Other organization’s cyber incidents can provide important lessons learned regarding the importance of protecting data from cyber danger. Our Cyber Roundups break down recent cyber incidents by data breaches, disruptions to workflow, or direct financial loss to our core client markets: City or county government, K-12 school districts, and universities and colleges.

Data Breaches

Data Breaches can occur through several different means: phishing attacks, network intrusions, and accidental data disclosures. Data breach notification laws protect consumers because organizations are required to notify those affected by PII/sensitive data record loss (normally in excess of 500 persons affected).  Expect to find the number of records estimated to be stolen listed in this category.

In November 2017, 700 patients of the Cook County Health and Hospitals System had their information compromised through an accidental disclosure.

Disruptions

There are times when an organization is forced to take their operations offline due to a security incident. These disruptions directly impact customers and brand reputation. One of the most prominent disruptions is when ransomware, a form of malware, blocks access to some or all files on the network.

In Oceanside, CA, the city was forced to shut down its online bill pay system after many residents reported unauthorized charges on the credit cards used for their city bill pay accounts.

Financial Loss

There are a couple of ways organizations can lose cash due to phishing. One way is e-mail based wire transfer fraud known as business e-mail compromise (BEC).  Raise your awareness with this PSA on common BEC schemes from the Internet Crime Complaint Center. Businesses also lose money through ransomware. Files are locked and a ransom is demanded to retrieve the files.

Dorchester School District 2 in Dorchester, SC paid a $2,900 ransom to have the data on 25 servers decrypted after a ransomware attack.

Our goal is to showcase incidents that are relatable and helpful to most organizations. Note that some of these cyber incidents could have been prevented by employee awareness.

How You Can Use These Stories

These Cyber Roundup stories can be used as a teaching tool.

Take a story that is relatable and show what a similar incident might look like in your organization.  Here is a risk calculator to aid in determining what the breach might cost:

http://www.privacyrisksadvisors.com/data-breach-toolkit/data-breach-calculators/

This similar organization had a data breach last year where they had their servers locked down due to ransomware. The organization was forced to shut down online and in-office operations for X days. The organization ended up paying $X in ransom to the hackers to release their files and, additionally, lost $X in productivity. If something similar happened in our organization, it could cost us almost ___$$___.”  In this case, it was an employee who fell for a phishing e-mail that released ransomware on the network. Awareness around phishing can protect our data and save our organization a lot of money!

The most current Cyber Roundups can be found here.

These are updated every six months, so be on the lookout for fresh cyber security stories!