Cyber Warfare: Trump’s Next Big Challenge
January 22, 2017Forensic Analysis: Botnet Attacking – WordPress Sites Of Pakistan
January 24, 2017Think your association isn’t appealing to hackers? Think again.
Associations are consistently the most at-risk organizations to be hit by cyber attacks simply due to the sheer volume of data they own, from membership and partner data to sponsor and vendor financial information. Associations are prime targets for hackers, and a cyber attack on an association can result in reputational damage, consequential costs, and loss of members. Whether you’re running a membership renewal, planning a conference, storing large amounts of data, or adjusting to temporary spikes in web-traffic, it’s imperative that your network, applications, and your Association Management Software (AMS) system are always secure and performing efficiently so that your critical information is safe.
With that said, some associations are starting to invest in a cyber security strategy. Others, not so much. Listed below are associations that have been hacked in the last year:
American Bankers Association
What was stolen? Shopping cart user names, passwords and email addresses
How many victims did the attack claim? 6,400 ABA account users
What was the response? The American Bankers Association identified the problem in their website’s shopping cart application and began working with a local cyber security firm to understand the crux of the issue and how to prevent future instances from occurring
Orange County Employees Association
What was stolen? Member names, addresses, dates of birth, Social Security numbers, driver’s license numbers, payroll information, insurance enrollment information, retirement statuses, usernames, passwords, and information concerning dependents.
How many victims did this attack claim? Undisclosed, but included association members, non-members, Health & Welfare Trust participants, staff, dependents of any of these individuals, and others.
What was the response? The attack had been underway close to two months before it was discovered in parts of the OCEA network. The victims were offered credit monitoring, identity theft restoration, and insurance services for up to one year
Direct Marketing Association
What was stolen? Information from debit or credit cards used on the association website’s bookstore, with information including the names, account numbers, security codes, and expiration dates printed on the physical cards
How many victims did this attack claim? Undisclosed
What was the response? After discovering malware on their association server – maintained by an undisclosed third party vendor – One year of credit monitoring services to the victims affected at no cost
Jefferson National Parks Association
What was stolen? Debit and credit card numbers from two stores at the Gateway Arch, namely The Levee Mercantile and The Museum Store
How many victims did this attack claim? Undisclosed
What was the response? After the malware was discovered close to six months after it was installed on point-of-sale machines at the gift shops in question, investigators were able to trace the original attack point to a terminal that was initially situated outside of the association’s purview and at a third party vendor site.
A few key points to keep in mind – third party vendors played a significant role in at least two of the four highlighted association cyber attacks. That being said, associations are just as vulnerable to the very same attacks that threaten for-profit businesses on a daily basis. Having a company such as Tier3 as your experienced cyber security protection team allows for peace of mind. We have over 10 years of experience in the field and are able to identify risks and outline specific, actionable steps to improve your cyber security posture. Your association, its data, and critical systems are completely protected as we pinpoint security threats inside and outside of your environment, and implement the necessary measures to prevent breaches and data loss.
Bottom line: We protect your association from cyber attacks.
2 Comments
[…] and to provide identity protection. The latest settlement “requires Home Depot to tighten its cyber security practices and to subject its vendors to more scrutiny—a measure tied to the fact that a security flaw by a […]
[…] organisation will be different, but taking time to understand existing cultures and developing a cyber security training program where employees understand and personally feel the benefit, will pay dividends very […]