Exploit: Malicious code script
National Baseball Hall of Fame: American History Museum for Major League Baseball
Risk to Small Business: Severe:The notorious hacking group MageCart infiltrated the National Baseball Hall of Fame, compromising the personal information of customers shopping on their e-commerce store. Hackers had access to shopper information for seven months, beginning in November 2018. The hackers injected a malicious script into the checkout page that forwarded user information to the hacking group. Now, the museum will incur the inevitable repair costs that always accompany a data breach, and the reputational damage to their online store will likely cost them revenue and loyal customers moving forward.
Individual Risk: Severe: MageCart scams steal customer data at checkout, and online shoppers between November 15, 2018 and May 14, 2019 could have their information stolen by the hacking group. This data involves customers’ names, addresses, and payment information, including CVV codes. Customers who made purchases at the online store during this timeframe are encouraged to contact their credit card company and monitor accounts for fraudulent or suspicious activity.
Customers Impacted: Unknown
How it Could Affect Your Business: Online shopping is quickly becoming the go-to buying method for many shoppers, and SMBs rely on this revenue stream to compete with major corporations. Therefore, securing IT infrastructure is critical to stay competitive in today’s digital-first environment. To mitigate the damage after a breach, businesses should strive to provide proactive customer care to ensure that they can quickly and completely recover from a breach.
In Other News: Canadian Government Launches Cybersecurity Certification Program for SMBs
A recent survey by StaySafeOnline.org found that 71% of data breaches occur at small businesses, a prolific problem that the Canadian government is trying to solve. Consequently, they’re instituting an incentive program for SMBs prioritizing cybersecurity initiatives.
The new initiative, CyberSecure Canada, allows organizations to prove that they meet specific security criteria, then awards the organization with a certificate and logo that they can include on their website and promotional material.
To become CyberSecure certified, SMBs must demonstrate compliance with 13 security controls that collectively create a safer internet experience for businesses and their customers. The program strives to encourage Canadian SMBs to spend time and resources on cybersecurity initiatives. Not only will this help shore up their own long-term viability, but it also supports customer data security, a top priority in the digital age.
Interestingly, the survey found that many companies aren’t equipped to defend against these threats. The research found that 64% of small businesses don’t have a security team, and only 1/3 provided cybersecurity training to their employees.
Notably, SMBs don’t have to tackle this priority alone. Partnering with qualified cybersecurity professionals can help augment your cybersecurity posture and transforming weaknesses into strengths.