News Feature | October 10, 2014

Losses After Cyberattack Can Devastate Your Clients

Christine Kern

By Christine Kern, contributing writer

Internal Threats Concern To Healthcare Providers

USIS’s contracts with the U.S. Office of Personnel Management ended Sept. 30, 2014, and they were not renewed, eliminating more than 2,500 jobs, The Washington Post reports.  The company, which had provided the majority of background checks for federal security clearances, was the victim of a cyberattack in August.

E-commerce Times reports cyber criminals likely gleaned information from individuals’ background checks that could be very useful to phishers. Reuters reported the U.S. Department of Homeland Security planned to notify approximately 25,000 employees that they may be impacted by the data breach. Although it’s difficult to prove the origin of attacks like the one on USIS, security experts say that the company’s assertion that a foreign country may be behind the intrusion appeared credible. CyberArk’s Andrey Dulkin noted, “It gives them an attack vector with a good chance of succeeding because they have sensitive information that gives them credibility.”

Security experts say the attack was particularly disturbing because files on background checks typically contain highly personal data that foreign intelligence agencies could attempt to exploit to intimidate government workers with access to classified information. “They would be collecting this data to identify individuals who might be vulnerable to extortion and recruitment,” said Dmitri Alperovitch, chief technology officer with cybersecurity firm CrowdStrike, which sells intelligence on state-sponsored cyber-attacks.
And, now, it is particularly disturbing because the fallout of the attack resulted in the loss of contracts and thousands of jobs. A Business Solutions article cited The Ponemon Institute’s “2014 Cost of Data Breach Study: United States,” which found the average cost of a data breach to an organization in 2013 rose to $5.9 million from $5.4 million in 2012. The study looked at firms where the information of more than 500 clients had been compromised.

The study provides information on how you can help your customers reduce their vulnerability to the effects of a cyberattack. It found the cost of a breach can be reduced if a firm already had a strong security profile and an incident response plan in place. It also found companies that notify customers too quickly — before doing a thorough assessment or forensic examination — risked increasing their costs.