Businesses of all industries and functions face a common threat that can wreak havoc on their operations: cyberattacks. With each passing day, bad actors leverage new tools and methods to steal information from companies, local governments, and other organizations of varying sizes. Global and national businesses often occupy headlines as the latest victims, with countless customer details lost and massive ransoms paid.
Even though larger companies seem to fall victim to attacks more frequently, small- and medium-sized businesses can be even more susceptible and have a lower likelihood of recovery. Fortunately, companies can gain helpful insights from these breaches that might help them better protect their data. Here are five cyberattack lessons every business owner should learn from some of 2024's most prominent incidents.
1. CDK Global
The June 2024 CDK Global cyberattack is a prime example of the widespread effects of ransomware. CDK Global is a company that provides software and services to car dealerships, manufacturers, and similar businesses throughout North America to track vehicle repairs, sales, financing, insurance, and other day-to-day operations. According to CNN, the company allegedly paid its attackers a $25 million ransom to restore operations for itself and its customers after over two weeks of complete and partial outages.
The impacts of the CDK Global cyberattack resulted in:
- Downtime for 15,000 dealerships in the U.S. and Canada
- Issues for major manufacturers like Honda, Nissan, and BMW
- An estimated 5.4% decrease in June sales compared to 2023
- A projected $1.02 billion in new vehicle sales losses
What's the key takeaway from the CDK Global hack?
While CDK Global was a single company, its outages created far-reaching confusion and issues for the businesses, employees, and customers that relied on it. There's no guaranteed way to prevent a cyberattack from happening, but there are steps every company can take to ensure they're prepared. Creating an all-encompassing business continuity and disaster recovery (BCDR) plan is the best way to guarantee that personnel and systems have alternative options for cybersecurity threats or attacks.
A comprehensive BCDR plan should involve preparations like:
- Migrating physical servers to the cloud
- Regularly creating and testing back-ups
- Using cloud-based programs and software
- Making safety plans for on-site equipment
2. Change Healthcare
The Change Healthcare cyberattack in February 2024 impacted one of the largest global health payment processing companies. As a subsidiary of UnitedHealth Group, the company enabled healthcare providers to manage revenue, claims, and other related services. According to the U.S. Committee on Energy and Commerce, the ransomware attack originated from a lack of multifactor authentication (MFA) on a particular server. The resulting outage lasted almost three weeks, and part of the restoration efforts involved a $22 million ransom payment.
The Change Healthcare attack led to severe consequences, including:
What should businesses learn from Change Healthcare?
While other factors could have led to a successful breach of Change Healthcare's systems, the lack of MFA on such a sensitive resource gave hackers an easy entry point. Cyberattack trends related to MFA, whether it's not in place or bypassed with spam, emphasize how vital the resource is for any business. If your IT assets have personal data, are void of proprietary details, or lie somewhere in between, use MFA to add extra protection to your company's accounts and information.
3. AT&T
AT&T's April 2024 data breach highlights the inherent risks of working with third-party organizations that lack sufficient cybersecurity measures. According to CNBC, a breach using stolen credentials and a lack of MFA in the company's cloud provider resulted in the unauthorized access of AT&T's customer records. AT&T later shared that the breach included phone numbers, text messages, call records, and other details from an estimated 109 million customer accounts. The company allegedly made a $370,000 ransom payment to protect its customers and warned all affected users of future attacks.
What lesson lies in the AT&T cybersecurity incident?
The key takeaway is not insights from the cyberattack itself—it lies in the cascading effects of the AT&T data breach. Bad actors leak personal data at an alarming rate, and there's no guarantee it won't end up in the hands of others with malicious intent. Even if a business hasn't suffered a leak of sensitive information, it's essential to understand and prepare for the risks of increased social engineering and phishing attacks that leverage public details.
4. Ticketmaster
The May 2024 cyberattack on Ticketmaster is another instance of ransomware that affected massive amounts of customer data. According to the BBC, the company was impacted by a breach of the same third-party cloud provider as AT&T. A group of hackers claimed it had stolen personal and financial information for over 500 million customers and attempted to sell it on the dark web for $500,000. Live Nation, Ticketmaster's parent company, stated the leak didn't impact business operations and helped customers secure their accounts.
What should businesses take away from the Ticketmaster breach?
The biggest lesson from the Ticketmaster cyberattack is the danger of reusing login credentials. With usernames and passwords included in the leaked data, bad actors who viewed them could use credential stuffing to attack victims who use poor password practices. Using a password manager and generating unique passwords for each account is the best way to ensure businesses can protect their information. Even if one account is leaked in an attack, your other accounts can still be protected from the consequences.
5. Dell
Dell's cyberattack in May of 2024 was a unique instance of ransomware that impacted data for millions of customers. Information dated between 2017 and 2024 was pulled from the company's database. While no financial information was taken, the leak compromised some personal information and specific details on devices purchased by over 49 million customers. Dell claimed it was unlikely that its customers would encounter significant issues, but the company still supported them by providing tips on being aware of related threats.
The leaked information disclosed device details like:
- Hardware details
- Monitor serial numbers
- Customer numbers
- Service tags
- Order information
- Item descriptions
What can businesses learn from the Dell cyberattack?
While Dell customers didn't have sensitive personal or financial information leaked, their hardware specifications created a considerable opportunity for bad actors. Hackers often leverage outdated hardware and software since updates usually include details on what security vulnerabilities were patched. Updating your programs and devices may seem like a pain, especially when they're released frequently, but doing so helps protect against cyberattack attempts by securing access points.
Enhance your IT protections with Bit-Wizards
Cyberattacks can leverage a wide range of vulnerabilities and points of entry. For businesses focusing on their day-to-day operations and customer demands, unexpected IT security failures can cause catastrophic damage to their finances and reputation. Working with a managed service provider (MSP) can enhance a company's cybersecurity, but the challenging part is knowing which provider will follow through with its promises.
At Bit-Wizards, our Managed IT Services (MITS) deliver custom-fit, proactive security for every business we support, regardless of industry or scale. We apply our internal standards and Wizard lifestyle to our clients, ensuring they get the IT solutions and help desk support they expect and deserve. We know what it takes to deliver managed IT for any industry, from healthcare to hospitality and anything in between, and we're willing to go above and beyond to be the magic your business deserves.
Ready to get the IT your business deserves? Get in touch.