3 Lessons We Can Learn From Some of the Biggest Corporate Cybersecurity Fails

Learning from the mistakes made by others is a great way of sidestepping potential pitfalls in various contexts, from everyday social interactions to the high pressure world of corporate cybersecurity.

With the threat of breaches on the increase, organizations of all sizes need to face up to the risks involved in using digital, connected services to do business today.

To that end, here are just a few lessons worth learning based on the failures of other businesses that have hit the headlines and generated debate in the past.

Remote work requires a new approach to security

2020 has been a year of adaptation for thousands of businesses, with plenty of firms choosing to embrace remote working opportunities so that employees can remain productive whether they are stuck at home, on the move or being deployed to a different part of the office than usual.

However, the risk of breaches occurring is becoming more significant because remote working brings with it far more points of vulnerability. Rather than every user being connected in-house via the same network over which the organization has direct control, they are relying on home internet access and even public hotspots to sign into mission-critical systems and collaborate with colleagues.

Security flaws in popular remote working tools have also emerged recently, hence the need for a switch to secure file server setups which are robustly protected from a whole host of threats while also being perfectly pitched to cope with the rigors of remote work. It is also important to consider investing in cybersecurity training of your employees so they don’t fall victims to fishing, social engineering and other methods of used by hackers to do a breach. 

Access control is key

One of the most embarrassing blunders in the history of corporate cybersecurity hit online auction giant eBay back in 2014. It emerged that hackers had been able to siphon off private details relating to almost 150 million users, all without being detected for over seven months.

This was possible because the malicious infiltrators had managed to purloin the login details of eBay employees, which in turn granted them unprecedented access to internal stores of sensitive data.

The takeaway from this incident is that eBay should have put stricter measures in place to ensure that employees were not given free rein over internal systems, with access management becoming a priority for many businesses in the wake of this debacle.

Experience and expertise should be hiring priorities

When credit bureau Equifax admitted in 2017 that cybercriminals had stolen payment card details relating to hundreds of thousands of customers, in addition to account info from tens of millions more users, the story spread like wildfire. This scandal was intensified by the fact that the person responsible for stewarding their security efforts was not exactly qualified for the role.

The upshot is that any business which wants to keep customer information safe should only hire security experts with the right education, training and prior experience.

Making sure that employees are also up to date on the best practices relating to cybersecurity is also essential, whether you are running a multinational corporation or a small business. This is perhaps the most important lesson to learn from the failures of other firms.