Cyber Attacks Haunting IT Industry Due to Human Error

As technological innovations are taking over our everyday lives, the IT industry is booming like never before. Owing to its growing economical and strategic importance, the thriving industry has attracted the attention of cyber criminals worldwide. With its troves of intellectual property and sensitive data, the IT industry can prove to be quite a lucrative target for threat actors. 

 

Human error is a major cause of the majority of the cyber attacks and data breaches in the IT industry. No matter how sophisticated and powerful your security mechanisms are, they’ll work only as long as the employees overseeing them are careful. Reckless mistakes made by employees, either due to distraction or lack of awareness, have led to devastating cyber attacks on many renowned companies globally.

Major Human Error-Based Cyber Attacks on the IT Industry 

While IT organizations are usually quite particular about cyber security, human error is still quite common and has brought several IT companies to their knees. So, here are some of the most disastrous cyber attacks on IT companies caused by human error. 

 

Get in!

Here’s an opportunity for you to stand out from the crowd!

Join our weekly newsletter Cyber Times and become a part of our Cyber Resilient Community

 

#1 Equifax

In May 2017, a credit bureau called Equifax suffered a massive data breach. Counted amongst the biggest data breaches of all times, this attack exposed the sensitive personal information of around 146 million Americans. On 9th March 2017, the organization’s IT team was informed of a vulnerability that affected the Apache Struts software used on the company’s dispute resolution portal. The IT team was instructed to patch the vulnerability within 48 hours.

 

The instructions were ignored and the hackers breached the organization’s systems through that vulnerability on 13th May 2017. The company didn’t detect the breach until 29th July 2017. This massive attack took place because of a mistake made by a single employee, who ignored the security warnings and neglected the implementation of software fixes, which would have prevented the breach. 

#2 Veeam

The global intelligent data management company Veeam left a MongoDB server with 200 GB of data exposed online. The unsecured server was indexed on 31st August 2018 and remained open until 9th September 2018. It contained approximately 445 million records including names, email addresses, countries, IP addresses, referral details and user agents. The server was pulled offline three hours after Veeam was informed of the mismanagement. However, the data was openly accessible to all during ten days the server was left unsecured. This reckless mistake resulted in a huge breach of privacy, affecting millions of users. 

#3 Ubiquiti Networks Inc.

The San Jose-based manufacturer of high-performance networking technologies, Ubiquiti Networks Inc., fell victim to a devastating BEC attack that led to a loss of $ 46.7 million. An employee at one the company’s subsidiaries based in Hong Kong was tricked by the hackers into transferring the huge sum into bank accounts controlled by the threat actors. As soon as the company became aware of the breach, it contacted its financial institutions and law enforcement agencies. Fortunately, Ubiquiti managed to recover some of the lost amount with the cooperation of law enforcement agencies. 

BEC attacks on IT Industry

#4 Adobe

In October 2019, the basic customer details of around 7.5 million Adobe Creative Cloud users were left exposed inside an Elasticsearch database, which was connected online without a password. Exposed user details consisted of Adobe member IDs, country of origin, email addresses, usernames, and the Adobe products they were using. Moreover, the exposed information also included the last date of their login, account creation date, subscription and payment status and whether the account belonged to an Adobe employee. Leaving this massive chunk of data unsecured is a grave mistake that jeopardised the privacy of Adobe customers and employees. 

#5 Instagram

In May 2019, the renowned social media site Instagram suffered a huge data breach that led to the compromise of 49 million users’ personal information. The leak was caused by an unprotected Amazon Web Services (AWS) server connected online. The compromised AWS database belonged to a marketing company named Chtrbox and was online without a password for at least 72 hours. The exposed data included the usres’ profile pictures, phone number, city and country location, email address and number of followers.

How to Eliminate Human Error in the IT Industry?

As illustrated by the examples above, human error can prove to be a great liability for IT companies, regardless of their size. Whether an employee accidentally publishes a sensitive document on the internet or your IT team disregards a security warning, even the simplest of mistakes can result in grave consequences. So, any IT company that wishes to defend itself against cyber attacks must focus on eliminating human error before anything else. 

 

The only way to eliminate human error is by making sure that every member of your organization is aware of the prevalent cyber threats and security risks as well as understand their role in safeguarding the company against such threats. For this, you need to implement an effective cyber security awareness training program for your employees. These programs are designed to educate your employees about the cyber security best practices they should follow and the consequences of not following them. 

ThreatCop Can Help

You can use cyber security awareness training tools like ThreatCop to engage your employees in interesting and informative training sessions. ThreatCop is an expertly designed cyber attack simulator that allows you to run dummy cyber attack campaigns on your employees. This can help them understand how different kinds of cyber attack vectors actually work and what they can do to avoid them, preparing them to combat cyber attack attempts in real life. 


Besides realistic cyber attack simulation, the tool also offers a huge library of 2000+ cyber security content pieces like videos, advisories, case studies, posters and newsletters. With ThreatCop, you can assess the vulnerability level of your employees and analyze the improvement through its interactive quizzes and assessments. So, get ThreatCop and make your employees cyber resilient to reinforce the defenses of your organization against cyber attacks.

Are You Cyber Aware? Take Our Quiz to Find Out

We’ll even give you your own Cyber Security Awareness Badge!

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *