Phishing attacks have made news rounds, mostly around banks, financial institutions, and other large organizations. However, the stringent controls in these industries have diverted the attention of cyber adversaries to a relatively less explored and less exploited avenue – SMEs and SMBs, and NLA Data Breach is just one example.
Large organizations such as Yahoo, Cerelan Bank, Facebook and Google, etc., have been in the news for some of the most significant phishing attacks in the history of computing. However, these organizations have over time strengthened their cybersecurity posture and have increased their security budget significantly. These measures have made it difficult and expensive for adversaries to penetrating their security perimeter easily. On the other hand, Small and medium-sized enterprises (SMEs) or small and medium-sized businesses (SMBs) generally do not have stringent cybersecurity controls implemented, due to insufficient manpower, resources, and a lack of dedicated security budget. Thus, it is easier for attacks to exploit the security vulnerabilities in the absence of security measures. Regular cyberattacks have now started haunting small enterprises, and ‘Next Level Apparel’ (NLA) has just made headlines due to a recent data breach.
Next Level Apparel (NLA) Data Breach: What Happened!
The American clothing company, Next Level Apparel (NLA) has become the victim of a recent phishing attack, resulting in the compromise of the personal data of their employees and consumers. The compromised PII (Personally Identifiable Information) include names, SSNs (Social Security Numbers), email accounts, credit and debit card numbers, etc.
What Is Next Level Apparel Doing Now?
According to some reports, NLA has established a dedicated call center after conducting a thorough investigation. NLA has also informed affected individuals of the incident and provided some guidance and recommendations on protecting personal information from unauthorized persons. NLA was also said to be working on implementing and enhancing their control measures to prevent similar attacks.
How Can SMEs and SMBs Protect Themselves from Similar Phishing Attack?
- Implementing two-factor authentication (2FA) to protect any financial and other sensitive information.
- Providing cybersecurity awareness and education to employees and training them on identifying malicious email or a phishing attack
- Following basic cyber-hygiene and ensuring that the passwords are strong, changed regularly, and are kept safe.
- Review your bank accounts and financial statements to identify any suspicious activities.
- Contact FTC (Federal Trade Commission) as soon as they discover any unusual activities or transactions.
Phishing attacks are one of the oldest types of cyberattacks yet are the most commonly used attacks deployed by malicious actors today. However, if employees are well-trained and serious about cybersecurity, they could become the first line of defense to your enterprise in protection against phishing attacks.