It’s that time of year again — the leaves are changing, the air is getting chilly, and cybersecurity threats are lurking around every corner. That’s right, it’s Cybersecurity Month! And what better way to celebrate than by taking a look at some of the scariest statistics about cybersecurity risks and software security? Just in case your development team needed a few more nightmares, here are some stats that will haunt them all month long.
Scary Cybersecurity Data Breaches (2021-2022)
As we end Cybersecurity Month, it’s important to take a look at some of the scariest cybersecurity data breaches of the past year. These breaches are a stark reminder of the importance of software security, and the risks associated with data security. The past year has seen some major scary data breaches at companies like Facebook, Colonial Pipeline, and Bykea. The impact of these breaches has been widespread, with millions of people’s personal data being exposed.
Jarring Data Breach Stats Around the Globe
No matter where you turn, it seems like data breaches are making headlines. And with good reason – the costs of a data breach can be staggering. But it’s not just the monetary costs that are alarming. Data breaches can also have a major impact on a company’s reputation, customer trust, and even employee morale.
The following are just a few of the many data breaches that have made headlines around the world in recent years:
Facebook Data Breach
In April 2021, it was revealed that the personal data of over 500 million people had been exposed in a data breach at Facebook. The data that was exposed included names, phone numbers, and email addresses. This breach is one of the largest in history, and it’s sure to have a lasting impact on the company. The data was posted for sale on a low-level hacking forum.
How It Was Executed
The data breach was executed by attackers who were able to exploit a flaw in the company’s systems. The attackers were then able to gain access to the data of over 500 million through a now-defunct feature. The feature enabled Facebook users to find each other using a phone number. The hackers used the feature to web scrape Facebook’s user database after it was left exposed.
Consequences
When the news broke about the data breach, Facebook’s stock took a hit. The company’s shares fell by 2.5%. This breach is also sure to have a lasting impact on the company’s reputation. Facebook has been embroiled in controversy about its data security policy in recent years, and this is sure to add more fuel to the fire. Further, this data breach came on the heels of another data breach at Facebook that affected over 80 million people.
Best Practices for Developers/Engineers
This breach is a scary reminder of how important application security is. Developers and engineers need to be vigilant in order to avert such attacks. Data security should be a top priority when creating and maintaining software applications.
Colonial Pipeline
In May 2021, a ransomware attack hit the Colonial Pipeline, leading to the shutdown of operations. This caused a major disruption to the supply of gasoline and other fuel products across the United States. The attack highlights the importance of cybersecurity for businesses, especially those that rely on mission-critical software and systems.
How It Was Executed
The ransomware attack on Colonial Pipeline was executed by a group called DarkSide. They are a criminal gang that is behind many other attacks. They infiltrated the system and encrypted the data, demanding a ransom in Bitcoin in order to decrypt it. Investigations revealed that a compromised password to a VPN account was used to gain access to the system. Once inside, they were able to move laterally and encrypt critical systems.
Consequences
The consequences of this attack were widespread, as the pipeline supplies about 45% of the East Coast’s fuel. This caused panic and led to a rise in gas prices. Many people were unable to fill up their tanks and some even resorted to hoarding gasoline.
Best Practices for Developers/Engineers
The breach exposed the importance of having strong cybersecurity measures in place, especially for businesses that rely on mission-critical software and systems. Developers and engineers need to develop systems with several levels of redundancies and security. They also need to be constantly monitoring for vulnerabilities and patching them as soon as possible.
JBS Ransomware Attack
In May 2021, a ransomware attack hit the JBS meatpacking company. This led to the shutdown of operations at several plants across the United States.
How It Was Executed
The ransomware attack on JBS was executed by a group called REvil. They are a criminal gang that is behind many other attacks.
Consequences
The shutdown of operations at JBS led to a major disruption in the supply of meat products across the United States. This caused panic and led to a rise in prices for meat products.
Best Practices for Developers/Engineers
Password hygiene is critical to preventing these types of attacks. Developers and engineers should ensure that strong passwords are used and that they are changed regularly. They should also use two-factor authentication whenever possible. In addition, they should be aware of the risks of using third-party software and services.
Bykea
Bykea, a Karachi-based tech company was hit by a data breach in late 2020 and early 2021, that exposed the personal data of over 400 million people. This included names, email addresses, internal logs, addresses, and driver’s license numbers among other personally identifiable information. The data had been stored in a production server that was neither password-protected nor encrypted.
How It Was Executed
The hackers gained access to Bykea’s systems through a production server that was left unsecured. They were then able to easily access data on the server. In the September 2020 hack, the data was simply deleted from the server. However, in the January 2021 hack, a white hat hacker informed the company of their unsecured server which the company secured immediately.
Consequences
After the deletion, the company was able to restore its data from one of its backups, therefore, having minimum interruption to its operation. The company suffered reputation damage for its negligence and has put in place new security measures to prevent future breaches.
Best Practices for Developers/Engineers
Developers and engineers should always ensure that servers are properly secured and that data is encrypted. They should also have proper backup procedures in place to ensure that data can be recovered in the event of a breach.
.
The Best Application Security Solution
October is Cybersecurity Awareness Month, and we’ve been using it all month long to highlight the many dangers that face businesses and individuals online. From data breaches to ransomware attacks, there are plenty of threats for hackers to exploit. These numbers should be enough to scare any business owner into taking action and investing in cybersecurity solutions. At Kiuwan, we offer two key products that can help protect your code security: our Code Security solution [SAST] and our Software Composition Analysis [SCA].
Our SAST solution scans your code for vulnerabilities and provides feedback on how to fix them, while our SCA tool identifies vulnerable open-source components in your software and helps you manage their risk. Note that Kiuwan is the best application security solution on the market, so don’t wait until it’s too late — contact us today for a free trial!
