT&T’s ability to recognize and respond to security threats, ensuring a more secure network environment.  

1. Improved Detection of Network Threats : The IDS significantly enhanced AT&T’s capabilities in identifying and responding to security threats promptly.

2. Strengthened Network Resilience : With the IDS actively monitoring and analyzing network traffic, AT&T improved its overall network security posture, reducing the impact of potential cyber-attacks.

1. Crucial Role of IDS in Network Security : IntrusionDetection Systems are paramount for early detection of threats and maintaining network integrity.

2. Leveraging Deep Learning for Security : Incorporating deep learning algorithms into security systems can improve the accuracy and efficiency of threat detection, adapting to new threats as they evolve.

Related: Generative AI in Cybersecurity

Case Study 22: Enhancing Security through User Behavior Analytics (UBA) (Adobe)

Challenge:  Adobe needed to refine its security measures to effectively detect insider threats and unusual user behavior within its vast array of digital services and software platforms.

Solution:  Adobe implemented a  User Behavior Analytics (UBA)  system that collects and analyzes data on user activities across its platforms. This advanced analytics tool utilizes machine learning to identify patterns that easily deviate from normal behavior, indicating potential security threats or data breaches.

1. Improved Insider Threat Detection :The User Behavior Analytics (UBA) system allowed Adobe to identify and respond to insider threats and unusual user behavior more precisely.

2. Enhanced Data Protection : By understanding user behavior patterns, Adobe strengthened its ability to safeguard sensitive information from potential internal risks.

1. Importance of Monitoring User Behavior : Monitoring user behavior is crucial for detecting security threats that traditional tools might not catch.

2. Machine Learning Enhances Security Analytics : Leveraging machine learning in user behavior analytics can significantly improve the detection of complex threats.

Case Study 23: Blockchain-Based Supply Chain Security (Maersk)  

Challenge:  Maersk, a global leader in container logistics, faced significant challenges in securing its complex supply chain from tampering, fraud, and cyber threats, which could disrupt processes and operations and result in financial losses.

Solution:  Maersk introduced a blockchain-based security solution for supply chains, ensuring transparent and tamper-proof tracking of goods from origin to destination. This decentralized ledger provides all parties with access to real-time data, securing and preserving the integrity of information throughout the supply chain.  

1. Increased Transparency and Security : The blockchain solution enhanced the security and transparency of Maersk’s supply chain, significantly reducing the risk of fraud and tampering.

2. Improved Efficiency and Trust : By providing a single source of truth, blockchain technology streamlined operations and build trust among partners and customers.

1. Blockchain as a Security Tool in Supply Chains : Blockchain technology can greatly enhance security and transparency in complex supply chains.

2. Improving Supply Chain Integrity : Adopting blockchain can prevent tampering and fraud, ensuring integrity throughout logistics.

Related: Cybersecurity Budget Allocation Tips

Case Study 24: Advanced Anomaly Detection in Financial Transactions (Citibank)  

Challenge:  Citibank faced increasing incidents of sophisticated financial fraud, including money laundering and identity theft, which traditional security measures struggled to address effectively.

Solution:  Citibank implemented an advanced anomaly detection system that utilizes artificial intelligence to easily monitor and analyze real-time financial transactions. This system is designed to detect unusual transaction patterns that may indicate fraudulent activities, significantly improving the accuracy and speed of fraud detection.

1. Reduced Financial Fraud : Implementing the anomaly detection system significantly reduced fraudulent transactions, safeguarding both the bank and its customers. This enhanced security measure helps maintain trust and protects financial interests.

2. Enhanced Customer Trust : With stronger security measures, customers felt more secure conducting their financial activities, thus enhancing their overall trust in Citibank.

1. Utilizing AI for Fraud Detection : Artificial intelligence is a powerful tool for identifying complex patterns in transaction data that may signify fraudulent activities.

2. Importance of Real-Time Monitoring : Real-time monitoring of transactions is crucial for early detection and prevention of financial fraud.

Case Study 25: Cybersecurity Training and Awareness Programs (Intel)

Challenge:   Intel, as a leading technology company, recognized the need to bolster its defenses against cyber threats not just technologically but also by empowering its workforce. The human factor often being a weak link in cybersecurity, there was a critical need for comprehensive security training.

Solution:  Intel launched a widespread cybersecurity training and awareness program for all employees. The program includes regular training sessions, phishing and other attack scenario simulations, and continuous updates on the latest security practices and threats.

1. Enhanced Employee Awareness and Responsiveness : The training programs significantly improved employees’ ability to recognize and reply to cyber threats, decreasing the risk of successful attacks.

2. Strengthened Organizational Cyber Resilience : With a more informed and vigilant workforce, Intel strengthened its overall cybersecurity posture, mitigating risks across all levels of the organization.

1. Investing in Human Capital for Cyber Defense : Continuous cybersecurity training is essential for empowering employees and turning them into an active line of defense against cyber threats.

2. Role of Awareness Programs : Comprehensive awareness programs are crucial in maintaining a high level of vigilance and preparedness among employees, which is vital for mitigating human-related security risks.

Related: Ways to Train Employees on Cybersecurity

Navigating through these 15 cybersecurity case studies underscores a vital reality: as cyber threats evolve, so must our defenses. These stories highlight organizational resilience and creativity in combating digital threats, offering valuable lessons in proactive and reactive security measures. As technology progresses, staying ahead of potential threats is paramount. These case studies are guides toward building more secure and resilient digital environments.

• Top 75 Product Management Interview Questions &Answers [2024]
• CTO’s Guide to Navigating Regulatory Compliance [2024]

Team DigitalDefynd

We help you find the best courses, certifications, and tutorials online. Hundreds of experts come together to handpick these recommendations based on decades of collective experience. So far we have served 4 Million+ satisfied learners and counting.

How should a Startup plan its Cybersecurity Budget? [2024]

How to Implement an Effective Cyber Security Strategy [2024]

Role of Cybersecurity in ESG [2024]

Are Cyber Security Courses worth it? [10 Pros & Cons] [2024]

15 Tips for Effective Cybersecurity Budget Allocation [2024]

Is Cybersecurity Challenging to Learn? [2024]

• Harvard Business School →
• Faculty & Research →
• July 2016 (Revised January 2019)
• HBS Case Collection

Cyber Breach at Target

• Format: Print
• | Language: English
• | Pages: 32

About The Authors

Suraj Srinivasan

Lynn S. Paine

Related work.

• February 2018
• Faculty Research
• Cyber Breach at Target  By: Suraj Srinivasan and Lynn Paine
• Cyber Breach at Target  By: Suraj Srinivasan, Lynn S. Paine and Neeraj Goyal

Alibaba data breach exposes 1.1 billion pieces of data

Usernames and mobile numbers were included in the breach which affected Taobao, Alibaba’s shopping website

Alibaba’s shopping website Taobao was trawled for 8 months which resulted in over 1.1 billion pieces of user information being collected by a software developer.

The unnamed developer used web-crawling software in November 2019 and gathered information including user IDs, mobile-phone numbers and customer comments, as reported by the Wall Street Journal .

Air India cyber attack exposes 4.5 million customers’ data Millions of Volkswagen customers affected by data breach Millions of Pakistanis may get SIMs blocked if COVID vaccine is refused

A criminal verdict was published by the People's Court of Suiyang District stating that two criminals, the developer and his employer, were involved in the crawl, as reported by local media 163 .com last week.

