Cybercrime has been a constant thorn in companies’ side ever since the internet reshaped how we do business. The intensity of cyberattacks keeps increasing while attackers grow bolder and more sophisticated. Even so, you can learn much from studying past incidents and taking the lessons they offer to heart.
No one knows to which extent cybercrime has damaged individuals, enterprises, and countries worldwide. Even the examples we outline are just some of the most famous in a sea of regrettable incidents.
Hopefully, the severity and diversity of the cases we outlined will be incentive enough for you to take action and shore up your business’s cyber defenses.
Five Cases You Should Be Aware Of
Here are five hand-picked cybercrime incidents. Each is a unique cautionary tale that can help you avoid making similar mistakes.
Mariott Hotel data breach
The globally popular hotel chain was the victim of a data breach that compromised more than half a billion pieces of personally identifiable information. Apart from its scope, this case is also noteworthy due to how long it took to uncover. It turns out that the vulnerabilities responsible for the breach affected Mariott’s networks for years.
Sadly, it didn’t end there. Another breach struck the company in 2020. It affected more than five million guests. Not even that was enough to learn the lesson since hackers got away with gigabytes’ worth of payment information two years after that.
Creative software giant Adobe had its own data breach woes in 2013. By that time, they had recently switched from a fixed price to a monthly subscription model. Users who wanted to continue receiving updates needed to provide billing information. Hackers managed to steal personal info and billing details of close to 3 million accounts.
That wasn’t the full extent. The company later admitted the breach affected close to 40 million accounts. Thankfully, PII theft affected only the original batch. The hackers didn’t just target account information. They stole part of the source code for Photoshop and Acrobat Reader, two of Adobe’s most popular products.
Costa Rica ransomware attack
Cybercriminals don’t limit themselves to companies alone. Finland and Ukraine are famous earlier examples, but the latest incident occurred in Costa Rica in 2022. A hacker collective known as the Conti Group crippled some of the nation’s most sensitive institutions. They included several ministries and the National Social Security Fund.
The situation escalated to the point that the president declared a national emergency. Affected parties had to shut whole networks down, and Costa Rica sought international help to resolve the crisis. Conti demanded a $10m ransom to cease the attacks. The Costa Rican government counted losses at $30 million per day. As if that wasn’t enough, another attack hit the country a month later.
General Electric malicious insider incident
The biggest threats sometimes come from within, as GE got to experience in 2020. Two employees convinced an administrator to give them greater access privileges. This allowed them to copy and save documents that contained various company secrets. Ways to efficiently calibrate turbines were among them.
One of the offenders used this information to establish a rival company that offered the same calibration service. He used his position to undercut GM and steal contracts away from the company. Both were eventually caught and had to pay restitution.
Ubiquity Network spear phishing attack
Exploiting weaknesses in a company’s cybersecurity isn’t necessary if you know the right social engineering tricks. Tech company Ubiquity Network learned this the hard way when a finance department employee wired more than $46 million to accounts based in China, Russia, and Hungary.
They were fooled by a sophisticated spear phishing campaign. Hackers obtained enough information on Ubiquity Network’s lawyer and CEO to successfully impersonate them via email. The victim didn’t see through this and ended up causing severe financial and reputational damage.
Serious cybercriminals are organized, intelligent, and determined. However, we want to focus on the fact that the victims in each example could have prevented them from happening had their cybersecurity precautions been firmer.
The Mariott incident demonstrates the importance of maintaining your networks and performing inspections. We don’t know whether better security measures would have prevented the attack. However, it’s obvious regular audits would have revealed suspicious activities much earlier.
Adobe is a good example of poor incident response. They implemented a monumental payment shift and didn’t account for the resulting vulnerabilities. Their PR mishandled informing the public about the incident’s full extent, causing another reputation hit.
Neither Adobe nor General Electric would have suffered as much if they’d implemented more robust file protection. A simple user hierarchy that prevents or restricts unauthorized access would have been enough. Tiered access and automatic data encryption are common features business cloud storage providers offer at attractive prices to far smaller companies. Therefore, giants like these two have no excuses.
Costa Rica reminds us how complacency is among cybersecurity’s greatest threats. Just like the small Central American country, many SMBs don’t invest enough in protecting their digital assets. Their leadership usually feels like there’s nothing to target but may be surprised by the consequences.
Finally, there’s Unity Network. The person responsible for their losses didn’t possess a sufficient degree of cyber threat literacy to prevent them. Regularly conducting company-wide cybersecurity training and keeping up with new threat developments is the best way to ensure employees don’t become unwitting accomplices.