Threat Thursday: Haunted by Breaches
October is National Cybersecurity Awareness Month, a global initiative to promote better security hygiene and raise awareness on the growing problem that is cyber threats. We at Ivanti are proud to support this mission with dedicated IT security events and content.
Ivanti, along with our partners, held the first-ever Cybersecurity Virtual Event on October 23. Click the link to view seven on-demand sessions from Forrester, CrowdStrike, Morphisec, Kenna Security, Lynx and Ivanti. These are free insights designed to help you better your security posture, understand your level of risk, and work more efficiently.
I was happy to participate in a panel with fellow CISOs from Sirius Computer Systems and LifeScan, along with the CEO of Secuvant. We shared our knowledge on the current state of IT security, what the future will hold for global IT teams, and the areas you should start investing in to prepare for the next wave of cyberattacks.
Now onto the real meat of this post. Let’s start with the breaches and threats we're tracking this October.
A Hotel Breach that Could Haunt You
I couldn’t make it through this post without dropping a Halloween-related pun. But, I might not be too far off. Best Western and other hotels are dealing with the aftermath of a data breach affecting guests at some of their properties.
According to siliconangle.com, hackers exposed a database containing names, DOBs, addresses, phone numbers and more, owned by Best Western International Inc. Among the victims are high ranking U.S. military officials. Researchers point to misconfigured security settings and a complete lack of data security related to the cloud-hosted database.
Remember Collection #1 and Collection #2? These two data dumps made headlines early in 2019. The mastermind behind those breaches is claiming responsibility for hacking into more than 200 million Zynga accounts belonging to Android and iOS users.
This again appears to be the work of Gnosticplayers, the same hacker who, according to ZDnet, is shopping the personal data of 932 million users, from more than 30 companies.
Now, Forbes.com reports that Gnosticplayers claims to have accessed the Words With Friends database, stealing names, email addresses, login IDs, hashed (SHA1 with salt) passwords, reset tokens, phone numbers, account IDs and Facebook IDs.
The breach affects those who registered accounts before September 3, 2019. Forbes reports that players of Draw Something and OMGPOP may also be victims of this breach.
Breaches and Brand Loyalty
So how likely are you to keep playing Words With Friends or stay at a Best Western International property? The data says these breaches don’t really mean much to the long-term financial health of the organizations who fall victim to these attacks.
The Ping Identity 2019 Consumer Survey: Trust and Accountability in the Era of Breaches and Data Misuse, paints this picture:
- 81% of respondents say they would stop engaging with a brand online after a data breach
- 63% expect companies to protect their data
- 27% say a data breach would deter them from using that brand’s products
Ok, pretty standard stuff. But according to statistics published in the Harvard Business Review, major retailers and consumer organizations don’t feel the fallout.
Take the Home Depot data breach for example: 65 million credit and debit accounts breached. Home Depot stock slipped slightly after the news, but investors saw earnings increase by 21% in Q3 of 2014.
Target’s 2013 data breach hit right around the holidays. Their stock dipped by 10%, but then went on to experience the highest percentage regain in five years.
While we aren’t thrilled when these companies are hacked, or are careless with our data, consumers apparently aren’t phased enough to take their dollars elsewhere.
My Way or the Huawei
In another case of users going to great lengths to get what they want, it appears that owners of Huawei’s new handset are giving up access to their devices to a random Chinese website just so they can download some popular Google apps.
American companies are currently prohibited from doing business with Huawei – all part of a continued trade war between the White House and the Chinese Government. That means that apps usually preloaded on Android phones aren’t on newer Huawei devices.
According to an article on Ars Technica, some Huawei Mate 30 Pro users are utilizing workarounds to get apps like Play Store, Google Maps, Gmail, Chrome, YouTube and more. Some are even granting a Chinese website unrestricted remote access to their devices to a Chinese website in exchange for system-level permissions needed to install the apps. But little is known about the website in question, the owners of the site, or what their future plans might be with all these devices they now have an established backdoor into.
My Phone is Broken, So I Need a Day Off
Sticking with mobile trends, a new survey reveals just how big a problem mobile productivity issues are to the bottom line of your business.
The details are published in ComputerWorld. Here are a few stats:
- 37% of users who had mobile issues reported taking at least one day off due to the stress of not being able to do their job, up from 16% last year
- 63% of those surveyed said it took between 30-180 minutes to resolve their mobile issue
- 96% of IT workers surveyed say they have MDM/EMM tools in place
- But only 2% of those say they have all the analytics needed to effectively manage those devices
Think about that. 180 minutes. Three hours of time wasted. With 51% of workers reporting one or more serious mobile issues monthly, that’s a lot of lost productivity.
Also, did you see the first point of that survey? Mobile issues are apparently so frustrating and stressful to workers, that they’re taking time off to recover. Wild!
All this adds up to employers. My takeaway is to step up your MDM/EMM and offer more support to users dealing with issues on their devices. You might save the company some serious time and money.
Be sure to register for our monthly Threat Thursday webinar series, where I and Director of Product Management for Security, Chris Goettl, go in-depth into the threats impacting global IT teams and offer our recommendations to stay protected.