Why One Cyber Attack Leads To Another

Although the news cycle may have shifted away, cybercrime is still an ever-present danger. In my last article, “As Businesses Reopen, A New Storm Of Cybercrime Activity Looms,” I examined the next wave of IT risks companies are facing coming out of the pandemic. While a vaccine may eventually eradicate COVID-19, there will never be a cure for evolving cyber threats – and no business can afford to forget about their IT health.  

The recent announcement that the UK-based value airline EasyJet was hacked by a “highly sophisticated source” is a troubling example of these continuous IT threats. The attack resulted in the loss of personal information of over 9 million customers. The company reported that the breach caused email addresses and travel data to be leaked, along with the credit card details of more than 2,000 customers.

EasyJet responded quickly, closing off the unauthorized access and notifying customers about the situation; however, security breaches like this often lead to more significant challenges for security teams and consumers down the road. Hacked information can lead to more advanced attacks (like ransomware), identity fraud, and especially “man-in-the-middle” attacks. A “man-in-the-middle” attack (MITM) happens when an attacker secretly relays and alters the communications between two parties who believe that they are directly communicating with each other. In reality, the entire conversation is controlled by the attacker.

Personal Details Are an Everlasting Threat

Businesses have become far too accustomed to massive security breaches, disregarding them like the common cold. Often, the remedy appears to be free credit monitoring for the affected. But the real threat is lost in that perception of safety and a healthy bounce-back. Many significant risks are escalated after a breach leveraging the data that is lost in these incidents — stolen personal details enable ransomware or “man-in-the-middle” breaches to be more targeted and effective.

Ransomware exploits can arrive in email, text, messaging and social engineering. The success of these attacks counts on the appearance of legitimacy, which is why they often offer links, attachments, and messaging from familiar sources, sites, and people. Each of these details can be systematically gathered and orchestrated from the spectrum of personal data lost in previous breaches. In addition, the greater that data is correlated, the greater the effect, especially in “man-in-the-middle” attacks. 

Data leaks today may not even manifest in immediate actions. Hackers regularly trade, sell, and resell information on the dark web. These underground forums have an echo effect that can persist for years, making the hack that happened this year, in 2020, relevant in 2022, 2025, and beyond. Long-term fraud, cybersecurity, and identity theft issues can emerge.

Lost Data at an Untold Price

When personal details are lost in data breaches, the ramifications are more significant than most people realize. Every piece of lost information has an incalculable value, exposing risks and wielding a substantial impact on organizations and individuals. Beyond financial data, valuable critical information might include:

• Date of Birth
• Social Security Information
• Addresses
• Gender
• Phone Numbers
• Driver’s License Numbers
• Email Addresses
• Account Recovery Information

In the hands of a determined attacker or an attacker looking for an easy target, this information can be leveraged to target organizations. Lost data has a way of being found by perpetrators and opportunists on the dark web. On the scale of millions, this information is priceless because personal derails can serve as the opening that cybersecurity crime needs to infiltrate and hold a network hostage.

Build Your Business IT Immunity

In the wake of any data loss event, the circumstances call for heightened vigilance to rebuild business IT immunity against further attacks and repercussions. IT organizations should have and maintain data breach contingency plans, technical mitigations, and developed user education. Consumers can take advantage of credit reporting to reactively monitor for any signs of financial or identity fraud. Security practitioners need to be on alert to protect company data by monitoring logins, logins from unknown sources, enforcing multi-factor authentication (MFA), unusual activities, and other signs that malicious activity is afoot. To protect the organization, company IT security programs should be in the hands of professionally managed security teams or outsourced to managed security firms.   

As an industry, we cannot take data leaks lightly or let up on the long-term effect that it implies. Every ransomware event should be regarded as a data loss event, and every data loss event should be regarded as a present and future threat to security. There will never be a cure to cybercrime, but a managed security program can reduce the risk tremendously.