1. Alibaba

Date: November 2019

Scale: 1.1 billion users

For nearly eight-month, a team of programmer and a marketer scraped users’ data consisted of usernames and mobile numbers from Taobao (the Alibaba Chinese e-commerce site), using their custom-built crawler. Though, as appeared later, the developer and his employer were gathering data for their own use and did not sell it on the black market, both got three years prison sentences.

2. LinkedIn

Date: June 2021

Scale: 700 million users

June 2021, employees of a famous professional social network spotted account information of 700 million of its users on a dark web forum. By that time, it was more than 90% of its user base. Later on, a hacker, also known as “God User”, boasted that he has sold the full LinkedIn customer database on a black market.

3. Facebook

Date: April 2019

Scale: 533 million users

April 2019, two dumps of Facebook apps information were detected. The data included phone numbers, account names, and Facebook IDs of 530 million users. Two years later the same data was posted for free, revealing a new criminal threat.

Let’s now take a closer look at the consequences that companies are challenged in case of cyber security breaches.

Business paralysis

An attack on your computer network may paralyze your business or force you to shut down some of its parts just to make sure criminals can no longer access your data.

Your priorities in this case would be investigation of the breach point and getting your systems back online. Obviously, for some time you might be unable to do business as usual, experiencing a production decline.

Fixing costs and regulatory penalties

Getting back on foot is only your first challenge. Contacting customers with breach notification is an expensive and time-consuming matter by itself. But if the incident is serious, you might face the need of setting helpdesks and additional account check-ups. Fines and legal suits for GDPR (General Data Protection Regulation) violation can be a cherry on the cake.

Customer outflow

Last but certainly not least, the breach case can hit you hard in the long-term prospective. If the reputational damage is substantial, you might lose your customers’ trust and see them going. As of CISO’s Benchmark Report 2020, 30% of companies experienced reputational damage as a result of a data breach

Now, when we know all the risks of neglecting your company’s cyber safety it’s time to talk about security strategies.

Plant a Security Culture

Your company leaders should be aware and active in spreading the word about the importance of cyber security across all teams. We are especially talking about the departments that are vulnerable to cyber security threats. Ideally, your security team should give regular updates to the department managers on their actions in case of attack.

Check Your Suppliers

Hackers can use your suppliers’ or smaller third-party vendors’ vulnerabilities to get into the heart of your system. To prevent that you must challenge your suppliers with the following questions. How solid is their security? Do they have appropriate certifications or security verifications?

Be Prepared

Companies should periodically test their vulnerability and have a standard security routine for when an attack happens. There are certain questions you should approach your existing defense with. How soon is the security team aware of the attack? Does your defense system slow the hacker down, giving your team time to react? Are your networks segregated enough to complicate the attacker’s advance?

Monitor the Attack

Once an intruder has a foothold within the system, it is crucial that your security team can monitor all abnormal behavior and follow the breadcrumbs of attacks in real time. There will be a break when the attacker has finalized the intrusion and is working on his next steps; this is your opportunity for respond actions.

When we talk about modern business — we must embrace its vulnerability. In simple words it is always under cyber threat. Sophisticated and always up-to-date cyber defense is a must for today’s business as well as understanding that the “way in” for attackers is never static.