Recently, Canadian internet service provider (ISP) Altima Telecom fixed a flaw in its website that could have given an attacker direct access to its customer database. A bug first reported by TechCrunch found that a blind SQL injection (short for “structured query language”) attack would give a hacker remote access to Altima’s customer database, which was connected to their website.
The vulnerable database contains millions of records including customer billing data with expiration dates, security codes and addresses, as well as transcripts of support tickets and other user data.
Needless to say, suffering a breach like this could lead to devastating consequences for customers and businesses. Let’s explore security best practices that would prevent this sort of vulnerability and what your business can learn from this exposure.
SQL Injection Attack
An SQL injection is a common attack vector that relies on malicious SQL code for backend database manipulation.
A cybercriminal uses this sort of attack to steal private customer information. A successful attack may result in gaining unauthorized viewing of lists, the ability to delete certain information or obtaining full administrative rights to a database. Websites are often the target of such attacks and the resulting consequences can be very severe.
Altima Telecom bills itself as one of the largest independent Canadian ISPs for the Montreal and Toronto area. While Altima fixed the flaw, there’s no telling if a criminal was able to penetrate Altima’s database prior to detection of this vulnerability. This means that their customers face an increased risk of identity theft and spam.
Retaining Customer Trust
If you were a business affected by this sort of data exposure, you’d need to act quickly to secure and retain your customers. Not only was all the Altima Telecom’s customer data briefly exposed, but the data involved was also highly sensitive. The damage done to the trust between customers and small businesses will take significant time to rebuild.
Payment info exposure is a particularly significant deterrent for customers looking to do business. Studies have found that 30% of consumers discontinue business with breached organizations.
You can’t rely on third parties to properly secure your customer data. As a small business, you need to confront the threat head on. Alert your affected customers to the breach and provide guidance for how they can take necessary precautions to update their affected information and minimize the fallout.
Dark Web Monitoring
The rapid escalation of security threats and technology has left many businesses in the dark ages when it comes to emergency response plans. Small businesses just don’t think of themselves as a target for cybercriminals, but breaches like Altima Telecom’s show us that your business doesn’t even have to be a direct target for your customers to be impacted.
The tools required to protect you and your customers from Dark Web threats aren’t complicated, but they are coordinated. Having a plan in place to ensure robust security protocols is something every business should invest in.
For small businesses, IT providers like Switchfast provide dark web monitoring services that will search the dark web for your company’s credentials and information and alert you in the event of risk.
Our Dark Security Monitoring Services takes a multi-pronged approach to monitoring and reporting on data found on the Dark Web.
With tools, training and education on security awareness — along with password managers and vulnerability and patch management for threats like the SQL Injection vulnerability exposed at Altima — Switchfast can help you plan for the worst and minimize the downsides should your customer or personal data ever be exposed.