Organizations that don’t adapt to the “treacherous” cybersecurity landscape will be ambushed “by blind spots all over their network,” according to cloud security company CEO Aviatrix Doug Merritt.
Recent attacks on major brands like AT&T, North Face and Cartier highlight what cyber criminals are capable of today, “particularly with the increased adoption of artificial intelligence,” Merritt said.
Amy Bunn, online safety advocate at computer security company McAfee, described the attacks on major service providers such as airlines and insurance companies as “a clear reminder of how prolific and sophisticated today’s cyberattacks are.”
CYBERATTACK HITS MAJOR AIRLINE, UP TO 6M CUSTOMER PROFILES EXPOSED
While Bunn said airlines are a “prime target” given that an immense amount of sensitive information is stored in one place, every industry is vulnerable.
“From healthcare and finance to retail and tech, attackers are constantly looking for weak spots to exploit, knowing how valuable consumer data is,” Bunn said. “Cybercriminals can use this treasure trove of sensitive information to impersonate people and commit fraud with stolen identities, or they may package and sell personal data on the dark web to the highest bidder.”
Hawaiian Airlines and Australian carrier Qantas were hit with different cyberattacks within a week of each other. Hawaiian was hit at the end of June, followed by Qantas in early July.
The attacks came around the same time the FBI posted on X that the cybercrime group “Scattered Spider” was “expanding its targeting to include the airline sector.”
Aflac also warned last month that bad actors may have stolen the personal data of its U.S. customers after the insurance provider was the latest hit in an ongoing hacking spree targeting the insurance industry.
The crux of the issue, according to Merritt, is cloud security, which he said is a “fundamental paradigm shift that most organizations haven’t fully recognized.”
NOTORIOUS HACKER GROUP SETS SIGHTS ON AIRLINE INDUSTRY IN ALARMING SECURITY THREAT
Today, hackers have even more ways to infiltrate a network, according to Merritt.
Previously, most data stayed inside a secure company network. Now, data moves across the open internet, which means hackers have the opportunity to intercept it, Merritt said, adding that many organizations are leaving 50% to 80% of their systems exposed “by failing to properly secure cloud workload communications.”
The issue stems from three critical changes in how computing works today, Merritt said. For example, he said if a company’s app pulls something from the cloud, it uses the public internet, not a controlled private network.
The traditional security perimeter hasn’t disappeared. But instead of protecting a few entry points, companies face thousands or even hundreds of thousands of entry points, many of which are connected to the internet, and can be intercepted by hackers, Merritt said.
“This is the new battlefield organizations will have to traverse if they want to stay ahead of bad actors looking to exploit weaknesses in cloud security,” Merritt said.
This underscores why it’s critical that consumers also ensure they are taking steps to protect themselves, according to Bunn, who specified that “staying safe online isn’t just up to companies.”
“Even if you weren’t directly impacted by a breach, your data could still be exposed and used in phishing scams or identity theft,” Bunn said.
To help avoid this, Bunn suggested consumers use strong and unique passwords and to turn on two-factor authentication if possible. It is also important to be cautious about engaging with unexpected texts or emails that ask for personal information and to use tools to help spot risky links or messages before they cause harm.
Read the full article here
