1_6_3 Section 1 – Attacks, Threats, and Vulnerabilities - 1.6 – Vulnerabilities - Vulnerability Impacts

Importance of Database Security

• A failure to secure databases can lead to severe consequences, including data theft and financial losses.
• Attackers may steal data for their own purposes, such as identity theft.

Equifax Breach (2017)

• Attackers gained access to names, social security numbers, birth dates, and address information of over 147.9 million Americans, 15 million British citizens, and 19,000 Canadian citizens.
• The breach was due to a vulnerability in Apache Struts that was announced on March 7.
• The attackers exploited the vulnerability on March 12 and stole sensitive information.
• The breach led to the departure of the CIO and CISO and over $500 million in fines.

Financial Losses

• In 2016, attackers exploited a vulnerability in the SWIFT network to steal $81 million from the Bank of Bangladesh.
• Similar attacks led to losses of $12 million from Wells Fargo and $60 million from the Far Eastern International Bank.

Reputation Impact

• Data breaches can damage an organization's reputation and lead to financial losses.
• In 2016, Uber suffered a breach that exposed 25.6 million customer names, email addresses, and mobile phone numbers.
• Uber paid $148 million in fines and its CSO was charged with obstruction of justice and misprision of a felony.

Uptime and Availability

• Attackers can cause outages, downtime, and unavailability of systems by exploiting vulnerabilities.
• Ransomware attacks can bring down entire networks, such as the attack on Chile's Banco Estado in 2021.

Cost of Malicious Cyber Activity

• The United States Council of Economic Advisors estimated the cost of malicious cyber activity to the US economy at $57-109 billion in 2016.

Data Loss

• Losing data can be more damaging than losing money, especially if sensitive information is exposed.
• The "Meow Attack" in 2020 saw thousands of databases with no passwords or default passwords being deleted without warning.