No one is safe from cybercrime. Verizon Wireless, known for its annual Data Breach Investigations Report and enterprise security solutions, was the second firm to report a cyberattack in March. The company stated that the contact information of 1.5 million customers was exposed in this breach. The fact that a telecom giant like Verizon is vulnerable to cyberattacks is concerning, to say the least.
Verizon released an email statement regarding their investigation, stating that an attacker had “obtained basic contact information on a number of [their] enterprise customers.” The attackers however, did not get their hands on customer proprietary network information (CPNI) or other data. This may be viewed as reassuring, but with 99 percent of Fortune 500 companies using Verizon Enterprise Solutions (Verizon Fact Sheet), a list of basic customer contact information provides the attackers with more than enough ammunition to plan their next attack.
To add insult to injury, the attackers made the contact information from the breach available for sale and offered the option to purchase information about security vulnerabilities in Verizon’s Web site, according to KebsOnSecurity. This information can now be used by other malicious outsiders to plan future breaches, while the stolen contact information can be used to target future attacks leading to more compromised company data. Today’s cybercriminals are much more powerful than they used to be and are capable of doing significant damage. Companies must recognize that these attackers are less concerned with staying hidden in the Dark Web, often boasting of their success on social media and publicly-available web sites.
Verizon’s recent data breach is only one of many examples that express the urgency and importance of protecting enterprise data. The growth of the digital workplace is causing a surge of data which is stored in the cloud and transferred using a multitude of unsecured devices. Security policies should not stop at the company level. They need to be extensible to third-party applications and cloud providers doing business with the enterprise. A single vulnerability could expose and compromise proprietary data for more than just the network or IaaS provider, in this instance Verizon, but could easily have been AWS, Azure, or others. Proper enterprise security infrastructure is necessary to protect companies from cyberthreats.