When Alibaba noticed the data leaks from its shopping website, which occurred after several months, it informed the authorities, the court statement detailed.

Following a police investigation, the report suggests the two individuals were sentenced to imprisonment for over three years each and fined 100,000 yuan (£11,077) and 350,000 yuan (£38,771) for "infringing on citizens' personal information."

IT Pro has contacted Alibaba for a statement.

In May, Air India stated that a cyber attack on the systems of its data processor affected around 4.5 million of its customers around the world. The breach involved personal information registered over a ten year period and exposed name, data of birth, credit card data, passport information and more.

Get the ITPro. daily newsletter

Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.

Earlier this week, the US subsidiary of the Volkswagen Group suffered a data breach that affected 3.3 million customers after a vendor left unsecured data exposed on the internet. The company believes the data was unsecured at some point between August 2019 and May 2021 and an unauthorised third party may have obtained certain customer information. The data exposed included customers’ names, email addresses and phone numbers.

Zach Marzouk is a former ITPro , CloudPro , and ChannelPro staff writer, covering topics like security , privacy , worker rights , and startups , primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.

National Public Data breach: Lawsuit claims nearly three billion people had personal data exposed

Rising data breach costs show no signs of slowing down, says IBM

Cisco to cut thousands of roles in second batch of layoffs this year

Most Popular

IBM Watsonx assistant conversation builder

IBM watsonx code assistant for Z brings generative AI to mainframe application modernization

IBM watsonx: A differentiated approach to AI foundation models

CEOs guide to generative AI-finance

• 2 Rubrik and Mandiant plan to transform incident response with new deal
• 3 ASOS extends AI deal with Microsoft to support staff, customers
• 4 US citizen charged with aiding North Korean hackers moonlighting as tech workers
• 5 A “disaster waiting to happen”: Sellafield plant admits to glaring cybersecurity failures

Anatomy of the Target data breach: Missed opportunities and lessons learned

Target's infamous data breach happened just over a year ago. Are we any the wiser? Have lessons been learned? Although not every detail has been made public, experts have developed an unofficial attack timeline that exposes critical junctures in the attack and highlights several points at which it could have been stopped.

The attack started on November 27, 2013. Target personnel discovered the breach and notified the U.S. Justice Department by December 13th. As of December 15th, Target had a third-party forensic team in place and the attack mitigated. On December 18th, security blogger Brian Krebs broke the story in this post . "Nationwide retail giant Target is investigating a data breach potentially involving millions of customer credit and debit card records," mentioned Krebs. "The sources said the breach appears to have begun on or around Black Friday 2013 -- by far the busiest shopping day the year."

Then things became interesting. Target informed about 110 million credit/debit-card wielding shoppers, who made purchases at one of the company's stores during the attack, that their personal and financial information had been compromised. To put that in perspective, the attackers pilfered 11 gigabytes of data.

Anatomy of the attack

Now let's look at the sequence of events that precipitated the data breach. Had any of these steps been noticed and countered, the attack would likely have fallen apart.

1. Preliminary survey We don't know for certain if or how the attackers performed reconnaissance on Target's network prior to the attack, but it wouldn't have required much more than a simple internet search.

Teri Radichel in this GIAC (GSEC) dissertation explains how the attackers may have gleaned information about Target's infrastructure. "Reconnaissance would have revealed a detailed case study on the Microsoft website describing how Target uses Microsoft virtualization software, centralized name resolution, and Microsoft System Center Configuration Manager to deploy security patches and system updates," writes Radichel. "The case study also describes Target's technical infrastructure, including POS system information."

The internet provides additional clues. "A simple Google search turns up Target's Supplier Portal, which includes a wealth of information for new and existing vendors and suppliers about how to interact with the company, submit invoices, etc.," adds Krebs in this blog post . After drilling down, Krebs found a page listing HVAC and refrigeration companies.

2. Compromise third-party vendor The attackers backed their way into Target's corporate network by compromising a third-party vendor. The number of vendors targeted is unknown. However, it only took one. That happened to be Fazio Mechanical, a refrigeration contractor.

A phishing email duped at least one Fazio employee, allowing Citadel , a variant of the Zeus banking trojan, to be installed on Fazio computers. With Citadel in place, the attackers waited until the malware offered what they were looking for -- Fazio Mechanical's login credentials.

At the time of the breach, all major versions of enterprise anti-malware detected the Citadel malware. Unsubstantiated sources mentioned Fazio used the free version of Malwarebytes anti-malware, which offered no real-time protection being an on-demand scanner. (Note: Malwarebytes anti-malware is highly regarded by experts when used in the correct manner.)

Chris Poulin, a research strategist for IBM, in this paper offers some suggestions. Target should demand that vendors accessing their systems use appropriate anti-malware software. Poulin adds. "Or at least mandate two-factor authentication to contractors who have internal access to sensitive information."

3. Leveraging Target's vendor-portal access Most likely Citadel also gleaned login credentials for the portals used by Fazio Mechanical. With that in hand, the attackers got to work figuring out which portal to subvert and use as a staging point into Target's internal network. Target hasn't officially said which system was the entry point, but Ariba portal was a prime candidate.

Brian Krebs interviewed a former member of Target's security team regarding the Ariba portal, "Most, if not all, internal applications at Target used Active Directory (AD) credentials and I'm sure the Ariba system was no exception," the administrator told Krebs. "I wouldn't say the vendor had AD credentials, but internal administrators would use their AD logins to access the system from inside. This would mean the server had access to the rest of the corporate network in some form or another."

Poulin suggests several attack scenarios, "It's possible that attackers abused a vulnerability in the web application, such as SQL injection, XSS, or possibly a 0-day, to gain a point of presence, escalate privileges, then attack internal systems."

Not knowing the details, makes it difficult to offer a remediation for this portion of the attack. However, Poulin opines that IPS/IDS systems, if in place, would have sensed the inappropriate attack traffic, notifying Target staff of the unusual behavior. According to this Bloomberg Business article , a malware detection tool made by the computer security firm FireEye was in place and sent an alarm, but the warning went unheeded.

4. Gain control of Target servers Again, Target hasn't said publicly how the attackers undermined several of their internal Windows servers, but there are several possibilities.

Radichel in the SANS dissertation offers one theory. "We can speculate the criminals used the attack cycle described in Mandiant's APT1 report to find vulnerabilities," mentions Radichel. "Then move laterally through the network... using other vulnerable systems."

Gary Warner, founder of Malcovery Security, feels servers fell to SQL-injection attacks. He bases that on the many similarities between the Target breach and those perpetrated by the Drinkman and Gonzalez data-breach gang which also used SQL injection.

5. Next stop, Target's point of sale (POS) systems This iSIGHT Partners report provides details about the malware, code-named Trojan.POSRAM, used to infect Target's POS system. The "RAM-scraping" portion of the POS malware grabs credit/debit card information from the memory of POS-devices as cards are swiped. "Every seven hours the Trojan checks to see if the local time is between the hours of 10 AM and 5 PM," mentions the iSIGHT Partners report. "If so, the Trojan attempts to send winxml.dll over a temporary NetBIOS share to an internal host (dump server) inside the compromised network over TCP port 139, 443 or 80."

This technique allowed attackers to steal data from POS terminals that lacked internet access.

