Article by
Gildas Jones

Pssst… do you want to hear a scary story this Halloween? Something way scarier than ghosts and ghouls? Here are some cybersecurity horror stories that’ll keep you from sleeping for the next few nights.

10/25/2021

Cybersecurity Halloween – the real horror show

Cybersecurity Halloween – the real horror show

WooOOooh… It’s (almost) Halloween. Time to don your spookiest costume and get out there to scare the neighbours.

Because it’s that very special time of year, we thought we’d share a more fun post than usual…

If, by “fun”, you mean absolutely bone-chillingly terrifying for any business owner!

Here are some of the real horrors to avoid this year when it comes to losing money, control of your business, or both:

Scary cybersecurity situations you don’t want to be in

1) Your clients’ data? Stolen

One of the most horrifying kinds of cybersecurity horror story happens after a data breach. When your company’s or your clients’ private data has been accessed, there is little you can do to stop that data from being used for the most terrifying of purposes (usually defrauding your clients or you).

Just ask some of the biggest brands in the world.

  • TalkTalk – the infamous TalkTalk hack of 2015 was a data breach in which the giant communications company had the sensitive information of 4% of its clients stolen. That cost the company £42 million. Plus an extra £400 000 fine because they didn’t have a secure system in place to begin with.
  • eBay – global auction site eBay had found itself facing an arguably even worse situation the year before. The details of more than 145 million of the site’s users were compromised, costing the company big in trust and cash.
  • Marriott Hotels – more recently, in 2018, the massive Marriott International hotel chain had the details of more than 383 million of its guests stolen. This included all of their personal details – and even some bank card details and expiry dates. The cost? Around £52 million, most of which was luckily covered by insurance.

But the UK data protection authority wants to fine Marriott an extra £99 million for their lax protection procedures. The lesson? Get proper protections in place ASAP. Also, look into cybersecurity insurance and find out what yours covers (because around 20% of businesses say that after checking, they found they weren’t covered for ransomware attacks).

2) Your access? Blocked

Ransomware is a scary concept. If you’re not familiar with it, imagine turning up to work one day to find that all of your systems were locked behind a password you didn’t put in place. Now picture that someone you don’t know wants you to pay them money to get access to your systems back.

That’s exactly the situation that dozens of organisations found themselves facing after the well-named WannaCry ransomware attack in 2017. The NHS. FedEx. Some of the largest organisations in the world were compromised by this attack. The hackers demanded to be paid in BitCoin before the companies’ files were unlocked.

Overall, it’s estimated that the attack cost companies around £3 billion. It’s not a situation any business leader wants to face, even on Halloween. If you haven’t already, it’s time to start making sure your cybersecurity procedures are up-to-date.

3) Your team? Scammed

94% of all malware arrives by email. Phishing emails are the most common way this is done. These are emails that pretend to be from a legitimate source – sometimes, very convincingly.

Using social engineering techniques and taking advantage of the big increase in unsecured networks being used by companies being forced to offer homeworking and distance working set-ups because of COVID-19, malware scams are on the rise.

In six months of 2020 in the US alone, the FBI was tracking more than 12 000 scams. One of their recommendations was to make sure your team have current information and training in how to spot dodgy emails.

4) Your products? Hacked

The monstrous image of going into the office one morning to find that your products have been accessed by malicious actors is one that companies with poor cybersecurity face every day.

Back in 2012, LinkedIn lost control of its website product and 117 million emails and passwords of LinkedIn users were put up for sale on the dark web.

A few years ago in 2018, a similar thing happened to Under Armour. Their “My Fitness Pal” product was hacked to the tune of 150 million users having their data stolen, ready to be used in future scams against them.

Both companies had to scramble to fix the reputational damage, face the potential cost of fines, as well as pay to put the damage right.

5) Your cost to fix it? Higher than you’d think

The average cost of a ransomware attack is around £171 000. This has spiralled in recent years, with some sources tracking upwards of a 400% increase in what scammers can now get away with demanding.

But it’s not just the direct financial cost of an attack, high though that is. The average company experiences nineteen days of downtime after an attack. That’s nineteen days of not earning revenue and your team not being able to do their jobs.

It’s not uncommon for data breaches to go unnoticed for lengthy periods. In fact, the average time it takes a company that doesn’t have proper protections in place to even notice they have a problem is 207 days.

This varies by industry. But it’s still a truly shocking amount of time to have someone sitting, watching your company work, waiting for a time… to strike.

Has something in this article given you a little shiver?

Let’s talk about it. Dial A Geek helps nearly 1000 businesses in and around Bristol ensure their cybersecurity protects them from the latest, scariest threats.

Contact us to find out more. Or set up a cost and commitment-free chat with Chief Geek Gildas Jones today to discuss protecting your business better (click here for his booking calendar).