It’s the summer of steals, not the summer of deals, for businesses suffering cyber breaches.
That’s because, as the world goes digital, fraudsters are constantly probing modern, multifaceted attack surfaces for vulnerabilities.
But with the news Tuesday (July 2) that auto dealership software provider CDK Global has “substantially all” of its car dealership customers back online with their management systems, about two weeks after the company’s systems were taken down by hackers, it’s increasingly vital for companies to batten up defenses while establishing a best-practice post-incident response plan.
Read more: CDK Fallout Continues as Car Dealers Go Old School
Data extortion and ransomware attacks have had a substantial impact on businesses and marketplaces during the first half of 2024, with the February cyberattack on UnitedHealth Group’s Change Healthcare unit capturing headlines at the start of the year, with other attacks on Dell and Microsoft also causing waves across the marketplace.
Microsoft, for its part, announced that it will start holding its executives accountable for cybersecurity by withholding at least a portion of compensation going forward, unless executives meet security goals and metrics.
But as the year went on, cyberattacks have only ramped up, with several occurring in just the past week beyond just the CDK breach.
On Wednesday (June 26), Arkansas-based Evolve Bank & Trust publicly confirmed news that a ransomware gang had hacked the bank and was posting customer data on the dark web.
On June 24, retailer Neiman Marcus notified customers of a data breach that affected 64,472 people. The company said the “external system breach (hacking)” occurred on April 14 and was discovered on May 24.
Earlier, on June 10, it was announced that a “significant volume of data” was stolen from at least 165 customers of multi-cloud data warehousing platform Snowflake, with the incident thought to be linked to earlier massive data breaches at Ticketmaster and Santander Bank; while the City of Cleveland suffered its own cyberattack on June 9, forcing it to shut down its IT systems and citizen-facing services.
In the U.K, the operations at a group of London hospitals were disrupted after lab services provider Synnovis was targeted by a ransomware attack on June 3. The hospitals cancelled operations and tests, declaring the attack a critical incident, and the National Health Service (NHS) issued a call for O blood-type donors, because the IT attack meant the affected hospitals could not match patients’ blood at the same frequency as usual.
News also broke June 4 that TikTok was dealing with a recent security breach when hackers targeted well-known brands and celebrities on the platform.
The attacks have sparked concerns that bad actors and criminal ransomware gangs may be deliberately targeting businesses whose customers and end users would suffer greatly from the ongoing and extended disruptions to business, in an effort to exert more pressure on these organizations to pay a ransom.
Read more: As Data Breaches Proliferate, New NIST Playbook Offers Recovery Tactics
This heightened emphasis on cybersecurity coincides with a broader debate surrounding data security in the connected economy, particularly in connected workplaces and smart homes, where the growing use of connected devices highlight new vulnerabilities, given the vast amounts of personal data they gather.
The PYMNTS Intelligence report “Fraud Management in Online Transactions” found that most eCommerce merchants suffered cyberattacks or data breaches in the past year. Eighty-two percent of such businesses saw an attack in that time, and 47% said the breaches resulted in both lost revenue and lost customers.
“It is essentially an adversarial game; criminals are out to make money, and the financial community needs to curtail that activity. What’s different now is that both sides are armed with some really impressive technology,” Michael Shearer, chief solutions officer at Hawk AI, told PYMNTS. “On the automation side, it’s all about data. It’s all about organizing and connecting your data together, understanding the signals that you have so you can build a richer context and make better decisions. But you’ve got to have that information there, and you’ve got to connect it together. That’s step one.”