Once the credit/debit card information was secure on the dump server, the POS malware sent a special ICMP (ping) packet to a remote server. The packet indicated that data resided on the dump server. The attackers then moved the stolen data to off-site FTP servers and sold their booty on the digital black market.

Lessons learned

As a result of the breach, Target has tried to improve security. A corporate webpage describes changes made by the company regarding their security posture, including the following:

• Improved monitoring and logging of system activity
• Installed application whitelisting POS systems and
• Implemented POS management tools
• Improved firewall rules and policies
• Limited or disabled vendor access to their network
• Disabled, reset, or reduced privileges on over 445,000 Target personnel and contractor accounts
• Expanded the use of two-factor authentication and password vaults
• Trained individuals on password rotation

If these changes have been implemented as Target describes, they would help address the weaknesses exploited during the attack.

However, the attackers demonstrated extraordinary capabilities by exfiltrating data from a complex retail network as noted in this paper (courtesy of Brian Krebs) by Keith Jarvis and Jason Milletary of Dell SecureWorks Counter Threat Unit, which makes their conclusion all that more poignant. "This level of resourcefulness points to the current value for credit-card data in the criminal marketplace," mentions the paper. "And similar breaches will be common until fundamental changes are made to the technology behind payment cards."

I'm a diehard Pixel user, but I'm considering a change for two reasons (and I'm not alone)

The most rugged android phone i've tested also has a week-long battery life, everything to expect at made by google 2024: pixel 9 pro, fold, gemini, watch 3, and more.

BreachSight

Vendor risk, trust exchange, product features.

• Vendor Risk Assessments

Security Questionnaires

• Security Ratings

Data Leaks Detection

• Integrations

AI Autofill

• Financial Services

eBooks, Reports, & more

Avoiding the breach: lessons for cisos from the crowdstrike case.

Nicholas Sollitto

The 2024 CrowdStrike incident caused blue screens of death (BSOD) on Microsoft Windows devices worldwide, severely disrupting operations across essential industry sectors.

While this incident may have come out of nowhere for some, third-party-related incidents are becoming increasingly common and impactful, especially as businesses continue to increase their reliance on external vendors, products, and services, so much so that a single faulty software update can cause one of the most severe IT disruptions in history. 

Even more alarming, IT disruptions are not the only substantial threat organizations face at the hands of their third-party ecosystems. Recent studies suggest that nearly 30% of all data breaches stem from a third-party attack vector, costing organizations an average of $4.88 million . Despite this, 54% of businesses admit they don’t vet their third-party vendors adequately before onboarding them into their internal systems.  

Now that the dust has settled and the consequences of improper third-party risk management are at the forefront of conversations surrounding operational resilience, many chief information security officers (CISOs) are searching for ways to prevent future third-party disruptions from devastating their IT systems and impacting their business continuity. This blog explores several strategies CISOs can employ to increase their IT resilience and mitigate third-party risks before they result in operational disruptions or other severe consequences.

Gain holistic insight into your third-party attack surface with UpGuard Vendor Risk > 

Key Strategies for CISOs to Prevent Future Disruptions

To prevent CrowdStrike-type incidents in the future and significantly decrease their impact, CISOs need to adopt comprehensive strategies that reduce third-party risk and increase the resilience of their IT systems. Here are several strategies CISOs can employ to help in some way: 

Develop a vigilant third-party risk management program

While even the most prepared third-party risk management (TPRM) program wouldn’t have prevented the faulty CrowdStrike update from happening, it would have enabled an organization to better understand which of its vendors was affected. By quickly identifying which vendors were impacted by the CrowdStrike outage, an organization could have pursued mitigation as efficiently as possible, limiting the time operations could have been disabled by an out-of-service vendor. 

Also, the next third-party incident your organization faces may not be a software outage. It could be a cyber attack or data breach. By deploying critical TPRM tools and strategies, your organization can better protect itself from the potential risks present across your third-party attack surface. 

The most effective TPRM programs include the following components:

• Vendor Security Questionnaires  
• Continuous security monitoring 
• Detailed reports and dashboards

Establishing a program with these components will empower your organization to swiftly identify, mitigate, and remediate third-party risks before they damage your organization and improve your response time when unavoidable incidents occur. 

Automated TPRM solutions, like UpGuard Vendor Risk , also enable organizations to improve their operational resilience and risk management without excessive manual effort. Compared to traditional risk management workflows, Vendor Risk empowers security teams to conduct comprehensive risk assessments in half the time. 

To learn more about how UpGuard can help your organization, book your FREE demo today . 

Establish comprehensive update management procedures

The CrowdStrike incident revealed that even the most innocuous-seeming software updates can cause significant problems to an organization’s IT infrastructure. Moving forward, CISOs need to develop a more comprehensive approach to update management. 

CISOs must implement a rigorous update management program that evaluates and tests each update during pre-deployment and throughout different IT environments to detect issues before they become harmful. Staging environments, sometimes called replica environments, can be used to test the performance of updates without subjecting an organization’s actual IT system to an untested software update. 

In addition, CISOs should develop procedures to reduce the immediacy of software updates across critical environments and infrastructure. One low-resource method is to categorize all software components into three separate stacks: 

• Stack 3 - Low Disruption Risk: These would include components unlikely to interfere with critical system operations, such as OS kernel operations, TCP/IP, and other higher network layer driver components. Your security team will usually be able to delay updates to components in this category with little risk of disruption.
• Stack 2 - High Disruption Risk : These components present a higher disruption risk if your personnel delay updates.
• Stack 1 - Critical Security Updates: These components are necessary for protecting your environments against immediate threats, such as Zero-Days, and you must immediately accept all new updates despite their potential disruption risks.

If most of your components fall into the second stack, you may need to separate them further into substacks to achieve a more beneficial distribution. You can assess whether delaying Stack 2 updates by four, eight, or 24 hours will increase security or continuity risk.

Enhance resilience by avoiding single points of failure

Diversifying your software solutions will increase resiliency across your entire IT infrastructure and prepare your organization to handle future disruptions effectively. Consider employing the following strategies to increase your IT resilience: 

• Diversifying solutions : Implement redundancy and failover mechanisms to ensure critical systems remain operational despite component failures.
• Hybrid or multi-cloud infrastructure : Adopt hybrid or multi-cloud infrastructure to reduce the risk of single points of failure and distribute workloads across multiple environments to enhance redundancy, flexibility, and disaster recovery capabilities.
• Load balancing and geographic distribution : Utilize load balancing to distribute traffic evenly across servers and distribute resources across environments to mitigate risks associated with localized failures.

These strategies can help your security team ensure critical systems remain resilient and operational despite potential failures.

Continually calibrate your incident response plan

Disruption incidents can be devastating but also present opportunities for continued improvement when used to elevate current systems and processes. One takeaway many organizations have had after CrowdStrike is the importance of developing comprehensive incident response and disaster recovery programs. 

While you should calibrate your security programs to defend against the broadest array of risks, avoiding every cyber incident is impossible. A dedicated incident response plan helps you identify, mitigate, and remediate unforeseen incidents as efficiently as possible. 

