Once upon a time…
Former FBI Director Robert Mueller once said, “There are only two types of companies: those that have been hacked and those that will be.” With about 350,000 new malware threats released daily and nearly one cyber attack occurring every 39 seconds, safeguarding data has been thrust upon business owners and executives as a top business priority. Undergoing a comprehensive technology assessment is recommended as the best place to start. An assessment not only helps you map out a plan to prepare and protect your business from the inevitable, but it exposes weaknesses in current IT infrastructure and identifies areas for remediation before malicious actors exploit vulnerabilities.
You know that with cybersecurity, an ounce of prevention is worth a pound of cure. You also know you need far more than a single ounce of protection from ransomware, malware, breaches and whatever cyber criminals will come up with next. Doing business safely today requires comprehensive services that wrap your company in protection and prepare your response when issues arise. Still on the fence about whether or not you should increase your cybersecurity budget? Let’s see if this horrific tale about a company that chose to poorly invest in their security changes your mind.
This Is the Horror Story of the 2022 Uber Security Breach
WARNING: Reading this may result in utter shock, loss of words and the uncontrollable urge to KILL (your existing cybersecurity budget) and replace it with a newer, bigger, better version. Read on if you dare…
It was a dark and stormy night (probably) when the attack occurred. A cybercrime organization known as LAPSUS$ crept in silently, using multi-factor authentication (MFA) fatigue for a covert attack. This particular organized crime unit likely purchased credentials on the dark web for an Uber account and made several attempts to log in, sending an MFA request to the actual account owner each time. What happened next will leave you shaking in your boots: The account owner accepted the MFA requests and once the attacker was let in, pandemonium struck.
LAPSUS$ gained access to additional employee accounts of varying levels of privilege, as well as elevated permissions to Google Workspace and Slack. The attacker then posted a message to a company-wide Slack channel and reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites. We can only guess as to what the image portrayed, but rumors are stirring that it was a selfie taken by a rather attractive skeleton of his (or her) smiling skull. Or something like that. Again, we’re only guessing so don’t take our word for it.
For the actual details of what was contained in the graphic image, you’ll have to visit the Uber Newsroom for a security update. Afterall, what’s a horror story without a good cliffhanger?
If a Fortune 500 Company Like Uber is Vulnerable, What Hope Do Smaller Companies Have?
None. All hope is lost. Pack up everything that’s important to you and high-tail it out of there, NOW. Go, save yourselves before the attacker can find you – hurry! Just kidding.
Investing wisely in your cybersecurity budget is key. With collaborative business and technology consulting, you’ll have the clarity to take your business and your budget to the next level.
According to a recent Deloitte study on cybersecurity, the average company will spend somewhere between 6 and 14 percent of their annual IT budget on cybersecurity. Depending on the costs necessary to recover from a malicious phishing or malware attack, those percentages may not be high enough. A simple ransomware attack can cost businesses an average of $1.85 million to recover what was stolen according to statistics provided by Cloudwards and even with paying the price, most only receive up to 65 percent of their data back. So what can you do as a smaller company?
Ultimately, strong company-wide cybersecurity operations can build trust within companies, stakeholders and consumers, becoming a competitive differentiator. The expenses you front for cybersecurity today will strengthen your systems and should be thought of as an investment into future business models. Great cybersecurity measures involve:
- Creating an IT security roadmap.
- Ensuring compliance.
- Safeguarding data and valuable assets.
- Building resilience with a business continuity plan.
In an always-changing threat landscape, protecting your company is an ongoing concern. You deserve customized, risk-based security solutions. Invest in your cybersecurity budget and harden your defenses against cyberattacks. While important, the amount you spend on your budget isn’t the sole determining factor for the security of your business; How and where the budget goes, is what is becoming increasingly important.
Let Uber Be a Lesson: Spend More to Save More
How costly are the skeletons in your closet (or computer)? Gartner has estimated that spending on information security and risk management will total $172 billion in 2022, up from $155 billion in 2021 and $137 billion the year before. So what does this mean for your business? Spending more to tighten up cybersecurity efforts can not only protect you from the cyber boogeyman, but also save you money on:
- Regulatory fines.
- Reputational damage.
- Legal costs.
- Operational downtime (Gartner reports an average cost of $5,600/minute during IT downtime).
- Having to do IT all alone.
Don’t be like Uber and wait until after your business has been attacked to invest more in defending yourself.
This Tale Has a Happy Ending
As with all great horror stories (or most of them at least), the hero inevitably triumphs and uses their knowledge and expertise to combat evil and do away with any would-be attackers. So who will be the hero of your story? Increasing your cybersecurity budget to account for hiring a professional team of technology and security consultants to assess, troubleshoot and provide ongoing support for the protection of your business saves you time and money.
Don’t spend another minute running from the cyber boogeyman. With Afidence, you can count on us to protect your business with best security practices and help you move forward with a scalable and practical roadmap. Contact us today and save yourself from the horrors of malware, phishing attacks and ransomware.
The end.