As technology allows us to do more online, it also leaves us vulnerable to cyberattacks. The internet has evolved since its inception and understanding and monitoring cybercrime as it progresses is critical for every organization’s security. Institutions across all industries are affected by this problem — especially those who have some sort of personal, financial or medical data on their servers.
Any company with a website, cloud storage, online point of sale or any sort of cyber infrastructure is at a potential risk for an attack. As a result, businesses large and small, banks, other financial organizations, institutions of higher education, telecommunications agencies and groups in the healthcare industry are all being forced to pay increased attention to cybersecurity.
Overseeing cybersecurity threats is becoming more difficult as software systems grow older and lose the flexibility to support the needs of modern businesses. According to a report released last month by the Identity Theft Resource Center, the number of U.S. data breaches tracked so far in 2016 has already reached 708 and exposed over 28 million records. While the healthcare sector accounted for nearly half of the breaches at 47.2 percent, examples from across various industries illustrate the need for decision-makers to be aware of this developing issue in order to protect themselves and their customers from harm.
In February of 2014, more than 300,000 personal records for faculty and students who had received identification cards at the University of Maryland were compromised in a computer security breach. According to the university, the records dated back to 1998 and included “name, Social Security number, date of birth and university identification number. No financial, academic, contact or health information was compromised.” While the university referred to the breach as “sophisticated,” a month later, a hacker claiming to be a whistleblower replicated the breach and posted a university official’s personal information on Reddit. Later that year, state auditors found that the campus network remained vulnerable to hackers — in part because gaps in legacy software they previously identified still remained.
Anthem, the nation’s second-largest health insurance company, reported in February 2015 that the protected health information of nearly 80 million patients was breached during a massive cyberattack. The attack — in which hackers stole the names, dates of birth, member ID numbers, Social Security numbers, addresses, phone numbers, email addresses and employment information of 78.8 million current and former members and employees — is the largest data breach in the healthcare industry to date.
In 2015, Target agreed to pay a $39 million settlement with several U.S. banks, a $67 million settlement with Visa and a $10 million federal class action lawsuit brought on by customers over their 2013 data breach that affected nearly 70 million customers. During the attack, hackers stole credit and debit card data by installing malicious software on point-of-sale (POS) devices in the checkout lines at Target stores. The company’s CEO and CIO both resigned in the wake of this massive breach. Unfortunately, the Target breach was just the beginning of a series of massive retail data assaults that would expose critical weaknesses in enterprise data security and payment systems.
Orange, a French multinational telecommunications corporation, had their customer portal hacked twice in three months in 2014. The personal data of 1.3 million users — including email addresses, passwords, addresses and phone numbers — was stolen during the breaches. To make matters worse, user reports on Facebook suggest that the compromised data has already been misused by cybercriminals for phishing purposes.
A cyberattack on JPMorgan Chase compromised the accounts of 76 million households and seven million small businesses in 2014. As the largest bank in the United States, JPMorgan Chase has financial information in its computer systems that goes beyond customers’ credit card details and potentially includes more sensitive data. Hackers gained access to the names, addresses, phone numbers and emails of JPMorgan account holders, but even if customer financial information wasn’t taken, the apparent breadth and depth of the JPMorgan Chase attack illustrates how vulnerable banks and other financial institutions are to cybercrime.
In the end, it is vital that IT systems across all sectors are modernized and prepared to mitigate this issue and need to be ready in order to effectively protect their customers and themselves from cyberattacks. Breaches across various business sectors are proving to not only be expensive, but dangerous, as well. Therefore, it is crucial to modernize legacy systems in order to protect customers as best as possible.
With our expertise, businesses across all sectors will be able to better protect information thereby avoiding harmful data breaches. At Morphis, we provide coherent and effective solutions for modernizing legacy applications. Our modernization approach eliminates risk while saving our clients time and money. Contact us to find out how we can help you.