The recent Red Cross attack compromised the personally identifiable information (PII) of about 515,000 people who used its website. The hackers announced their plan to publish that data online in mid-October, and this is only the latest issue of personal information being compromised. This post will look at how companies can protect us from these attacks and what steps they should take to avoid this type of situation moving forward.
How do cybercriminals steal data from companies?
Cybercriminals use Social Engineering, Advanced Persistent Threats, and Phishing to locate data. They often try to gain company networks by using Social Engineering and Phishing.
Social Engineering is a process where an attacker attempts to get sensitive information or passwords by making it seem as though a legitimate request was made. This includes phone calls, emails, letters, and faxes.
Advanced Persistent Threats are attacks carried out by a group of attackers against a network that form an ongoing, long-term campaign. The attackers constantly try to gain access to sensitive data throughout the campaign.
Phishing can involve sending emails to get someone to provide sensitive information or passwords that are used for financial gain or to gain access to a company network.
How does Red Cross protect its users?
Redcross has said that data protection controls are in place to ensure that their data is secure. The organization uses data encryption and hashing to prevent decrypted information. It has also stated that it enforces a strict two-factor authentication policy for all user logins, email, social media, and website access. This will help reduce the risk of unwanted access to the victim’s account, helping to reduce the threat of data being sold or used by others.
Security updates are regularly applied to the website, and malware applications are installed and updated regularly. This helps reduce the risk of attackers compromising the system. The Organisation also uses internal intrusion detection systems to monitor activity on the website. It employs firewall software designed to block any malicious activity by external sources. The organization also has a team of security staff who conduct regular penetration tests on their systems to ensure they are secure. There is no single point of failure.
In summary, the Red Cross protects its users’ data against malicious attacks. The red cross cyberattack is merely the latest in a long line of cyber attacks that have led to the theft of personal data. While attacks are still rare, companies can take steps to protect their users. The Organisation would have done everything in its power to ensure that the system was secure and that there was no single point of failure; this would reduce the risk of personal data being compromised.