The best incident response plans operate across six main phases: 

• ‍ Preparation: Establish the architecture of your incident response plan, draft key policies, and assemble your incident response toolbox ‍
• Identification: Deciding when to activate the incident response plan after your security team has identified a security incident ‍
• Containment: Isolating the incident and preventing further damage to other systems or environments ‍
• Eradication: Remediating the security incident while prioritizing continued containment and protection for critical systems ‍
• Recovery: Returning all systems to their standard state before the security incident occurred or infected the system ‍
• Lessons learned: Completing incident documentation and learning how to prevent similar incidents from occurring in the future

Related reading: How to Create an Incident Response Plan (Detailed Guide)  

Assess the effectiveness of your disaster recovery program

Outages and disruptions similar to CrowdSrike are powerful reminders of the necessity for robust infrastructure resilience and effective disaster recovery plans. Developing these plans and taking proactive measures are essential to ensure systems remain operational during unforeseen events. Disaster planning involves not only diversifying solutions but also continuously assessing and refining recovery strategies. 

Regularly scheduled drills, thorough evaluations, and strategic partnerships with reliable providers can significantly enhance an organization's ability to respond to and recover from disruptions. By implementing these best practices, CIOs can ensure their infrastructure is well-prepared to handle any challenges that may arise:

• Proactive assessment : Regularly evaluate infrastructure resilience and disaster recovery plans to ensure preparedness for future disruptions.
• Simulated drills : Conduct regular simulated drills to test disaster recovery plans, identifying weaknesses and areas for improvement.
• Partnerships with reliable vendors : Collaborate with reliable providers to enhance preparedness and response capabilities by leveraging their expertise and resources.

Improving third-party risk visibility and mitigation with UpGuard

Of course, the best way you can prevent third-party risks from impacting your organization is to identify and mitigate them before they become problematic. A comprehensive, all-in-one, TPRM solution like UpGuard Vendor Risk helps organizations across industries do exactly that. 

The UpGuard toolkit includes automated workflows that empower security teams to better understand the security posture of their third-party ecosystem through the following: 

• Vendor risk assessments : Fast, accurate, and comprehensive view of your vendors’ security posture ‍
• Security ratings : Objective, data-driven measurements of an organization’s cyber hygiene ‍
• Security questionnaires : Flexible questionnaires that accelerate the assessment process using automation and provide deep insights into a vendor’s security ‍
• Reports library: Tailor-made templates that support security performance communication to executive-level stakeholders  ‍
• Risk mitigation workflows : Comprehensive workflows to streamline risk management measures and improve overall security posture ‍
• Integrations : Application integrations for Jira, Slack, ServiceNow, and over 4,000 additional apps with Zapier, plus customizable API calls ‍
• Data leak protection : Protect your brand, intellectual property, and customer data with timely detection of data leaks and avoid data breaches ‍
• 24/7 continuous monitoring : Real-time notifications and new risk updates using accurate supplier data ‍
• Attack surface reduction : Reduce your third and fourth-party attack surface by discovering exploitable vulnerabilities and domains at risk of typosquatting ‍
• Trust Page : Eliminate having to answer security questionnaires by creating an UpGuard Trust Page ‍
• Intuitive design: Easy-to-use first-party dashboards
• ‍ World-class customer service: Plan-based access to professional cybersecurity personnel that can help you get the most out of UpGuard

Reviewed by

Kaushik Sen

Ready to see upguard in action, ready to save time and streamline your trust management process, join 27,000+ cybersecurity newsletter subscribers.

Responding to Emerging Threats

Related posts

What are security ratings cyber performance scoring explained.

How to Manage Third-Party Risk in a World of Breaches

What is third-party risk management (tprm) 2024 guide, introducing upguard's new sig lite questionnaire.

Scaling Third-Party Risk Management Despite the Odds

11 third-party risk management best practices in 2024.

• UpGuard Vendor Risk
• UpGuard BreachSight
• Product Video
• Release notes
• SecurityScorecard
• All comparisons
• Security Reports
• Instant Security Score
• Third-Party Risk Management
• Attack Surface Management
• Cybersecurity

Security leaders are used to thinking about defense-in-depth and ensuring their security stack and overall architecture provide resilience and protection. While this paradigm holds true today, it may be time to think about shifting to data-first security. This means data management that corresponds with today’s use cases , and where data is the central asset that requires protection through its entire lifecycle, use, and disposal. A paradigm shift in data security is well supported by evidence in the 2024 edition of the Cost of a Data Breach Report .

The report presents research studying the causes, cost impacts and recovery from actual breaches at 604 organizations across the globe and in 17 industries. The findings show some interesting trends that can help solve the data puzzle, including impacts to security, privacy, governance and regulation. All these aspects already see elevated risks rise from the rush to provision new generative AI (gen AI) initiatives and take them to market rapidly, leaving security considerations behind. Alarmingly, a recent executive survey about gen AI security revealed that only 24% of new initiatives include a security component .

A data journey in the dark

Data has become the main asset that companies rely on nowadays. But while data is king, it is still not being managed or protected sufficiently to match its significance and the potential impact of data loss. Let’s look at some ways in which data, the data journey, and the protection paradigms surrounding its lifecycles were main contributing factors in the cost of data breaches.

Multi-cloud hopping

Firstly, data nowadays is at the scale that requires organizations to go beyond their old on-premise and private cloud infrastructures. The drivers here are scalability of the data volume but also traffic and workload demands that only grow over time. With data traveling through multi-cloud environments , the Cost of a Data Breach Report significantly notes that 40% of breaches involved data stored across multiple types of environments. When breached, public cloud environments incurred the highest average breach cost at USD 5.17 million.

Why is this happening? The decentralized nature of multi-cloud is a complex factor in visualizing and controlling data—and in cases of a breach, it simply takes longer to gather information, investigate and activate the cloud provider’s support to contain the breach. Clouds also host more data, and scale means that more data is breached at one time, potentially adding to the impact on customers and recovery costs.

Shadow data

Data is spread out in more places than ever, and 35% of breaches this year involved data stored in unmanaged data sources—aka “shadow data.” This translated into data not being classified properly or at all, not being properly protected, and not being managed in terms of its lifecycle as it moves into and within the organization. Considering that 25% of breaches involving shadow data were solely on premises, this situation likely highlights unmanaged risk in the form of data governance gaps, data privacy issues, and impending regulatory impact.

Breaches involving shadow data also took 26.2% longer to identify and 20.2% longer to contain, averaging 291 days. This inevitably resulted in higher breach costs averaging USD 5.27 million where shadow data was involved, but those are only the tip of the iceberg here if one considers the spillover effect of breaches to others in the ecosystem, potential contractual issues, and lawsuits are part of a longer tail of costs that continue to add up 2-3 years after the breach.

Unclassified, unprotected

When data is not inventoried and catalogued effectively, it is not classified properly and therefore also not protected adequately. That could easily be data that should have been tagged restricted or confidential, which leads to the next statistic from the report. Attackers were able to access a lot more sensitive data during breaches, leading to a 26.5% rise in IP theft. Lost IP cost considerably more per record than last year, rising to USD 173 in 2024 from USD 156 per record in the 2023 report; an 11% uptick.

But let’s put that hard cost aside for a moment. The impact of IP theft can literally mean that the organization will lose its competitive advantage. It can lose considerable market share and revenue that it expected to generate from strategic IP. What shareholder would not be alarmed by this statistic, considering that most organizations are actively embarking on developing innovative gen AI applications they expect to exclusively monetize.

