There’s no shortage of headlines about hackers who infiltrate managed servers to devastate small to medium businesses in numerous industries. Unfortunately, outsourcing your cybersecurity management doesn’t always guarantee safety. Online hackers have figured out a way to access the servers of managed service providers (MSPs) through covert measures that wreak havoc on their clients.
A favorite hat-trick of most hackers is to steal commercial secrets and sell them to the highest bidder on the dark web. This is obviously not a desirable outcome for any business. That’s why it’s advisable to practice strict cyber security measures that’ll protect your company from such attacks.
After all, you don’t want to end up like some of the companies mentioned below who now serve as cautionary tales of what could happen when a hacker strikes.
Canva hacking debacle
Canva is a popular internet startup based in Sydney and it’s one of the most recent victims of cyber hacking. Anyone who has used Canva will tell you that it’s a convenient platform that can turn anyone into a graphic designer.
However, its popularity has made it a target for hackers who see it as an opportunity to gather user data for nefarious purposes. According to reports, a hacker known only as GnosticPlayers stole the information of more than 130 million Canva users and is selling their data on the dark web.
The most concerning part about this event is the fact that this hacker stole valuable data including, real names, usernames, customer location and usernames. 61 million of the affected Canva users had their passwords hashed as well, using an advanced password hashing algorithm known as bcrypt. Reports further show that 78 million of the users used a Gmail account to login to Canva. All of this information wouldn’t have been out there were it not for the attack.
Canva later issued a statement urging their users to change their passwords due to the reported breach.
Landmark White security breach
A Sydney property evaluation firm known as Landmark White recently suffered a devastating security breach which cost well over $8 million to repair. This was all at the hands of an IT contractor that the company had hired to manage aspects of the company’s IT department for over 12 years.
As part of his attack, Stephen Grant used his credentials to retrieve confidential property valuations, names, contact information, driver’s license information and addresses of over 270, 000 people. Grant published the information on the dark web, where it could have been used for identity theft and to carry out fraudulent bank transactions.
Not only did Grant abuse a position of power but he betrayed the trust of his colleagues, not to mention how his actions tarnished the firm’s reputation.
Ransomware attack non Victorian Hospital
A number of hospitals in Victoria were hit with ransomware attacks that slowed service delivery and affected numerous patients. This includes Barwon Hospital and Gippsland Hospital, whose servers were badly affected by the attack and left most of their computer-controlled software practically unusable.
Staff members couldn’t access the hospital’s servers, including its financial systems. To remedy the problem, the affected hospitals had to switch off the affected servers, which meant shutting down booking systems, patient information and management records.
This also meant that the hospitals had to use manual systems and reschedule appointments since patient records were no longer available.
Australian businesses, big or small, have been faced with damaging security and data breaches carried out by internal and external operators alike. This is becoming even more common as the dark web becomes more popular among hackers and experienced IT operators, and it’s a genuine cause of concern for local businesses like iCannabis, as a security breach can cost millions to clean up.
One way to protect your company is by using a reliable Virtual Private Network or VPN for short. Good quality VPNs come with encryption software that provides iron clad protection.
It might also be a good idea to use some type of password manager that automatically generates new passwords every few days or so to protect user credentials. Also, install and update your anti-virus software regularly.
It’s also important to make sure that the passwords you use for employee access are strong and hard to crack. A good rule of thumb is to use a combination of letters, numbers and characters.
If you’re going to use an MSP of any sort, be sure to ask them if they’ve ever been compromised and what measures they have in place to prevent it from happening again.