Safeguard Your Company Against Cyberattacks
Introduction
In recent times, the threat of data breaches has escalated at an alarming rate, posing a grave danger to companies worldwide. Unfortunately, this trend shows no signs of slowing down anytime soon. Cybercriminals have been successful in stealing sensitive company information and data, causing devastating effects on organizations across various sectors and sizes, resulting in millions of dollars in damages.
For instance, in the past year, T-Mobile, a leading mobile network provider, suffered a significant data breach, resulting in the company compensating customers with a hefty sum of $350 million. This unfortunate incident serves as a poignant reminder of the urgent need for businesses to take proactive measures to secure their networks, including the implementation of robust password policies and regular training to help employees recognize and evade phishing campaigns.
To put things into perspective, we have put together a list of notable data breaches and leaks that have occurred since January 1, 2022, based on the dates they were initially reported in the media.
Activision Breach
Call of Duty developer, Activision, has suffered a cybersecurity breach that has led to the theft of confidential employee data and release schedules from the company’s computer systems. The breach is believed to have taken place in early December 2022, but news of the attack only surfaced recently. According to reports, a phishing attack was used to obtain an employee’s login details, which were then used to gain unauthorized access to the system.
Atlassian Data Breach
A group of hackers known as “SiegedSec” have claimed responsibility for breaking into Atlassian’s systems and stealing staff data, including floor plans for the company’s offices in San Francisco and Sydney. The data extracted includes names, email addresses, staff departments, and other employment-related information. Initially, Atlassian blamed the office coordination platform, Envoy, for the breach, but later admitted that the hacking group acquired “an Atlassian employee’s credentials that had been mistakenly posted in a public repository by the employee.”
T-Mobile Data Breach
T-Mobile has fallen victim to yet another data breach, this time impacting approximately 37 million postpaid and prepaid customers whose data was accessed by hackers. Although the company discovered the issue on January 5th, 2023, the hackers had reportedly been exfiltrating data from T-Mobile’s systems since late November 2022.
As previously mentioned in this article’s introduction, T-Mobile has been the target of high-profile cyber attacks impacting millions of customers in the past. Following last year’s breach, in which 76 million customers had their data compromised, the company pledged to spend $150 million on upgrading its data security. However, this recent attack raises serious questions about the effectiveness of these security measures.
The Common Denominator
In all three data breaches mentioned above, the attackers were able to gain access to sensitive information by exploiting weaknesses in the management of employee credentials. In the case of the Activision breach, the attackers used a phishing attack to obtain an employee’s login credentials, which they then used to gain unauthorized access to the company’s computer systems. Similarly, in the Atlassian breach, the attackers were able to obtain an employee’s credentials that had been mistakenly posted in a public repository. Finally, in the T-Mobile breach, the attackers were able to gain access to customer data by exploiting vulnerabilities in the company’s systems and stealing login credentials.
These breaches highlight the importance of properly managing employee credentials and implementing strong security measures to protect against phishing attacks and other forms of cyber attacks. As companies become increasingly reliant on technology to conduct business, it is more important than ever to prioritize cybersecurity and ensure that employees are equipped with the necessary knowledge and tools to protect sensitive information.
Where MyPass fits in
MyPass provides comprehensive solutions to address the common problem of password-related issues and identity verification in organizations. MyPass SSPR offers a self-service password reset solution that enables users to securely authenticate themselves and generate new passwords for practically any type of corporate system, even from a locked PC outside the corporate network. This solution is not only efficient but also creates simple and secure guided processes to reduce helpdesk workload and risk.
By leveraging MyPass SSPR, organizations can improve their end-user service level, reduce the workload for their service desk manager and IT operations manager, and drive risk management through secure transactions. MyPass Password Manager supports various systems such as SAP, Oracle, IBM (z/OS, iSeries), Microsoft, Google, and many more. It also enables user security and choice by integrating different multi-factor authentication technologies such as Push notification, Q&A, SMS OTP, TOTP, and more.
In addition, MyPass (IVM) prevents social engineering methods such as voice-based hacking (vishing). IVM controls the entire verification process, instructing the service desk agent what questions to ask and what tests to perform, based on the user’s security profile. MyPass IVM, configured correctly, will follow the organization’s security hierarchy or security requirements. This solution is designed to cater to your security specifications from IT security and is implemented with different processes for your groups with different security profiles. These different tests for different groups must include many different items such as data, tokens, and even manager approval, where needed.
MyPass SSPR and MyPass IVM work together to provide a comprehensive solution to address password-related issues and identity verification in organizations. With these solutions, organizations can achieve high adoption rates, easy implementation, remote support, and multifactor authentication, resulting in increased end-user productivity, reduced helpdesk workload and risk, and real business value while driving down the costs associated with password management across a complex IT environment.
Manufacturing Company Relieves Overworked Helpdesk With MyPass
Slow and manual password resets an overworked helpdesk, and a small IT team looking after 1700 employees quickly causes over 100+ business hours lost every week.
See how MyPass SSPR with Password Synchronization across AD, Novell, IBM iSeries, and SAP, saved this manufacturing company time & money.
Conclusion
Data breaches are a serious threat to companies of all sizes, and the examples discussed in this article highlight the need for businesses to take proactive measures to protect against cyber attacks. By properly managing employee credentials and implementing strong security measures, companies can significantly reduce the risk of data breaches and protect sensitive information from falling into the wrong hands. MyPass is one solution that can help companies achieve this goal, providing a secure password management and identity verification platform that can significantly improve cybersecurity measures.