Try to go a single week without hearing about a major cybersecurity breach somewhere in the world. The worst part is no business is immune.
However, many breaches could be prevented through penetration testing. Simply having strong firewalls and the best possible network security protocols aren’t always enough.
You have to test to see what types of vulnerabilities hackers could exploit and how much damage they could do. To prove this point, let’s take a look at some of the major cybersecurity breaches of 2018 that penetration testing could have prevented.
Adidas Breach
In June 2018, Adidas had to announce that some of its customer data had been stolen. Email address, passwords and user names were all compromised. Luckily, no credit card details were exposed. The surprisingly limited details simply showcase the company’s confusion as to what happened and how. It’s a prime example of why penetration testing is a necessity. If Adidas had this in place, they would have known about the vulnerability before anyone could take advantage of it.
Ticketmaster Breach
In June 2018 (June was a very busy month for hackers), the UK side of Ticketmaster suffered a major cybersecurity breach. While it was fewer than 5% of the total customer base worldwide, it still affected tens of thousands of customers. Everything from passwords to payment details were stolen ranging from February to June of 2018.
While this may not immediately seem like a penetration testing issue, The Hacker News showcased the blame game between the compromised Inbenta Technologies chat client and Ticketmaster. According to Inbenta, a custom piece of JavaScript code was to blame (putting the blame back on Ticketmaster). Penetration testing could have uncovered this flaw as it was a known vulnerability used by hackers to upload malicious files.
Marriott Breach
You can’t create a list of preventable cybersecurity breaches of 2018 without mentioning one of the largest of all time. The Marriott breach is one of the most impressive breaches experts have seen thus far. With up to 500 million affected customers, it’s hard to realize that Marriott might have prevented the breach from occurring to begin with.
All types of customer data was exposed and Marriott is struggling to deal with the fallout. This breach actually began in 2014. Yet, the company didn’t find out about it until September 2018. Why? Regular penetration testing could have exposed the vulnerability. An ethical hacker could have noticed the way in and stopped the breach early on or before it even occurred.
Facebook Breach
Obviously, 2018 was a horrible year for Facebook and things didn’t get any better in September 2018 when the company had to announce its largest cybersecurity breach to date. Hackers were able to take advantage of a vulnerability in the View As feature code. This left up to 50 million accounts exposed to the hackers.
Consistent penetration testing could have uncovered this vulnerability long before hackers did. Doing this would have at least let Facebook go out on a good note for 2018.
Hova Health Breach
The Hova Health breach should serve as a warning to all healthcare providers and businesses in general. A single configuration error is all it takes to expose all stored data. For the telemedicine company in Mexico, a configuration error allowed public access to its database, which included over two million patient records and personal information.
No password was necessary to view anything in the database. Essentially, it was a hackers’ paradise. Sadly, penetration testing would have caught the configuration error and prevented all of this information from being public knowledge. Even worse is there are plenty of businesses right now who likely have at least some of their data misconfigured for unauthorized access.
British Airways Breach
British Airways announced that customers who purchased tickets between August and September 2018 may have had their data stolen thanks to a cybersecurity breach. This included both personal and financial details.
Security experts are comparing it to the Ticketmaster breach because they believe a third-party tool is to blame. The lesson to take away from this is to not only test your own systems, but any third-party tools too. As long as the tool connects to your system, it can serve as a point of entry. Penetration testing seeks entry from all angles, which could have prevented this nasty breach.
We’d love to live in a world where none of this ever happened, but cybersecurity breaches are a constant threat.
Contact us today to learn how we can help you keep your business off the major cybersecurity breach lists.
Image: Freepik