A costly side effect of deficient data protection is lost business and reputation damage, for an average of USD 1.47 million and the majority of the increase in the average cost of a breach in 2024.

Shadow data, shadow models, shadow AI

With gen AI as the new gold rush nowadays, various stakeholders in the organization can easily expose it to unmanaged risk linked with unsanctioned data, models, and overall use of AI. These uses can be invisible to the IT and security teams, which can result in impactful incidents down the line .

Another risk factor is datasets destined for use in AI implementation, sourced from multiple third-party providers. Unmanaged by the security team, these external sources can add risks like poisoning and vulnerabilities. But the more insidious risks are shadow models, and loads of unencrypted training data streaming into and out of cloud environments.

Think of this scenario for example: a healthcare organization is using gen AI to identify anomalies in chest x-rays. They send the images into a cloud model to receive results, but the images are traveling and used in unencrypted form. An attacker accesses the images, and then extorts the healthcare provider to pay a ransom. The same can happen with plaintext, or any other unprotected data that should be better guarded. Don’t be surprised to promptly see a lawsuit filed by impacted data subjects.

Recommendations—Pay data its (security) dues

Most organizations today will lose almost all productivity if they lose access to data. From the simplest form of employee productivity to the complexity of data-driven enterprises, companies do not consider data a by-product of their business. Data is the main asset to which organizations align their culture, organization and technology, for sustained innovation and sustainable business growth. It only stands to reason that data be managed and protected to the proper extent of its classification, and using the right technologies to achieve that.

Identify, classify, encrypt. The better data is protected, the smaller the leverage attackers will have in case of a data breach. This will also mean lesser impact to data subjects and the chances of regulatory fines dropping as well. So, encrypt , and do it smartly. Not all data is made equal. If your organization uses images or other types of data, learn about better ways to encrypt it so that you can use it securely and enjoy its benefits.

The more innovative your organization is, the more it uses data, the more important encryption becomes. Consider confidential computing for your use cases, as well as post-quantum encryption to ensure protected data remains protected in the future.

Since data is evidently spread out across environments and remains exposed in many cases, one way to regain control is via data security posture management (DSPM) . DSPM is a cybersecurity technology that identifies sensitive data across multiple cloud environments and services, assessing its vulnerability to security threats and risk of regulatory non-compliance. Instead of securing the devices, systems and applications that house, move or process data, security teams can use DSPM to focus on protecting data directly.

Rethink data protection in the gen AI era

With the scale and use scenarios of data in gen AI solutions, organizations must rethink their data lifecycle and how to protect it at scale, in all its states. Think about securing training data by protecting it from theft and manipulation. Organizations can use data discovery and classification to detect sensitive data used in training or fine-tuning. They can also implement data security controls across encryption, access management and compliance monitoring. Extend posture management to AI models to protect sensitive AI training data, gain visibility into the use of unsanctioned or shadow AI models, malicious drifts, AI misuse or data leakage.

Evolve with regulatory demands

The use of data already involves extensive requirements from data privacy regulators. These demands are becoming more elaborate and nuanced when it comes to data used in AI-enabled solutions and scenarios. This means that traditional data protection capabilities may not suffice and require enhanced classification, protection and monitoring mechanisms, as well as improved controls for auditability and oversight.

Better insights, better security

In its 19 th edition this year, the Cost of a Data Breach Report provides IT, risk management and security leaders with timely, quantifiable evidence to guide them in their strategic decision-making. It also helps teams better manage their risk profiles and security investments. This year, the statistics provide insights from the experiences of 604 organizations and 3,556 cybersecurity and business leaders who faced a data breach. Download a copy of the report to empower yourself with real-world examples and expert recommendations on how to mitigate the risks.

More from Security

Isg ranks ibm as leader in cybersecurity across multiple domains.

2 min read - As data breaches continue to soar in number and sophistication, enterprises are taking a proactive approach to fortify their cybersecurity defenses. According to a recent report by Information Services Group (ISG), a leading global technology research and advisory firm, data breaches rose significantly between 2022 and 2023, with healthcare and financial services firms being targeted most often. Additionally, in the recent IBM Cost of a Data Breach Report, the average cost of a data breach has increased to an all-time high…

Uncovering the risks: Why understanding your cyber exposure is more crucial than ever

2 min read - In today's digital age, the security landscape is more complex and challenging than ever. With a 71% year-over-year increase in cyberattacks that used stolen or compromised credentials, and 1 in 3 data breaches involving shadow data, the proliferation of data is making it harder to track and safeguard. Organizations need to stay ahead of the curve and protect their digital footprints, especially as the cost of a data breach has skyrocketed to a record high of USD 4.88 million in…

Reduce downtime and increase agility: Mainframe observability with OpenTelemetry

3 min read - Imagine your enterprise’s critical online services are suddenly down, and the IT operations team is working to identify the cause. Minutes turn into hours, and every second of downtime costs the company revenue and customer trust.  In a rush to recover the systems, it is critical that your technical experts can isolate and resolve the real problem—or better yet, the ability to get ahead of growing issues and avoid the outage altogether.  This is where an effective cross-platform end-to-end observability…

IBM Newsletters

• Today's news
• Reviews and deals
• Climate change
• 2024 election
• Newsletters
• Fall allergies
• Health news
• Mental health
• Sexual health
• Family health
• So mini ways
• Unapologetically
• Buying guides

Entertainment

• How to Watch
• My watchlist
• Stock market
• Biden economy
• Personal finance
• Stocks: most active
• Stocks: gainers
• Stocks: losers
• Trending tickers
• World indices
• US Treasury bonds
• Top mutual funds
• Highest open interest
• Highest implied volatility
• Currency converter
• Basic materials
• Communication services
• Consumer cyclical
• Consumer defensive
• Financial services
• Industrials
• Real estate
• Mutual funds
• Credit cards
• Balance transfer cards
• Cash back cards
• Rewards cards
• Travel cards
• Online checking
• High-yield savings
• Money market
• Home equity loan
• Personal loans
• Student loans
• Options pit
• Fantasy football
• Pro Pick 'Em
• College Pick 'Em
• Fantasy baseball
• Fantasy hockey
• Fantasy basketball
• Download the app
• Daily fantasy
• Scores and schedules
• GameChannel
• World Baseball Classic
• Premier League
• CONCACAF League
• Champions League
• Motorsports
• Horse racing

New on Yahoo

• Privacy Dashboard

Erie cybersecurity expert speaks on one of the largest data breaches in history

What could be one of the largest data breaches in history was revealed after a recent lawsuit was filed.

According to court documents, National Public Data, a background check website, was accessed in April of this year and the personal information of 2.9 billion people was extracted from their database.

Local Lego connoisseur building his way to glory at national competition

Cyber security is a constantly evolving and changing field but with more and more information being shared online, more criminals are looking to steal and sell information.

Data from nearly three billion people was stolen and sold for $3.5 million earlier this year.

Now, after a lawsuit has come out against the information broker shining a light on the situation, it’s expected to be one of the largest data breaches ever.

“As our lives get more interconnected, we’re going to see a huge rise in cyber threats and cyber attacks,” said Chris Mansour, an associate professor of cyber security at Mercyhurst University. “Data breaches are never going to stop. It’s always going to be about how we can re-mediate that, and take precautions to limit the impact of such breaches.”

