Cyberattack lessons

3 cyber-attacks and what we can learn from them

Avoid becoming a victim of devastating cyber-attacks by learning from these three incidents.

The number of cyber-attacks in the U.S. is growing dramatically, with 40 percent more incidents in 2016 than the year before. All organizations have a responsibility to take action and prepare themselves. It’s no longer a question of if the attack will come, but when. One way entities can build up their cyber-defenses is by examining past incidents for key takeaways. Here are three cyber-attacks that provide important lessons all organizations can learn from.


In addition to the 2014 Yahoo cyber-attack that breached more than 500 million accounts, Yahoo recently disclosed a 2013 attack in which information was stolen from more than 1 billion accounts, making it the largest known security breach of a single company’s computer network. The user information stolen included names, phone numbers, birthdates and unencrypted security questions that could be used to access the accounts.

Since these attacks, Yahoo has been accused of lax product cybersecurity. Even though the company had previously been attacked by Chinese military hackers in 2010, insiders claimed that Yahoo focused on visual upgrades to services and developing new products rather than boosting cybersecurity.

When leaders in an organization don’t understand the importance of cybersecurity, it’s not likely to be a top priority. Rather than view cybersecurity as strictly an IT concern, help your board understand the risks to the organization’s mission that are created when the issue is ignored. While investments in cybersecurity may not immediately result in increased revenue and profits, they will help safeguard against attacks that can have devastating effects on your organization’s value and reputation. As one clear example – once Yahoo’s data breaches were revealed, Verizon shaved $350 million off its purchasing price of the company.


The cyber-attack on internet infrastructure company Dyn in October of 2016 is known as the first major cyber-attack to take advantage of the Internet of Things (IoT) – the term given to the combined data of everyday objects that can be connected over the internet. For example, connected security cameras, thermostats, fitness trackers, cars and refrigerators can all contribute data to the IoT. The problem is that many of these objects have little or no cyber-defenses set in place.

The Dyn attack was carried out using Mirai, a malware that searches for IoT devices with factory-default usernames and passwords that haven’t been changed. It is believed that the hackers broke into unprotected IoT devices and out-of-date firmware and used their IP addresses to create a botnet, which flooded Dyn’s server with traffic until it collapsed. Websites affected by the hack included Twitter, Netflix, Reddit, CNN, PayPal and many more that were hosted by Dyn. This attack demonstrates that cybercriminals are well aware of the lower levels of security implemented in some IoT firmware and hardware compared to application software and operating systems and are more than willing to take advantage of this opportunity.

The number of unprotected IP addresses grows with every IoT device that is manufactured and sold. While it is difficult for any one organization to fight back against Mirai botnets, we can stop contributing to the problem by ensuring that all firmware is up to date on our IoT devices and all default passwords have been changed to secure ones.

Presbyterian Medical Center

Hollywood Presbyterian Medical Center was attacked in February of 2016. The hackers infected the hospital’s computers and shut off access, forcing hospital staff to revert to paper registrations and medical records, and to divert emergency patients to other hospitals in the area. The issue wasn’t resolved until hospital officials paid the cybercriminals roughly $17,000 in ransom in the form of 40 bitcoin. Fortunately, no patient care or hospital records were compromised, according to the hospital’s CEO.

It is believed the attack occurred because an employee either opened an infected email or downloaded malware from a pop-up ad. Though not as massive as the other two attacks, this is a frightening example of what can happen when a single member of an organization’s staff is unable to spot phishing emails or dangerous pop-ups. Rather than be caught off guard, keep your employees educated about what to look out for in phishing attempts. Sending them our phishing prevention toolkit is a great way to start.


To learn more about how to protect your business and yourself with IT risk management, contact Brian Johnson using the information below.

Brian Johnson

Senior Vice President
Technology Services and Administration

Brian Johnson is an experienced technology executive and consultant with a proven track record of leadership in technology management. As a technology and business leader with more than 30 years of experience, Brian successfully leverages his technology background, business acumen, and people management skills to help organizations link innovative technology solutions to their strategy and mission. Brian’s technology experience and credentials are supplemented by his training as a certified public accountant.

Brian is a frequent speaker and advisor on technology developments and trends. A certified public accountant, he has extensive expertise in IT risk advisory services and has earned the Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified In the Governance of Enterprise IT (CGEIT), and Certified in Risk and Information Systems Control (CRISC), credentials as well as additional certifications in operations management, systems engineering, and solution development. Brian was named one of the Wichita Business Journal’s CIO of the Year honorees in 2015.

Your organization has unique vulnerabilities and security requirements.
See how our professionals can tailor an IT security plan for you.