WHEN THE HACKER WINS
Thousands of businesses suffer cyber-attacks every week, when the hacker wins. However, just a small chink in your armour can lead to disastrous consequences as these two sorry tales portray.
CASE HISTORY – Customer Exposure
Alerted to a possible leak of credit card details by its card processing Company, an online retailer struggled for two weeks to find the source of a cyber-security breach. During that time, the firm apparently continued exposing the debit and credit card data of people who shopped on its website.
The company were advised that data of approximately 24,000 credit and debit cards used by Customers, could have been exposed. Fortunately, cardholder’s names, addresses and identifying information was secure.
A detailed timeline of events shows the firm first learned of a possible intrusion on 14 March. The card processor alerted the Company regarding fraud on a handful of cards recently used. The retailer launched an internal investigation and could rule out insider theft as the potential cause.
On 19 March, the Company hired a security firm to investigate further amid reports of more fraud. However, even then it was not able to isolate and shut down the breach until 28 March.
It took a further 36 hours to contain the breach and strengthen security to prevent a re-occurrence.
CASE HISTORY – Small business loses important Contract
A rival organisation with hostile intentions collected key information about a manufacturing Company over a period of time and used it against them. The attackers used social media sites to identify key employees to: –
- 0btain information about locations
- contact details
- current work projects.
Armed with this information the adversary sent targeted and realistic spear phishing emails to several staff in different teams, containing attachments infected with malware. A laptop containing intellectual property had been stolen from a Director during a business trip.
The attacker used the malware capability together with the stolen laptop to get into the network and extract vital information about the Company and its contract bid. Using stolen intellectual property, they produced a rival bid at a lower cost.
As a result, the Company lost out on the sizeable contract. Sadly, without this work, it was impossible to maintain the full workforce, resulting in redundancies for half the workforce. The press picked this up and as a result, lasting reputational damage together with a further loss of business occurred.
For help in reviewing your potential level of risk from cyber-attacks, contact us today