With October Cybersecurity Awareness Month at the halfway point, it is important to note that cyber-thieves and ID theft criminals never rest and continue to stay ahead of law enforcement, businesses and consumers.
Cybersecurity Awareness Month was launched by the National Cyber Security Alliance & the U.S. Department of Homeland Security in October 2004 – with a mission to educate consumers, small and medium-sized businesses, corporations, and colleges.
Based on the above, now is a great time for consumers and businesses to evaluate their cybersecurity posture – especially during the COVID-19 environment – with a focus on response and recovery.
Why response and recovery? Because consumers and employees continue to click on phishing emails and organizations continue to experience data breach events such as ransomware.
Two recent examples include Blackbaud (Blackbaud Ransomware Attack Gets Worse) and Twitter (Twitter Hackers Posed as Company IT Officials Making a Support Call).
Blackbaud – a cloud technology company confirmed in early October that “stolen data also included bank account data and Social Security numbers, far more personally identifiable information than the company first thought.”
Specific to Twitter, the New York State Department of Financial Services released its findings and concluded “the hack was relatively unsophisticated, caused by scammers who posed as members of Twitter’s IT help desk and directed employees to a phishing website designed to look like a company site.”
Blackbaud is your typical data breach example where their first statement on July 16, 2020 said while they were hacked, “that credit card information, bank account information, or Social Security numbers were not stolen.”
Fast forward 60 days later and Blackbaud now admits that their data breach “had access to more unencrypted data than previously disclosed, including bank account information, Social Security numbers, usernames and/or passwords.”
Unfortunately, the final story for most data breaches rarely reflect the initial news report and speak of what’s known at the moment, but never discuss the long-term – which is exactly what happened to Blackbaud and Twitter.
The fact is that the threat of a data breach or an ID Theft event can be a lifelong problem that may affect you (and me) long into the future and in ways you (and I) likely haven’t even thought about.
In Blackbaud’s case, their data breach event has affected 6 million people so far, including my alma mater, The University of Dayton.
With all the education and resources – including October Cybersecurity Awareness Month – consumers and businesses continue to fail phishing tests (after cyber-awareness trainings) and still click on actual phishing emails.
My advice to consumers and small businesses is a heightened awareness of phishing emails, unfamiliar links and attachments, and to reconsider the information that is being shared on social media.
After all, cybercriminals are not stable and cybersecurity is unpredictable – especially during Cybersecurity Awareness Month.
By Mark Pribish
Vice President and ID Theft Practice Leader