Music-goers feel the groove at Dorchester Bible Church’s free, yearly concert

Information collected in the breach includes, but is not limited to; legal names, 30 years of address history, family information and even social security numbers, some taken from people who have been dead for at least 20 years.

That information was posted on the dark web on April 8 and at this point, there has been no official notification made to the affected parties.

“They use a lot of anonymity tools that hides their identity, hides their location, and that’s why it’s a little bit different for law enforcement agencies to track them. But they’ve been doing a great job at tracking them and catching them, but there’s always going to be somebody who is hiding somewhere in some basement behind a keyboard doing this kind of activity,” Mansour explained.

Thanks for signing up!

Watch for us in your inbox.

Subscribe Now

Mansour added that sometimes, these criminal groups are funded by nations who are enemies of the United States and that cyber attacks play a huge role on a world scale.

There’s been no indication that that’s been the case here, but regardless, data breaches will continue to be common keeping your information safe just comes down to good cyber hygiene.

“Don’t feel guilty if you are a victim of a breach. Don’t panic, stay calm, and go through the process of freezing and monitoring your accounts. But the basic cyber hygiene tools, again, are keeping your software up to date, keep your browsers up to date, avoid phishing links, be cautious about these social engineering kind of attacks that try to steal your information,” Mansour went on to say.

VisitErie reports increase in tourist numbers year-over-year

Mansour said the best thing to do if you discover your information was leaked is to freeze your accounts, watch them closely, and if needed, you can call the FTC’s social security theft hotline at 1-800-269-0271.

Copyright 2024 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

For the latest news, weather, sports, and streaming video, head to WJET/WFXP/YourErie.com.

• Nation & World
• Environment
• Coronavirus

In wake of Columbus ransomware attack, cyber expert offers tips to protect yourself

As the City of Columbus continues to grapple with a ransomware attack that reportedly took place July 18, concerns about the threat of data breaches to large organizations and even individuals have also surfaced.

The Dispatch  reported Wednesday  that the cybercriminals continued to blackmail the city of Columbus by threatening to publicly release a huge trove of stolen information unless someone purchased it on the dark web for roughly $1.7 million by Wednesday morning.

City departments have been impacted by this breach which have not only hindered the ability to make ticket and permit payments, but also personal information leaks caused the city to offer credit monitoring services for affected employees.

Now a major concern for Columbus residents, Benjamin Dalton, who has been the director of information security at Columbus State Community College for seven years, breaks down the threat of data breaches and what to do if your data is compromised.

What is a data breach?

There are many ways sensitive data can be compromised, yet Dalton says recently ransomware and phishing are the most common.

Large organizations and institutions are especially prone to data breach attempts because they often host large amounts of data and personal information. Stolen information can easily make its way to the dark web to be sold and extorted.

"Ultimately they sell your data for a price so people can use on the dark web to find additional targets," Dalton said. "This would be another mechanism for those malicious actors to sell information to other folks that are looking for it which makes it easy for them to not have to hack in to steal the data themselves."

What is ransomware?

Ransomware occurs when a malicious actor compromises the security of an organization. They obtain access into computer systems through phishing emails or other means to retrieve data and then prevent the data from being read by the organization through encryption or by making copies of the data.

"They're holding your data for ransom in that scenario, so it actually prevents the IT teams from unlocking the data," Dalton said.

Although some corporations have necessary backups to recover the data, Dalton said some organizations have to weigh the pros and cons of paying the ransom to get their data back.

How to avoid ransomware data breaches:

• Use a long, strong password (avoid commonly used words).
• Include a minimum of 12 characters in passwords.
• Use multi-factor authentication.
• Keep software up to date.

What is phishing?

Phishing is a scam to trick you into divulging personal information or installing malicious applications on your computer by posing as an authentic entity or member of an organization. This is typically done through text, emails or phone calls.

"Phishing has become so sophisticated now these days they've become so customized and tailored," Dalton said. "Sometimes it's hard just to be aware of what type of messages are coming in."

How to avoid phishing data breaches:

• Scrutinze unexpected emails or messages.
• Don't respond to a suspicious email.
• Never click or download software.
• Authenticate the sender of an email.
• Do not overshare personal information (bank account, social security or date of birth).

How to avoid personal credit theft:

• Regularly monitor accounts by submitting requests for a free credit report.
• Review credit reports for unusual activity.
• If unusual activity is suspected, follow up with a credit reporting agency.

What to do if data is compromised

Just as the city of Columbus has learned in the past few weeks, the possibility of a data breach is extremely likely as cybercriminals and ransomware groups like Rhysida become more sophisticated in data theft tactics.

In the event a data breach occurs, this may lead to identity theft for individuals. Dalton said it's important to take appropriate action as soon as possible.

"We do ask people to stay calm and really secure that verification process," Dalton said.

Here are some other suggestions he gave if you become a victim of identity theft.

• Contact the organization that has notified you of a breach.
• Review the materials you have been provided about the breach.
• Change password immediately.
• Report the breach to local authorities and the Federal Trade Commission .
• For credit theft, place a fraud alert through Experian , Equifax or TransUnion .

[email protected]

• Artificial Intelligence
• Generative AI
• Business Operations
• IT Leadership
• Application Security
• Business Continuity
• Cloud Security
• Critical Infrastructure
• Identity and Access Management
• Network Security
• Physical Security
• Risk Management
• Security Infrastructure
• Vulnerabilities
• Software Development
• Enterprise Buyer’s Guides
• United States
• United Kingdom
• Newsletters
• Foundry Careers
• Terms of Service
• Privacy Policy
• Cookie Policy
• Member Preferences
• About AdChoices
• E-commerce Links
• Your California Privacy Rights

Our Network

• Computerworld
• Network World

The cyber assault on healthcare: What the Change Healthcare breach reveals

February’s ransomware attack is a wake-up call for healthcare execs – and a reminder to leaders in other industries about what can go wrong..

The February 2024 ransomware attack on Change Healthcare put the state of healthcare cybersecurity in the headlines and in front of the US Congress, with aftershocks from the seismic event still being felt.

The monumental impact of the attack was evident nearly immediately. The ransomware group ALPHV (also known as BlackCat) hit Change Healthcare in February, stealing six terabytes of data — including sensitive personal information.

The hackers used compromised credentials to remotely access a Change Healthcare Citrix portal , technology that allowed remote access to desktops, on or around Feb. 12. Company officials have acknowledged that the portal was not protected with multifactor authentication, despite MFA being a now-standard enterprise security control.

Dealing with the incident will cost Change Healthcare’s parent company, UnitedHealth Group (UHG), more than $1 billion; that includes lost revenue, direct recovery costs and a $22-million Bitcoin payout to the hacker group.

Others suffered, too.

To stem the damage, Change Healthcare went offline, which in turn created a huge backlog of unpaid claims that left hospitals and doctors’ offices with serious cashflow problems and threatened patient access to care.

Damage from the Change Healthcare breach continues to mount

Change Healthcare is one of the largest health payment processing companies in the world and serves as a clearinghouse for 15 billion medical claims each year — some 40% of all claims, according to US government records .

The scope of damage and its cost has grown since the attack first happened. An American Medical Association survey found that 80% of clinicians lost revenue during the breach, 77% experienced service disruptions, 55% had to use personal funds to pay bills, and 44% were unable to buy supplies.

One clinician shared with the survey that the incident “may bankrupt our practice of 50 years in this rural community.”

