Use these patterns to your advantage by incorporating the stories into future conversations and workshops. Employees will find it easier to pay attention and learn from training if they already know the examples.

The biggest attack

The mother of all violations (MOAB)

The “Mother of All Fractures” (MOAB) will hit the world of cybersecurity like a tsunami in early 2024. This attackone of the largest in history, targeted a conglomerate of social media giants and financial institutions and resulted in the disclosure of billions of records.

Cyber ​​experts determined early on that the leak was caused by a firewall failure at Leak Lookup, a data leak detection company.

Your findings

MOAB has shown that even the most secure organizations can fall victim to targeted attacks. Ask your leaders: Do they believe your organization is “too big” or “too complex” to fall victim to a firewall attack? Use this as evidence of how any organization can be affected.

Also note that this is all due to a firewall error. As a security manager, use this as an opportunity to learn from others and run an audit of your firewalls to make sure they are working properly.

The best Canadian attack

Cyberattack on London Drugs

London Drugs, a large Canadian pharmacy chain, was hit by a ransomware attack in April 2024. The attackers encrypted the company’s data and demanded a large ransom for the decryption key.

The attack forced London Drugs to temporarily close stores and disrupt online services, leaving thousands of customers without access to prescriptions for over a week. Although the company did not disclose whether the ransom was paid, the incident highlighted the growing threat of ransomware in the retail sector.

Your findings

When was the last time you reviewed your team’s breach contingency plan? How about sharing it with the rest of your team? Now is the perfect time to review what your security team – and the rest of your company – should do if a breach occurs.

Consider conducting a shutdown simulation exercise, creating breach plan handouts for all employees, and conducting a review of your breach plan.

Most importantly, think about what your company would do if all servers had to go offline. Do your marketing, finance and operations teams know their procedures? The London Drugs data breach showed why this is an important part of your recovery plan.

The cross-border shutdown

The cyber attack on CDK Global

CDK Global, a major provider of technology solutions for the automotive industry, fell victim to a devastating cyberattack in the first half of 2024. The break Disruptions to numerous auto dealerships in North America resulted in significant financial losses and delays in operations for American and Canadian companies.

A Client lawsuit states that the cause is partly due to the lack of training of employees in cybersecurity.

Your findings

Train your employees. At every seniority level, in every department, and at every age. CDK Global specializes in cybersecurity solutions, but a lack of cybersecurity training led to a massive breach that caused reputational and financial damage to the company.

Check in with your IT and security team. When was the last time they completed their training? What were their biggest vulnerabilities?

The biggest trend

Attacks in the healthcare sector

Healthcare organizations continue to be the primary targets for cybercriminals, with a significant increase in attacks on hospitals, clinics and healthcare providers in 2024. The latest attack targeted McLaren Healthcarewhich is reminiscent of the well-known disruptions caused by cancelled operations and slow patient admissions.

These attacks range from ransomware to data breaches and often result in the theft of confidential patient data. The increasing reliance on digital health records and connected devices has made the sector particularly vulnerable.

Your findings

This should serve as a reminder to you that scammers have no mercy! They don’t care if you’re hosting thousands of sick patients waiting for life-saving surgeries. They don’t care if you’ve just started your business and are putting all your life savings into it. They just want your money and your information.

So, no matter what stage, purpose or profit your business is at, invest in cybersecurity. Breaches can happen to anyone.

The cyber attack that wasn’t one

The shutdown of Crowdstrike

The CrowdStrike outage in July 2024 caused great confusion and led to speculation about a possible cyberattack. However, it later emerged that the outage was not caused by an external attack, but by an internal software update error.

Nevertheless, the chaos that followed exploited by cyber criminals who initiated phishing campaigns, fake support sites, and other scams targeting companies and individuals affected by the outage.

Your findings

During busy, unexpected, or stressful times in your business, you need to be vigilant. And that goes for your employees, too. Cybercriminals prey on businesses during these times. They know that people act more quickly and thoughtlessly when their minds are elsewhere. Take inspiration from this and send messages during stressful times (like elections!) reminding your employees to be extra cautious when it comes to fraud.

The cybersecurity landscape in 2024 was marked by significant incidents that serve as a stark reminder to your organization. By examining these events and understanding the lessons they offer, security managers can strengthen their defenses, improve their preparedness, and better protect their organization and team members from future threats.

Whether it’s the largest data breach of all time or the exploitation of a simple software bug, each incident provides valuable insights that can help us navigate the complex world of cybersecurity. See you in late 2024 for another roundup!