Cyber Monday Sale! 50% Off All Access

The 'Mother of All Breaches' Just Happened — Here's the Security Implications for Businesses If your business exists online, chances are some percent of your customers' data got leaked in what cybersecurity specialists boldly labeled as the "mother of all breaches" (MOAB).

By Ihar Kliashchou Edited by Micah Zimmerman

Key Takeaways

  • This 12-terabyte behemoth will send shockwaves through the business community, posing a continual threat to personal information and corporate security.
  • Business leaders must move to a proactive stance

Opinions expressed by Entrepreneur contributors are their own.

At the beginning of the year, Security Discovery and Cybernews researchers uncovered a dataset of 26 billion(!) leaked entries associated with LinkedIn, Twitter.com, Tencent, Dropbox, Adobe, Canva, Telegram and other platforms. Government agencies in the U.S., Brazil, Germany, the Philippines, and Turkey are also among the organizations hit by the "mother of all breaches" (MOAB).

As the investigation team reported, a significant share of information in the dataset was compromised during past data breaches. However, the stash also contains new data.

Related: A Scammer Tried to Come For My Small Business — and Yours Could Be Next. Here's How to Protect Yourself.

Aftermath for businesses

Simply put, this 12-terabyte behemoth will send shockwaves through the business community, posing a continual threat to personal information and corporate security.

But this is not just a breach; it's a comprehensive toolkit for threat actors to orchestrate an endless number of cyberattacks, including identity theft. Criminals can maliciously exploit the stolen personal data from the MOAB dataset. It is a powerful weapon capable of wreaking havoc on a global scale.

Related: How to Protect Your Customers (and Your Brand) From Data Breaches

So, in the coming weeks, it's time to move to a proactive stance. Here are some signals businesses should listen to when monitoring their infrastructure:

  1. Uncommon access scenarios. In light of a data breach like this, keeping a close eye on access logs for any unusual activity is critical. A sudden surge in requests or unfamiliar IP addresses could indicate unauthorized entry. Logins during non-standard hours, especially outside of ordinary business hours, may be considered malicious activity as well.
  2. Suspicious account activity. In an attempt to take over the compromised account, scammers may reveal themselves through unexpected adjustments in user privileges or alterations to account roles. Frequent changes in login locations, irregular login times, and spikes in data access are also red flags.
  3. Surge in phishing attempts. Massive breaches often provide fertile ground for cybercriminals to launch phishing attacks targeting employees or customers related to affected brands. Unscheduled phishing training or educational campaigns may help your staff and clients recognize phishing scams at early stages.
  4. Abnormal network traffic. Another alert of malicious activity is unexplained spikes in outbound traffic and unusual communication patterns between internal systems.
  5. Boost in helpdesk requests. A growing volume of user requests to the support team can also indicate a problem, especially when there is a sudden surge in inquiries related to compromised accounts or suspicious activities.
  6. Customer feedback. An influx of complaints about unauthorized access, account compromises, or suspicious transactions should trigger an immediate investigation.

Related: The Role of Leadership in Creating a Cybersecurity Culture — How to Foster Awareness and Accountability Across the Organization

A new security paradigm

Unfortunately, the MOAB is just a single event in the never-ending war between cybercriminals and corporations. In an age of the constant growth of security threats, companies must develop a refined sense of foresight. Recognizing patterns and anomalies within their data is not just a skill; it's a necessity. The MOAB underscores the importance of proactive monitoring, urging companies to invest in robust systems that swiftly detect irregularities.

Importantly, entering this new reality means that user security is again becoming more crucial than user experience. Some companies have a hard time accepting that fact. However, in the long run, it's worth the gamble.

It doesn't imply building a kind of imposing wall with menacing guards around your infrastructure that makes users avoid your service. The security measures you deploy can be easy to use for customers. The latest identity verification options — such as self-check-in at airports — prove the concept while staying user-friendly and secure.

Guide to the transformation

Effective information security management powered by global standards such as ISO/IEC 27001 and ISO/IEC 27002 is at the core of the process. By adhering to the standards, an organization guarantees that it has established an Information Security Management System for addressing security risks associated with data owned or managed by the company. Despite certification often being associated with enterprise-level organizations, middle-sized companies, especially those from industries where data safety matters, such as FinTech, should not skip this step. Moreover, unlike ISO 27001, you don't need certification to prove compliance with ISO 27002, which, being more informative than regulatory, details the controls required.

Enhancing authentication policies may be the next step to take. Unfortunately, you can't rely on your customers to be prudent while setting logins and passwords. Nevertheless, nudging them to select more advanced options is under your control.

More companies across different sectors now implement multi-factor authentication involving users' biometrics like fingerprint scans or face recognition. With the idea of a passwordless future pushed by tech giants like Google, this approach is gradually becoming an industry best practice. On the one hand, setting a "Privacy Screen" to secure Google Drive on iOS mobile devices through Touch ID or Face ID requires additional action on the user's end. On the other, once the feature is enabled, user satisfaction soars as well.

Finally, the adoption of liveness detection technology — both for IDs and selfies — in identity verification procedures is crucial. It helps determine whether the source of a biometric sample is a live individual, and provides evidence that a user-submitted document photo is a genuine passport or other document. Additionally, this step can be made mandatory, not only during registration for a service but also at the purchase stage. Neural networks under the hood of the liveness detection process are constantly improving, showing high accuracy rates. That also contributes to data processing speed, making it possible to perform a liveness check in seconds.

Related: 8 Ways a Data Breach Could Take Out Your Company Tomorrow

Final thoughts

The MOAB incident serves as a call to action for businesses worldwide. Unfortunately, the brand names on the MOAB list prove that there is room for improvement for all the companies, including enterprise-level. It's more critical than ever to bolster defenses, sharpen our cyber instincts, and fortify our systems against the impending storm.

Still, there is no need to turn the sign-in or payment processes into a math quiz with a bunch of problems to be solved on the customer's part. UX still matters, especially for companies from B2C sectors whose success is measured by the number of active users. For this reason, a mobile banking app is always more secure than an e-book subscription service.

Ihar Kliashchou

Entrepreneur Leadership Network® Contributor

Chief Technology Officer at Regula

Ihar oversees ID verification tech development and the product portfolio. His biometrics expertise drives anti-fraud innovation in-house. He also leads Regula’s global tech collaborations, including projects with institutions and EU ID verification strategies.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business News

Elon Musk Still Isn't Getting His Historically High Pay as CEO of Tesla — Here's Why

A second shareholder vote wasn't enough to convince Delaware judge Kathaleen McCormick.

Growing a Business

Her Restaurant Business Is Worth $100 Million — Here's Her Unconventional Advice for Aspiring Entrepreneurs

Pinky Cole, founder of Slutty Vegan, talks about going from TV producer to restaurant owner, leaning into failure and the value of good PR.

Legal

How Do You Stop Porch Pirates From Stealing Christmas? These Top Tips Will Help Secure Your Deliveries.

Over 100 million packages were stolen last year. Here are top tips to make sure your stuff doesn't get swiped.

Leadership

Leadership vs. Management: How to Understand the Difference and 6 Ways to Bridge the Gap

Here are the key differences between leadership and management, highlighting their complementary roles and providing six strategies to develop managers into future leaders.

Business News

'Something Previously Impossible': New AI Makes 3D Worlds Out of a Single Image

The new technology allows viewers to explore two-dimensional images in 3D.

Business News

'I Stand By My Decisions': A CEO Is Going Viral For Firing Almost All of the Company's Employees — Here's Why

The Musicians Club CEO Baldvin Oddsson fired 99 workers at once over Slack for missing a morning meeting. But there's a catch.