Once again, headlines are filling with news about major breaches. From today’s Ticketmaster disclosure to stale telecommunications confessions, there’s no shortage of security breach stories. The real headline, however, is in the escalating costs, which we’ll discuss momentarily.

On Friday, nearly 2 years after the fact, AT&T finally revealed that 109 million cellular user customer accounts had been downloaded to a third-party platform between May 1, 2022 – October 31, 2022. Although personal information was not leaked, the fact that hackers had access to calls and texts of nearly all customers during this period – without AT&T signalling an alarm – is, well, alarming.

U.S. software giant Ivanti, an asset management software system used to remotely inventory and manage desktop computers, has come under scrutiny and censure from The Cybersecurity and Infrastructure Security Agency (CISA).

In 2023, Ivanti had to issue multiple patches to address zero-day vulnerabilities facing active attacks. A zero-day attack is one that gives the infected company network no time to remediate the bug before it is exploited.

One such attack enabled non-authenticated users to access the APIs used for configuring Ivanti Sentry via the administrator portal, make it possible for hackers to change configurations, system commands and/or write files onto the system.

Despite repeated patches, CISA issued an advisory at the end of February 2024, in conjunction with Canadian Centre for Cyber Security (Cyber Centre), and counterparts in Australia, New Zealand and the UK, stating that “the Ivanti ICT is not sufficient to detect compromise and that a cyber threat actor may be able to gain root-level persistence despite issuing factory resets.”

Ironically, Ivanti promotes itself by saying: “Ivanti finds, heals and protects every device, everywhere – automatically. Whether your team is down the hall or spread around the globe, Ivanti makes it easy and secure for them to do what they do best.”

CISA’s recommendations to Ivanti’s clients:

1. Limit outbound internet connections from SSL VPN appliances to restrict access to required services.

2. Keep all operating systems and firmware up to date.

3. Limit SSL VPN connections to unprivileged accounts.

Good advice for any firm facing similar challenges.

On April 24, 2024, Dropbox Sign (formerly HelloSign) announced that its automated system configuration tool had been hacked, enabling the intruder to gain privileges to its production environment. The hackers also accessed customer account information, API keys, OAuth tokens and its Multi-Factor Authentication.

Last month, it was announced that Canada’s privacy commissioner is teaming up with counterparts in the UK to investigate the 2023 data breach which compromised 7 million 23andMe  accounts. The firm uses clients’ DNA to help them locate relatives and trace their family tree. This information could also be used for surveillance and discriminatory purposes.

Today, I received an email from Ticketmaster saying that between  April 2 – May 18, 2024, “an unauthorized third party obtained information from a cloud database that may have included your [my] name, basic contact information, and payment card information such as encrypted credit or debit card numbers and expiration dates.”

These are but a few of the bigger headlines. Every day, new stories are pushed to my phone, including a recent one about cybercriminals coming after Apple products because of their widespread adoption. In this case, convincingly smishing SMS messages prompt recipients to click a link and sign into their iCloud accounts. From there, grief ensues.

The biggest story, however, is not the increasing number of successful cybersecurity attacks, but the escalating impact on organisations and individuals.

Although the money spent in detecting and remediating the problem is not insignificant, companies are more greatly impacted by the downtime and, in some cases, the hit to their brand reputation. As we have said in previous posts, unless you are able to respond quickly to customer concerns, get your business up and running again promptly, and can assist your customers in addressing problems created by the breach, you risk losing customers, and reduce your ability to attract new ones.

On average, breached Canadian firms lose 8 – 10% of their customers within three months and find that their client acquisition costs increase by as much as 50% in the year following a successful attack. A small percentage of firms are never able to fully restore their data and are forced to close their doors.

Do not let this happen to you. Remember to…

• Protect your cloud, edge, network and endpoints.

• Use MFA on all devices and adopt a least privilege approach to user access.

• Have a breach readiness plan in place.

• Backup your data, operating systems and network configurations – and practice restoring from bare metal, from time to time.

• Ensure employees are trained on, and regularly reminded about, security protocols.

These are some of the key steps. For others, please feel free to reach out to us at : [email protected], or call 1.877.238.9944.