As artificial intelligence continues to evolve and integrate into our […]
The recent cybersecurity breach that impacted Boost Mobile customers of Dish […]
Repeating the same actions over and over again and expecting […]
See how securing your environment with Ntirety’s Comprehensive Compliant Security solution can save you money with our ROI Calculator.
Overview The client is an insurance company based in the […]
Overview This leading healthcare provider focuses on providing comprehensive and […]
Overview This event technology company provides customers with best-in- class […]
In this episode, we talk with Tony Scribner of Ntirety, […]
Emil Sayegh is a well established executive in product and […]
Today we’ll be talking about hybrid cloud, security, and Maslow’s […]
Last year we discussed lessons from the T-Mobile breach. Yet it seems history is repeating. Here we are again, contending with news of the eighth data breach T-Mobile has endured in the last 5 years. There are so many elements surrounding the cyber-plight of this company that we’re forced to visit the topic again. This time around with a bit more focus – and some very serious questions.
First, the reports on this incident from late January 2023 said the data of some 37 million customers was lost. Apparently, hackers exploited an application programming interface (API) on one of the company’s platforms. Further, the hackers first accessed the data in late November 2022 yet could not be stopped (and were probably not detected) until over two months later, sometime in late January.
It’s not much of a secret that T-Mobile is a data-rich target. Its existing and legacy customer base includes millions of accounts, with personal billing information, dates of birth, addresses, and other personal identifiable information (PII). On top of that, T-Mobile has exhibited vulnerability through the sheer number of successful attacks inflicted on them, making the company even more of a target.
Will the eighth time be the charm? We can only hope this incident will serve as a turning point for T-Mobile, a time at which they have asked every question and learned all they can learn, to ultimately build the kind of cybersecurity practice that prevents and reduces incidents, and works proactively to minimize the damage incidents cause. Doing so successfully takes a number of steps that anybody on the outside can predict, and begs the following questions:
And the overarching question: Is the internal T-Mobile IT organization equipped to deal with cyber-threats, or are they better off partnering with experts? We’re not looking to pick on a company when it is down, but for T-Mobile there’s been a lot of time down on the mat.
Cybersecurity is not a one-time project, but a continuous process that requires regular assessments and updates. Unfortunately, many companies view cybersecurity as an afterthought or an expense rather than a critical aspect of their operations. This often leads to a loop of inadequate resources being allocated to cybersecurity, resulting in insufficient protection against threats.
Additionally, many companies do not conduct regular security assessments, or fail to address vulnerabilities identified during the assessments that occur. Among the most common mistakes companies make are not prioritizing cybersecurity and not seeking partnerships to assist in this mission.
Seeking the right outside assistance is a sign of strength, not weakness. It takes leadership to make this decision, but if they are affected by indecision it will eventually bring them back around to the same place – hacked, embarrassed, and an even bigger target than last time. Collaborating with an outside partner to deliver a comprehensive security service is a proactive step towards ensuring the continued success of a business in today’s ever-evolving cybersecurity landscape.
This time around, T-Mobile’s cybersecurity lessons must be thorough and systemic. They must include the ability to monitor, alert, and react upon their entire digital estate. It’s clear they need an outside perspective and help; what they’ve been doing for the last five years is simply not working. Weeks of unfettered, unauthorized access by an outsider just simply cannot happen again.
Cybersecurity is critical for every company, regardless of size or industry. Companies that make cybersecurity mistakes can put themselves at risk of a cyberattack, which can result in significant financial and reputational damage. It’s essential for companies to prioritize cybersecurity and invest in adequate protection to mitigate the risk of cyberattacks. By doing so, companies can protect their sensitive data and reputations, and ensure the continued success of their business.
This article was originally published in Forbes, please follow me on LinkedIn.