Today we take a look at some of the most significant cybersecurity incidents of 2020, their impact, and the steps your organisation can take to protect itself.
Cybersecurity in the UK
According to ITpro.co.uk, 2020 was the busiest year on record for cyber-attacks against UK firms, with a 20% rise against 2019 (exactly 686,961 according to specialist internet service provider ISP beaming). The damage of cyber-attacks can be devastating. In the UK, the average cost of a data breach has grown to nearly £2.7 million, according to IBM research, and the reputational harm can be incalculable.
Why has cybercrime increased?
Due to the Coronavirus lockdown, employees need to work from home where possible. Companies were compelled to invest in online tools and software for their staff’s well-being and survival without fully understanding the risks and vulnerabilities (or perhaps not taking them seriously enough or not having the funds to invest in cybersecurity).
Top cybersecurity incidents 2020
Tesco Clubcard
In the Tesco breach, fraudsters used usernames & passwords, taken from leaks on other sites, to access Clubcard accounts. The fraudsters could have been successful spending points or vouchers, leading to:
- Tesco being forced to issue 600,000 new Clubcard loyalty cards
- Clubcard holders being asked to reset their passwords
The types of breaches can be prevented by introducing two-factor authentication. Users need to take some ownership and get clued up on secure password management and refrain from using the same password across multiple accounts.
Virgin Media
Virgin Media left a marketing database open for ten months, which saw 900,000 people’s personal details being accessed. The consequences for Virgin Media included:
- Having to inform the Information Commissioner’s Office of the breach
- Reputational damage from the Financial Times reporting of the incident
The incident could have been avoided if the database was correctly configured.
Boots
Boots Advantage Card suffered an attempted cyber-attack, using stolen passwords to compromise user’s accounts.
- Boots was forced to suspend loyalty card payments temporarily
The Boots incident once again demonstrates the importance of user’s not using the same username and password for multiple accounts.
Avon
A misconfigured cloud server at Avon allowed 19 million records to be leaked, including personal information. The damage to Avon included:
- Exposing the company to ransomware attacks
- Some services and operations were interrupted, which may have been caused by the leak
These types of incidents can be prevented by encrypting databases and adding password protection.
Oracle and Salesforce
Oracle and Salesforce use third-party cookies for mass surveillance of internet users and ad tracking to carry out real-time ad auction bidding. Litigation argues that the process is not compliant with EU laws that govern personal data use without the person’s consent. Oracle and Salesforce are subject to:
- Collective claims that exceed 10 billion Euros
This type of litigation can be prevented by ensuring GDPR compliance.
How companies can protect themselves against cyber attacks
Companies can protect themselves against cyber-attacks and ransomware through penetration testing. Penetration testing from Omnicyber Security discovers vulnerabilities in your network and apps, so these can be addressed.
How companies can ensure compliance
Omnicyber Security can help your business protect its sensitive and confidential personal data and ensure GDPR compliance. Contact us to learn more about the full range of services we provide.
