Cyberattack lessons

3 cyber-attacks and what we can learn from them

Avoid becoming a victim of devastating cyber-attacks by learning from these three incidents.

The number of cyber-attacks in the U.S. is growing dramatically, with 40 percent more incidents in 2016 than the year before. All organizations have a responsibility to take action and prepare themselves. It’s no longer a question of if the attack will come, but when. One way entities can build up their cyber-defenses is by examining past incidents for key takeaways. Here are three cyber-attacks that provide important lessons all organizations can learn from.


In addition to the 2014 Yahoo cyber-attack that breached more than 500 million accounts, Yahoo recently disclosed a 2013 attack in which information was stolen from more than 1 billion accounts, making it the largest known security breach of a single company’s computer network. The user information stolen included names, phone numbers, birthdates and unencrypted security questions that could be used to access the accounts.

Since these attacks, Yahoo has been accused of lax product cybersecurity. Even though the company had previously been attacked by Chinese military hackers in 2010, insiders claimed that Yahoo focused on visual upgrades to services and developing new products rather than boosting cybersecurity.

When leaders in an organization don’t understand the importance of cybersecurity, it’s not likely to be a top priority. Rather than view cybersecurity as strictly an IT concern, help your board understand the risks to the organization’s mission that are created when the issue is ignored. While investments in cybersecurity may not immediately result in increased revenue and profits, they will help safeguard against attacks that can have devastating effects on your organization’s value and reputation. As one clear example – once Yahoo’s data breaches were revealed, Verizon shaved $350 million off its purchasing price of the company.


The cyber-attack on internet infrastructure company Dyn in October of 2016 is known as the first major cyber-attack to take advantage of the Internet of Things (IoT) – the term given to the combined data of everyday objects that can be connected over the internet. For example, connected security cameras, thermostats, fitness trackers, cars and refrigerators can all contribute data to the IoT. The problem is that many of these objects have little or no cyber-defenses set in place.

The Dyn attack was carried out using Mirai, a malware that searches for IoT devices with factory-default usernames and passwords that haven’t been changed. It is believed that the hackers broke into unprotected IoT devices and out-of-date firmware and used their IP addresses to create a botnet, which flooded Dyn’s server with traffic until it collapsed. Websites affected by the hack included Twitter, Netflix, Reddit, CNN, PayPal and many more that were hosted by Dyn. This attack demonstrates that cybercriminals are well aware of the lower levels of security implemented in some IoT firmware and hardware compared to application software and operating systems and are more than willing to take advantage of this opportunity.

The number of unprotected IP addresses grows with every IoT device that is manufactured and sold. While it is difficult for any one organization to fight back against Mirai botnets, we can stop contributing to the problem by ensuring that all firmware is up to date on our IoT devices and all default passwords have been changed to secure ones.

Presbyterian Medical Center

Hollywood Presbyterian Medical Center was attacked in February of 2016. The hackers infected the hospital’s computers and shut off access, forcing hospital staff to revert to paper registrations and medical records, and to divert emergency patients to other hospitals in the area. The issue wasn’t resolved until hospital officials paid the cybercriminals roughly $17,000 in ransom in the form of 40 bitcoin. Fortunately, no patient care or hospital records were compromised, according to the hospital’s CEO.

It is believed the attack occurred because an employee either opened an infected email or downloaded malware from a pop-up ad. Though not as massive as the other two attacks, this is a frightening example of what can happen when a single member of an organization’s staff is unable to spot phishing emails or dangerous pop-ups. Rather than be caught off guard, keep your employees educated about what to look out for in phishing attempts. Sending them our phishing prevention toolkit is a great way to start.


To learn more about how to protect your business and yourself with IT risk management, contact Brian Johnson using the information below.

Brian Johnson

Senior Vice President
Technology Services

Brian leads the firm's technology services practice where he helps clients achieve measurable performance improvements through the delivery of specialized, competency-based information systems management, assurance and advisory services. He has extensive experience in information security, network engineering and solution development, with recognized specializations in governance, risk, control and related consulting services.

Brian is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), and Certified in Risk and Information Systems Control (CRISC). He is a member of ISACA (previously known as the Information Systems Audit and Control Association), the American Institute of Certified Public Accountants’ Information Management and Technology Assurance (IMTA) Section, and APICS (the Association for Operations Management).

Brian is also a Certified Public Accountant (CPA) and a graduate of Wichita State University, where he earned a master's of accountancy and bachelor's in business administration.

Your organization has unique vulnerabilities and security requirements.
See how our professionals can tailor an IT security plan for you.