When it comes to protecting against cyberattacks, even the professionals that we rely on to keep us safe can become victims. Such was the case recently with FireEye, a leading cybersecurity firm whose products have aided the investigation of attacks against government entities and top multinational corporations.
In a recent blog post, FireEye said it had suffered “an attack by a nation with top-tier offensive capabilities.” The post, which was quickly picked up by the New York Times, further noted that FireEye had coordinated their investigation with the FBI.
FireEye said cyber attackers made off with Red Team assessment tools. These tools mimic the behavior of malware used by many hackers and cybercrime organizations. FireEye uses them to assist their clients in identifying vulnerabilities in their network security systems. The fear is that these sophisticated tools will now be used by malicious actors to attack the people they were designed to protect.
That’s precisely what happened in 2016 when a group calling itself Shadow Brokers infiltrated the National Security Agency, stole various cyber weapons, and then posted them online. Attacks using some of these tools, and later attributed to Russian and North Korean attackers, targeted governments, hospitals, and business conglomerates and caused billions of dollars in damages.
Data Breaches Are a Chronic Problem
Cyber attackers have leveraged a variety of tools in 2020 to target businesses and consumers. Federal authorities have highlighted imminent threats to healthcare infrastructure, a lucrative target because of the sensitivity of the data stored by healthcare professionals. But attacks on schools, financial firms and retailers illustrate just how widespread the problem has become.
The reliance of some large companies on third party vendors has also opened them up to attacks. 2020 has seen several breaches that exploit much weaker third-party security in an effort to gain access to bigger targets. Here are just a few examples:
- Instagram, YouTube and TikTok: Attackers targeted leading social media sites through a now-defunct data broker named DeepSocial. More than 235 million records were breached, including usernames and contact information.
- General Electric: Attackers gained access to personal information and protected health information on more than 200,000 current and former employees through third-party human resources vendor Canon Business Process Services.
- Marriott: More than 5.2 million customer records, including names, birthdays, telephone numbers, and loyalty numbers, were breached after employees of a franchise had their corporate credentials hacked. Marriott also suffered a breach in 2018.
- Health Share of Oregon: More than 650,000 patient records containing Medicaid data were exposed when burglars stole a laptop from the office of a contractor.
Securing Your Data In-House and In Transit
One of the main penetration points for cyberattacks remains external and USB flash drives. Personal, business, and healthcare data needs to be portable as well as secure. Many companies rely on third-party vendors or contractors who transfer sensitive data back and forth between home and work. That data is at risk if a drive gets lost or stolen.
Portable storage devices can also be vehicles for transmitting malware and ransomware. Once infected on your home or personal computer, the drive can spread that virus across an entire computer network with the click of your mouse. Securing portable storage is a critical component to protecting yourself from cyber attacks.
SecureData offers a range of portable storage options that hold up to the most rigorous demands for data security while giving you the portability that today’s business operations require. Our award-winning SecureDrive® BT and SecureUSB® BT devices feature hardware encryption, remote wipe, multi-factor authentication, and come preloaded with one year of free DriveSecurity® ESET antivirus protection.
A Our Remote Management (RM) gives you even greater protection. Via the RM web console, administrators can remotely manage an unlimited number of SecureDrive® BT and SecureUSB® BT devices with features that include geo- and time-fencing, user logging and zero access to user data via the secure Bluetooth channel.