LinkedIn Data Breach and Importance of Cyber Security for Businesses

Cyber Security Issues within LinkedIn

First in April of 2021 and then again in June 2021, a total of 700 million LinkedIn users’ data was exposed in what is considered one of the biggest cyberattacks ever. The breach was discovered when around 1 million user profiles were found on an unlisted forum. This was a clear case of cyber security issues within the LinkedIn infrastructure. The exposed data included names, emails, passwords, locations, IP address, contact information including address, and salaries of almost 92% of LinkedIn profiles, among other pertinent information (Vigliarolo, 2021). The data was put for sale on the black market for millions of dollars. LinkedIn’s data was breached and scarped due to a lack of properly executed security measures.

The mastermind behind the LinkedIn attack was found to be a user of RaidForums and they went by the name “GOD TomLiner”. They uploaded sample data of $1 million as proof and to be able to negotiate more money for the remaining 699 million users’ data. Like with any cyberattack, the objective was to likely acquire personal data and sell it for money (X. Zhang, 2010). Usually, companies that have access to the private data of customers are targeted for such attacks.

But in the case of LinkedIn, no credit card or bank details were leaked or scraped. So, it is likely the breacher was looking to bargain the data for money to one or multiple sellers. Data sold and bought in this manner is often used for identity and bank-related scams, since a lot of personal data becomes public.

Cyber security needs to be a top priority for any and all businesses because customer data is becoming invaluable by the minute. With more and more people working from home and remote working not seemingly going anywhere for the foreseeable future, cyber security has become crucial. Client data, confidential company data, employee records, to name a few, are important sets of data that need to be protected.

Many companies have already started implementing uncompromising cyber compliance and cyber security measures of Identify, Protect, Detect, Respond, Recover. This is the NIST organizational model and recognizes the existing procedures organizations use. Instead of beginning anew, it directs companies to better utilize methods already in place and to add to the existing measures.

Internal auditors have always played a crucial role in the recognition and prevention of occupational fraud. Conducting by an internal committee, teams in-charge of assessing internal frauds must have an assured system. The audit should be taken into consideration where there is a risk present. Auditors should assess the possibility of risk and analyze for fraud through evaluation and prevention measures.

LinkedIn Data Breach and Implications for User Data

The risk management framework defends the business against possible losses due to cyber-attacks, threats, business’ competitive advantages, and other potential risks to a company. Compliance with these is mandated by governments in almost all geographic locations.

These frameworks help keep company data secure and must be implemented completely. As mentioned earlier, remote work has made cyber security a front-burner issue. With that in mind, implementing these risk assessment frameworks, such as two-factor authentication, can not only secure customer data but also keep confidential company data secure (Aljeaid, 2020).

1.T-Mobile is the third-largest wireless carrier in the U.S. They announce recently about the cyber-attack data breach, more than 53 million people (about twice the population of Texas) are affected due to this incident. This includes all the contact information of the accounts including Birth dates, home addresses and phone numbers of the customers. The company was sued by its customers. Sources say that due to the coronavirus virus, from home was the glowing side for the hackers since employees will be working remotely. (Graham, n.d.). 

2. Cybercriminal targets both public and private sectors such as healthcare, financial organizations, and IT sector. These attacks do very deep harm to these companies. It can also shut down the whole business, it gets the data from existing customers and also divert the new customers, who are the potential customers. This type of attack usually worries users or customers and leads to loosing company’s customer base to some competitor. Billions of dollars’ worth of lawsuits is most common since the privacy of user has been compromised. Leading to business shuts down. For all the cyberattacks are most expensive and creates negative image in the market. (Irwin, 2021, September 1).

3. Cyber risk management is the most important for all businesses. As I mentioned above the damages of cyberattacks, all organizations would avoid the damage and would go for cyber risk management. I have picked the most common cyber security model, NIST (National Institute of Standards and Technology).

This model has five key phases, Identify, Protect, Detect, Respond and Recover. This model will help to get to the cause and clear the risk step by step. NIST works differently Instead of starting new, this model will provide better use and additions to the existing process of cyber risk management. It is a flexible model for most of the business.  (Minahan, 2019, November 1).