Hacking isn’t quite as old as the hills, but it’s been around for as long as computers themselves, growing from isolated, look-how-clever-I-am snooping stunts into a full-blown, financially-motivated industry which is costing the business sector billions.
Hitting the headlines
Whilst many hacking incidents go unreported (especially amongst small businesses), in the last two years there has been a marked increase in costly data breaches, with some cases achieving unprecedented, 10-figure sums.
2013: Evernote - $140m (£89m)
Hackers conducted a classic, text-book phishing campaign at this cloud-based document storage company, in which emails appearing to come from Evernote itself asked users to reset their passwords. Around 50 million customer records were compromised.
2013: Sony - $1.5bn (£953m)
Sony’s Playstation network was hacked and the personal details of 100 million customers were stolen: credit card data, phone numbers, emails and passwords. The estimated $1.5bn financial losses arose from swingeing fines imposed by data regulators around the world, class actions suits, and being offline for three weeks.
2013: Target Stores - $148m (£94m)
Payment card readers at this US retail giant were infected with malware which skimmed credit card details. The records of 110m customers were compromised, as was the CEO, who was forced to resign. Pity for Target that the insurance claim they filed only covered $38m of the total bill.
2013: Adobe Systems - $1.5bn (£953m)
Graphics software developer Adobe didn’t reveal (or, indeed, Photoshop) the exact cost of losing the credentials of 150 million user accounts in their data breach, but the cost is estimated to be $1.5 billion. They tried to allay concerns by revealing that most of the accounts were inactive.
2014: Home Depot - $80m (£51m)
Hackers were doing it for themselves when they infected the point-of-sales systems at this US DIY chain: what appeared to be anti virus software was actually malware that siphoned off 56 million credit card details.
2014: JP Morgan - $1bn (£635m)
The bank bosses must have thought they were safe with their annual $250 million cybersecurity budget, but it didn’t stop Russian hackers stealing the details of 76 million clients. Actual costs remain undisclosed, but the estimate is $1 billion.
2014: eBay - $200m (£127m)
Strangely, this breach took six months to discover, even though it involved the credentials of 230 million customers. Again, this is an estimate, as eBay have been borderline casual in their PR efforts to downplay the hack and control the reputational damage.
Details of data breaches which do hit the headlines are enough to strike fear into any big business owner, but small businesses don’t escape the hacker’s net. The costs are all relative, after all: one company’s billion is another one’s million, is another one’s very modest profit. Indeed, 60% of small businesses close within six months of experiencing a breach.
A few notable lessons leap out of these costly data breaches.
- Just because you’ve been hacked, it doesn’t mean you can fix and relax. In June this year, Evernote’s forum was hacked, and in a separate hacking incident in the same month, they suffered a denial of service.
- Inactive accounts are not worthless sources of information. Hackers know, and love, the fact that many individuals use the same passwords across several online accounts.
- Big cybersecurity budgets don’t necessarily buy you safety. Simple, everyday good practice counts for a lot.
In addition, weak passwords are regularly cited as a major problem - 50% of business passwords are crackable within minutes. In this case, good practice is to insist on users composing long and complex passwords; all made easy using password managers to take over the burden of remembering the details.
The T in SWOTThe one threat that won’t go away is that hackers are here to stay. Recognising that simple fact has got to be Point 1 on any company’s cybersecurity action plan.