Your business’ biggest asset is its customer base, specifically, the data they hold. Which is why that information must be protected at all costs.
And if you think that your business will not be exposed to such threats then think again. Conglomerates with much tighter measures have been exposed, which means no business, regardless of size is safe.
We only need to look at some global examples to understand how scary these breaches can actually be.
The Yahoo Story
Yahoo became the victim of the biggest data breach in history. The attackers compromised the real names, email addresses, dates of birth and telephone numbers of 500 million users.
Then in December 2016, Yahoo disclosed another breach from 2013 by a different attacker that compromised the names, dates of birth, email addresses and passwords, and security questions and answers of 1 billion user accounts. Yahoo revised that estimate in October 2017 to include all of its 3 billion user accounts. That is a little under half the world’s population!
The timing of the original breach announcement was bad, as Yahoo was in the process of being acquired by Verizon, which eventually paid $4.48 billion for Yahoo’s core internet business. The breaches knocked an estimated $350 million off the value of the company.
So as you can see the cost of an information security breach can be heavy!
When LinkedIn got linked out
In 2012, a Russian Hacker acquired a total of 167 million login credentials from LinkedIn. Although the original total of compromised passwords was believed to be 6.5 million, the actual damage of the breach wasn’t revealed until 2016 when millions of passwords were discovered on the dark web marketplace.
That information security door needs to be locked and the key…well, hide it in a place that no one knows exists.
The Quora Question
Account information and private messages of around 100 million users were exposed when Quora’s computer systems were compromised by a malicious third party.
Quora noted that the incident was unlikely to result in identity theft, as the site does not collect sensitive information such as credit card or Social Security numbers.
Incidentally, this news came a week after hotel chain Marriott announced that hackers had stolen the personal data of up to 500 million guests.
The incident serves as another reminder that our lives are vulnerable to digital invasion.
The NASA Episode
In June, NASA revealed that a Raspberry Pi device had been blamed for a 2018 data breach that saw the theft of 500MB of mission system data.
An employee was said to have brought a Raspberry Pi into work without permission and connected it to NASA’s Jet Propulsion Laboratory network, which a hacker later targeted to gain access to adjoining systems.
The incident sparked a wider investigation into the organisation’s systems and networks, which found flaws in its database management techniques and methods used to track devices and applications using internal networks. NASA was fortunate in this instance, as the relatively minor security incident revealed far greater problems plaguing its systems, which were mercifully fixed before disaster could strike.
The important things is: if NASA can have an information breach, so could your business!
How can Sustainable Certification help?
When your business has a security breach, remember it is actually a breach in the trust your customers place in you. We can help you use ISO 27001 to manage several things like:
- Financial information
- Intellectual property
- Employee details
- Information entrusted to you by third parties.
Email us on firstname.lastname@example.org or call us on 1800 024 940.
Talk to us today to see how we can help you develop the right processes in place.