Learn From Other Businesses’ Mistakes: Protect Your Enterprise Better
“It’s good to learn from your mistakes. It’s better to learn from other people’s mistakes.” – Warren Buffett. This quote couldn’t be more accurate, especially in business. One mistake every enterprise should avoid is not paying close attention to its cybersecurity. A security incident can cost time, money, and your customer’s trust.
To help you prevent this from happening to your enterprise, we’ll review some real examples of cyber breaches and their consequences. We’ll also provide practical advice and best practices for businesses to protect themselves from cyberattacks.
Real-world breaches and their consequences
Since it’s much better to learn from others’ mistakes than your own, let’s see some cybersecurity mistakes real organizations have made, which resulted in devastating incidents.
The Yahoo cyberattack in 2014
Before Google took over, Yahoo was the email and search engine juggernaut until the early 2010s. One thing that led to Yahoo’s downfall was the way it handled a devastating cyberattack in 2014.
The attack happened after a successful spear-phishing campaign, which led an unsuspecting employee to click on a malicious link. Once inside the network, hackers had access to Yahoo’s entire user database, including emails, passwords, answers to security questions, and more. At least 500 million user accounts were affected.
What were the consequences?
Yahoo still hasn’t recovered from the reputational damage of this attack. The attack also cost Yahoo over $500 million in damages, which includes:
- Verizon negotiating $350 million less than originally planned to acquire Yahoo
- Yahoo was charged $35 million by the SEC for failing to notify customers about the breach
- Around $60 million for attorneys and other legal fees, and more.
Colonial Pipeline ransomware attack in 2021
The Colonial Pipeline attack in 2021 is one of the most impactful events in cybersecurity history. Colonial Pipeline is a critical infrastructure supplying oil and gas to the East Coast of the US. Its network got hacked in May 2021 through a leaked password for a VPN account.
What were the consequences?
The consequences of this attack were devastating not just for the organization but for everyday life. It resulted in gas shortages and price hikes. The hackers also came away with $440 million in Bitcoin, despite Colonial Pipeline working with the FBI throughout the attack.
Best cybersecurity practices for businesses
From the examples above, we can gather several best practices that would minimize the risk of the same thing happening to your business:
- Invest in employee training
Human error is the number one cause of cyber incidents. Whether it’s a phishing attack or a weak password, humans are bound to make mistakes, especially with no security awareness training. Teaching your employees the main cyber dangers will help them identify threats and avoid mistakes. You should also consider providing employees with a password manager to help them create and manage strong passwords.
- Encrypt sensitive data and manage strong passwords
Sensitive business data is a gold mine for hackers. Use encryption to protect data stored on devices, in transit, and in the cloud. Secure cloud storage is a must in today’s business threat environment. Your cloud solution should have essential security features, which include
- Access control
- Secure file sharing
- Straightforward backup process
- Be transparent
Misleading customers about your security practices is a recipe for disaster. It’s also against the law, for the most part. Always be open and honest about your business practices and any potential issues or concerns. Transparency is an important part of building trust with stakeholders and maintaining a healthy and security-oriented business culture.
Having a transparent culture will also motivate the entire organization to present itself in a positive light.
- Regularly update software and systems
Software and systems updates often include security patches that address known vulnerabilities. These vulnerabilities are discovered by the software developers and other cybersecurity experts. Once the vulnerability is found, the developers release patches to fix it.
If these vulnerabilities are not patched, cybercriminals can exploit them to gain unauthorized access to systems and data. For example, a vulnerability in an operating system can be used to install malware or gain control of the entire system.
Cybersecurity is a trending topic in boardrooms. However, many companies still fail to prioritize it, resulting in worrying cybercrime statistics. Companies can learn from each other’s mistakes and implement security best practices to protect against cyber attacks.