Consequently, the attack — labeled “ the most significant and consequential incident of its kind against the US healthcare system in history” by American Hospital Association President and CEO Rick Pollack — has prompted consumer anger and investigations as well as calls for more regulations and more rigorous evaluations of enterprise defense strategies.

“If the need to be more prepared, to become more resilience, wasn’t clear before, it certainly has been brought into focus by recent events,” says Lee Kim, senior principal of cybersecurity and privacy with the Healthcare Information and Management Systems Society (HIMSS), a nonprofit that promotes health information and technology.

Kim and other cybersecurity leaders say the attack is a wake-up call to executives in all sectors, stressing the escalating consequences and costs of breaches as the world becomes ever more connected.

The state of cybersecurity in healthcare

Research provides a telling look into the state of cybersecurity in the healthcare sector.

The 2023 HIMSS Healthcare Cybersecurity study, for example, found that 55% of respondents reported that their organization experienced a significant security incident in the prior 12 months and 12% had suffered a ransomware attack.

The “Study on Cyber Insecurity in Healthcare 2023” from Ponemon Institute, a nonprofit research organization, and security software maker Proofpoint found that 88% of organizations experienced an average of 40 attacks in the prior 12 months, with the average total cost of a cyberattack being almost $5 million.

It also found that 64% of organizations had suffered a supply chain attack in the prior two years, 63% had an average of 21 cloud compromises during the prior two years, and 54% experienced an average of four ransomware attacks during the prior two years. All organizations surveyed had at least one incident in which sensitive healthcare data was lost or stolen.

Yet despite such findings and the magnitude of the Change Healthcare breach, security officials do not consider the healthcare industry a cybersecurity laggard, with multiple sources saying that the sector has made significant improvements in its security posture over the past decade.

Findings from Statista , a German market and consumer data company, back up such assertions. It studied the distribution of cyberattacks across worldwide industries in 2023 and found that healthcare is in the middle, suffering 6.3% — compared to manufacturing at the top of the list with 25.7%.

However, security leaders say those numbers could shift, as healthcare institutions become a more popular target for hackers for multiple reasons.

Why do hackers go after healthcare?

To start, healthcare entities typically hold what hackers see as a treasure trove of data – including Social Security numbers and financial information, says David Brumley, a Carnegie Mellon University professor whose research focuses on software security and CEO of security software company ForAllSecure.

They also often have complex technology environments with both IT systems and operational technology (OT) as well as plenty of legacy tech. All of this creates an expansive attack surface and the potential for more ways in, says John Riggi, the American Hospital Association’s national adviser for cybersecurity and risk.

At the same time. healthcare entities vary in the resources they can invest in security, with small and rural organizations often lacking the money and staff needed to significantly beef up defenses, Riggi and others say.

Yet the healthcare sector is highly interconnected, as the Change Healthcare attack showed, with entities of all types — regardless of security maturity — sharing data, which Brumley says makes third-party attacks both more probable and more potent in healthcare than in other, less interconnected industries.

Moreover, the sector — like most others today — is highly reliant on software vendors to create, deliver and maintain secure products, even though healthcare IT and security leaders usually lack the ability to determine whether those products are truly secure by design, Brumley adds.

And because of the real life-and-death need to access systems and data, Brumley says healthcare entities have shown that they’re willing to quickly pay hackers during ransomware attacks — a fact that makes them a target for future attacks.

Attacks are rising as challenges abound

Indeed, attacks increased quarter over quarter in 2023, according to the 2023 Q4 Cybersecurity Trends and Threats in the Healthcare Sector report from Health-ISAC . The report showed that ransomware attacks against healthcare increased from just under 60 in Q1 to more than 140 in Q4.

Meanwhile, security leaders within the healthcare sector have faced — and continue to contend with — significant and sometimes sector-specific challenges to solving for those factors that make them a target and that can up the chances of a successful attack.

Many security leaders report that they don’t have adequate resources to implement the needed security measures because they’re often competing with pricey life-saving medical equipment for the limited funds available to spend, Kim says.

Furthermore, he says their complex technology environments can make applying and creating security in depth not only more challenging but more costly, too. That, in turn, makes it less likely for CISOs to get the resources they need.

Security teams in healthcare also have more challenges in updating and patching systems, Riggi explains, as the sector’s need for 24/7 availability means organizations can’t easily go offline — if they can go offline at all — to perform needed work.

Healthcare security leaders also have a rapidly expanding tech environment to secure, as both more partners and more patients with remote medical devices become part of the sector’s already highly interconnected environment, says Errol S. Weiss, chief security officer at Health-ISAC.

Such expansion heightens the challenges, complexities and costs of implementing security controls as well as heightening the risks that a successful attack against one point in that web would impact many others.

“The amount of complexity, the interconnectedness, the number of external partners and providers that are part of this giant ecosystem all make the task of securing healthcare systems so difficult and so enormous,” Weiss says.

Healthcare is taking steps to improve security

As is the case in other industries, the healthcare sector is working to improve its security posture.

For example, 55% of respondents to the HIMSS survey reported that their 2023 security budgets were higher than the previous year’s budget. (That’s up from the 52% who saw a year-over-year increase in the 2022 survey.) Looking ahead, 58% of respondents said they expected their budgets for 2024 to be higher than their 2023 budgets.

The HIMSS survey also found that security is now a board-level concern, with 62% saying their boards oversee cybersecurity risk and 68% saying their directors get regular briefings on cybersecurity risk.

“Today healthcare CEOs are talking about attack surface and risk. That’s a conversation that five or 10 years ago that would never have happened,” says Nitin Natarajan, a deputy director at the US Cybersecurity and Infrastructure Security Agency (CISA).

Natarajan and others highlight additional steps the healthcare sector is taking to boost security, citing as examples the US Food and Drug Administration’s 2023 guidelines for secure-by-design medical devices and the increasing level of information-sharing that happens via various channels such as the Health-ISAC. In fact, Health-ISAC’s Threat Operations Center (TOC) published 1,044 targeted alerts in 2023 to member and nonmember organizations — a 281% increase over the number of alerts sent in 2022.

“The industry is investing more in security; they’re stepping into the problem. We could argue they should have been doing it sooner, but they are making progress,” says Robert Booker, chief strategy officer at HITRUT, an organization that delivers data protection standards and certification programs , and chair of the Healthcare Third-Party Risk Management Alliance.

The Change Healthcare attack is pushing the industry to make even more improvements, security officials say.

Booker, a former CISO at UnitedHealth Group, says the attack also serves as a blaring reminder to healthcare organizations to “make sure you focus on the basics and essential security measures, like multifactor authentication, have them where you need them, which is everywhere, and have a way to know that what you’re doing is right, have an assurance capabilities that shows your stuff is working.”

Calls for more healthcare organizations to tighten security

Authors of the HIMSS report also called for more to be done, for instance, writing that “while almost two-thirds of respondents indicated that their board of directors are regularly briefed regarding cybersecurity risk, this number needs to be higher. Ideally, more healthcare organizations will embark upon the proactive journey of regularly briefing their boards of directors.”

The authors additionally called out the need for more supply chain risk management: “Less than half of respondents (41.92%) to this survey indicated that their organization has established a cybersecurity supply chain risk management program. The remainder of respondents (58.08%) indicated that they either did not have such a program or were unsure. The risk of not having a robust cybersecurity supply chain management program is that there may be too much dependency on one vendor or supplier.”

