The year 2018 was not a very stable year when it came to cybersecurity. We saw many ups and downs, improvements and drawbacks, as well as many attacks that marked the year. There has been a lot of talk about cybersecurity in the past year, which is great because people are becoming more aware of its importance. However, not everyone has taken it seriously, since we still witnessed thousands of cyber attacks and about a million minor breaches.
With millions of people’s data compromised and exploited, we’ve seen many examples of poor cybersecurity systems and response protocols. Some of these incidents could’ve been prevented by following the official NIST guidelines for protecting, identifying and recognizing threats, as well as recovering and responding to a cyber attack. We’ve compiled three security-related incidents that could’ve easily been prevented in the previous year if the companies paid more attention to NIST regulations. The purpose of these examples is to emphasize the importance of complying to this set of cybersecurity guidelines. Take a look at the list of incidents below, as well as details on how they could have been prevented.
#1 The UBER Cover-Up Incident
We will start off with the well-known UBER incident that took place in September 2018. The actual security breach that caused the chaos happened back in 2016 and caused enormous expenses of over $148M. However, UBER did not notify its drivers at the time of the incident and they didn’t even report the breach, which is a part of the standard response procedure. It took them almost two years to notify people that their information had been compromised.
In addition to almost 150 million dollars of expenses, they paid over $100,000 to cover up the breach. However, the truth always comes to the surface and, when it did, it really hurt the reputation of the company. If they had followed the NIST regulations for response and recovery, they would’ve reported the breach and prevented such bad publicity on top of all the damage that the attack had already caused.
#2 The O2 Collapse
2018 was a rough year for O2, the UK’s second largest mobile network provider. The company experienced a total collapse after they forgot or failed to update one of their expired software certificates. If you’re not familiar with the term, software certificates are pieces of code that enable communication between devices or sites. As an essential part of an IT infrastructure, these codes must be kept up to date or else the whole network will collapse, which is what happened to O2.
When the chaos took place, over 25 million users lost access to mobile data, as well as call and text services. All data was temporarily exposed to larger threats as hackers could’ve easily found their way through it among all the chaos in the network. This incident could’ve been prevented by taking into consideration the NIST protection guidelines and keeping all aspects of the structure up to date.
#3 The Ticketmaster Extended Enterprise Chaos
The third incident worth mentioning Is the Ticketmaster disaster that took place about a month after GDPR became active. Ticketmaster suffered an enormous hack on a third party support product, which compromised the data of over 40,000 customers. This example can remind us about the importance of securing all extended enterprises, including suppliers and partners. Making sure that all company’s partners and suppliers are taking care of their end of security is a vital step to protecting the business. Unfortunately, Ticketmaster failed to do this in time so they had to deal with an enormous issue.
It’s such a shame to think that these companies could’ve saved millions of dollars if they paid attention to the right aspects of their security systems. Luckily, you can learn from their mistakes and prevent incidents before they take place. The best way to start is by engaging your team to comply to the NIST framework and follow all security guidelines that will lead you in the right direction when it comes to protecting your business and data.