DELMAR- In a world economy that witnessed fewer cyber attacks in 2022 than in years before, security analysts are quick to point out that there is more to be concerned with than to celebrate.
There is business to be had and lost over securing personal information within corporate databases, financial institutions and hospital networks. Names, addresses, and credit card information go a long way in stealing someone’s identity.
According to a filing with the U.S. Securities and Exchange Commission, a “bad actor” stole personal information from approximately 37 million T-Mobile customers. The unidentified hacker, or hackers, started obtaining information last November through a single Application Programming Interface. It was the telecommunication company’s second compromise in less than 16 months. In 2021, the personal information of more than 50 million customers — including their social security numbers — was exposed to a hacker.
“While no information was obtained for impacted customers that would compromise the safety of customer accounts or finances, we want to be transparent with our customers and ensure they are aware,” the company shared in a statement released in January.
The data included names, addresses, emails and dates of birth. It also included account numbers, service plan features, and the number of lines under each account. T-Mobile said it plugged the hole within 24 hours of its discovery — a little more than a month after the leak started.
“When there is a declaration of breach, there’s a lot of additional impacts that organizations have to go through… including legal dealing with potential financial penalties, loss of business and an additional oversight needed,” said Dean Maloney, Business Intelligence Manager at GreyCastle Security. According to a recent report from IBM Cybersecurity, the average cost of a data breach reached $4.35 million last year, representing an all-time high.
GreyCastle Security is an industry leader in providing cybersecurity readiness solutions to its clients. The Troy-based company prepares and protects its customers from emerging cyber threats through the continuous availability of effective solutions. The company specializes in cybersecurity for healthcare, higher education, financial services, technology and critical infrastructure.
Last year was unique, Maloney and his colleagues said, in that the usual suspects within the hacking community were preoccupied with the war between Russia and Ukraine. The most noteworthy of events surrounded the first moments of the war, with Russian agents gaining control of the latter’s electrical grid, water supply and various control systems. Countries that stood against Russia’s invasion — such as the United States, the United Kingdom, and Canada — witnessed similar attempts on their infrastructure. But, in terms of the volume of cyber attacks, foreign hackers were either active participants or suffered from a lack of internet service as a result of the war.
What has not changed is the means by which most hackers gain access to networks: phishing and technical vulnerabilities.
“Phishing attacks still reign supreme,” Maloney said. “They’re still the leader and they have been for a long time.” He added that other observers have seen intrusive email attacks go down. His analysts disagree. There’s a growing number of cases in which hackers are finding kinks in the armor. “Really, the thing that I want to focus on is that growth and the exploited vulnerability.”
Breaches such as the one inflicted upon T-Mobile in January continue to grab headlines and alert companies that they need to remain vigilant with their respective security measures. However, GreyCastle Vice President Michael Stamas said, those holes continue to grow. Though the total cybersecurity workforce has grown over 11 percent in the past year, there’s a 26 percent increase in workforce gap. The gap is growing more than twice as fast as the size of the workforce, he said.
“So what this means is that there is still a significant risk,” Stamas said. “Talent is scarce. We’ve seen organizations generally lacking a roadmap to build resilient cybersecurity teams; instead focusing a lot of time, energy and money competing for a few, select cybersecurity all-stars.”
Information Technology stewards are faced with increasing occurrences of ransomware, to the point that the work has turned into a nefarious service industry. Hacking groups place an initial stranglehold on their victims, then proceed to ask for additional money by offering protection plans, all while maintaining a crippling hold on them.
A malware incident with Baptist Medical Center, a Texas-based healthcare provider, affected more than 1.24 million patients from two hospitals. When it was reported last June, it was the fourth largest breach posted on the Department of Health and Human Services’ HIPAA Breach Reporting Tool reporting website.
It’s now the ninth.
“It’s been said that personal data is more valuable than oil, if you will,” Maloney said. “And that’s a pretty compelling statement. I don’t think it’s far off.”
More legislative bodies are passing laws adding stringent regulations in attempts to protect personal data. Virginia, Colorado, California, Utah and Connecticut have all issued mandates that are to go into effect by the start of next year. As more states follow suit, Maloney said he expects Washington to establish more rules on the federal level.
In the coming months, GreyCastle predicts there will be more attacks on exploited vulnerabilities and more incidents of ransomware as a service. Attackers will get better at bypassing multifactor authentication, and open-source software repositories will continue to plague organizations.
“There’s no shortage of things to worry about from the cybersecurity perspective,” said Stamas. “We can make much better decisions… If we can truly align and understand what our top risks are.”