And HIMSS officials advocated for healthcare entities to adopt the NIST Cybersecurity Framework Version 2.0 and the recently released US Department of Health and Human Services’ voluntary cybersecurity performance goals (CPGs).

Others agree that such moves need to happen — and happen fast.

Sen. Ron Wyden, a Democrat representing Oregon and one of many US lawmakers calling for more scrutiny of UHG in the aftermath of the attack, has criticized the slow pace of action. He has faulted the Biden administration’s timeline for putting healthcare cybersecurity regulations — saying the yearend goal is too far out.

“Every new devastating hack hammers home the need for mandatory cybersecurity standards in the healthcare sector, particularly when it comes to the largest companies that millions of patients depend on for care and medicine,” Wyden says in a statement to CSO. “Without action, patients’ access to care and their personal health information will be compromised and ransomed by hackers over and over again.”

Weiss says healthcare security leaders and other sector executives got that message and they are working to learn lessons from the Change Healthcare incident and to implement additional security measures to improve their own security posture and their own resilience.

Benjamin Luthy, program director of cybersecurity and an adjunct professor at Champlain College Online, says it’s a worthwhile exercise: “Everyone can learn a lesson; anyone who leads a security or information technology program can learn from this.”

Related content

How cyber insurance shapes risk: ascension and the limits of lessons learned, 8 critical lessons from the change healthcare ransomware catastrophe, london hospitals face days of disruption after ransomware attack on supply chain partner, from our editors straight to your inbox.

Mary K. Pratt is a freelance writer based in Massachusetts.

More from this author

Better metrics can show how cybersecurity drives business success, fake network traffic is on the rise — here’s how to counter it, ai poisoning is a growing threat — is your security regime ready, the rise in ciso job dissatisfaction – what’s wrong and how can it be fixed, 6 best practices for third-party risk management, as perimeter defenses fall, the identify-first approach steps into the breach, secure from the get-go: top challenges in implementing shift-left cybersecurity approaches, the undeniable benefits of making cyber resiliency the new standard, most popular authors.

• Gyana Swain

Show me more

Companies poorly prepared for tls transition.

Why OT cybersecurity should be every CISO's concern

Trump campaign suffers sensitive data breach in alleged Iranian hack

CSO Executive Sessions: Guardians of the Games - How to keep the Olympics and other major events cyber safe

CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi)

CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands

Cybersecurity Insights for Tech Leaders: Addressing Dynamic Threats and AI Risks with Resilience

• IT technical skills

relif - STOCK.ADOBE.COM

Australia’s cyber security skills gap remains pressing issue

Study reveals australia’s critical shortage of cyber security professionals, escalating the risk of data breaches.

• Aaron Tan, TechTarget

Australia’s cyber security skills gap continues to be a pressing issue that has led to a spate of data breaches , increasing the risk of future cyber security incidents, a study has found.

According to an analysis of the latest Australian census, as well as labour force data by StickmanCyber, an Australian cyber security service provider, there are only 11,387 cyber security professionals holding vital roles such as penetration tester, cyber security engineer, cyber security analyst, cyber governance risk and compliance specialist.

These professionals make up just 3% of Australia’s ICT workforce. In comparison, there are 50,000 ICT project managers in Australia and 7,000 chief information officers. Across the country, there are more than twice as many software engineers in New South Wales than cyber security professionals in the whole of Australia.

Australian businesses also have more ICT than cyber security professionals available to them. According to the study, there’s roughly one ICT worker for every seven companies, but just one cyber security professional per 240 Australian businesses.

To plug the cyber security talent gap, Australia has become dependent on skilled migrants, with 51% of cyber security professionals born outside of Australia.

The gender mix in Australia’s cyber security industry also leaves much to be desired – just 16% of Australian cyber security professionals are women, and only one in 20 penetration testers or cyber security architects are women. “The Australian cyber security industry is growing, but there’s a worrying shortage of technical cyber security skills and very few Australians are in dedicated cyber security roles such as penetration testing ,” said Ajay Unni, CEO and founder of StickmanCyber.

“Many recent high-profile breaches are a natural consequence of Australia’s cyber security and technical skills gap,” he added. “Too much of the cyber security burden is falling to IT teams and professionals with a broad knowledge of IT, who lack specialised cyber security expertise. They don’t have the expertise needed to protect a business. There is also a degree of disproportionate trust in technology.”

Read more about cyber security in Australia

• The OAIC has called for organisations to proactively address  privacy risks from outsourcing personal information handling  to third parties.
• Cisco is looking to  tap opportunities in sustainability, AI and cyber security  as it navigates Australia’s economic headwinds.
• Australia’s  new cyber security strategy  will focus on building threat-blocking capabilities, protecting critical infrastructure and improving the cyber workforce, among other priorities.
• MongoDB’s certification  from Australia’s Information Security Registered Assessor Program will pave the way for federal government agencies to use its Atlas database service for protected workloads.

Noting that there are no quick fixes to the problem, Unni called for Australia to incentivise young people and students to pursue a career in cyber security – especially women.

“Companies also need to improve working conditions and reduce burnout to ensure that people stay in the field,” he said. “In the short-term, businesses that cannot find the skills they need in-house must look to trusted third-party security service providers who have the skills they lack.”

Under Australia’s cyber security strategy for 2026 to 2028 , plans are afoot to improve cyber maturity generally, including the development of a diverse cyber workforce.

Proposed measures include aligning migration policy with cyber skill requirements, and guiding employers to target and retain diverse talent, to support the professionalisation of the cyber workforce.

Read more on IT technical skills

OAIC files civil penalty action against Medibank

Australia budget closes in on digital divide, cyber resilience

Australia to spend A$9.9bn on intelligence and cyber capabilities

OAIC: Uber failed to protect personal data of Australians

The next U.S. president will set the tone on tech issues such as AI regulation, data privacy and climate tech. This guide breaks ...

Minnesota Gov. Tim Walz supports climate action and released a Climate Action Framework detailing steps for the state to become ...

Remedies in the Google online search antitrust case could include eliminating the company's use of distribution contracts that ...

Highlights from Black Hat USA 2024 include a keynote panel on securing election infrastructure as well as several sessions on ...

Although Flashpoint is known for their cybersecurity threat intelligence services, the vendor also provides physical security ...

Cutting through an EDR tool's marketing hype is difficult. Ask vendors questions, and conduct testing before buying a tool to ...

Network architects face challenges when considering a network upgrade, but enterprises can keep problems to a minimum by ...

Wireshark is a useful tool for capturing network traffic data. Network pros can make the most of the tool by analyzing captured ...

IP addressing and subnetting are important and basic elements of networks. Learn how to calculate a subnet mask based on the ...

Tests off coastlines around the world are measuring the feasibility of underwater data centers. With proper maintenance and ...

Sustainable and renewable energy sources are necessary for data centers to meet emissions requirements by 2030. Nuclear power is ...

Intel's failure to profit from the red-hot AI market is behind plans to cut 15,000 jobs. The workforce reduction is part of a $10...

Vector databases excel in different areas of vector searches, including sophisticated text and visual options. Choose the ...

Generative AI creates new opportunities for how organizations use data. Strong data governance is necessary to build trust in the...

Snowpark Container Services aims to provide the vendor's users with a secure environment for deploying and managing models and ...