Are you a bargain hunter? Then the 29th of November is probably circled in red on your calendar. Black Friday is unquestionably one of the most important retail days of the year – followed closely by Cyber Monday - to watch out for special offerings and big discounts. However, despite all the good deals calling out to you, make sure to check each deal carefully. Not every offering is a real bargain and especially when shopping online cyber-criminals have become very creative in collecting sensitive data such as your name, contact details and credit card information to sell them to third-party vendors in the darknet. Fake websites that query all these data for purchase are just the tip of the iceberg. Even if you feel proficient it can still be difficult to differentiate between a company website and its deceptively genuine copy. Not only consumers are affected by cyber-attacks. Companies are also facing significantly rising security incidents. Moreover, these attacks can often run for a long time, hidden in an organization’s own network without being detected.
This is what recently happened to a Primary Health Organization (PHO) in New Zealand. On August 5, PHO Tū Ora Compass Health reported a cyber-attack to the authorities in New Zealand. All servers were taken offline and as soon as a data breach became certain, an official investigation started. That investigation revealed previous cyber-attacks that already started in 2016 and went on until March 2019. At Tū Ora Compass Health that provides essential primary healthcare coverage in New Zealand determined this data breach could have exposed medical data affecting up to 1 million people. We could also add other incidents to this list – such as Yahoo who faced several cyber-attacks for a period of 4 years which affected about 3 billion people.
There are myriad tools cyber-criminals use to break into an enterprise security system. These attacks often aim at damaging the reputation of an organization, causing financial loss and even causing damage to an entire industry. Once the damage is done it requires solid investment into a more secure infrastructure but most importantly, much more time to build up trust and confidence again. Preventative, professional and swift emergency expertise is crucial.