Get All Access for $5/mo

The 'Mother of All Breaches' Just Happened — Here's the Security Implications for Businesses If your business exists online, chances are some percent of your customers' data got leaked in what cybersecurity specialists boldly labeled as the "mother of all breaches" (MOAB).

By Ihar Kliashchou Edited by Micah Zimmerman

Key Takeaways

  • This 12-terabyte behemoth will send shockwaves through the business community, posing a continual threat to personal information and corporate security.
  • Business leaders must move to a proactive stance

Opinions expressed by Entrepreneur contributors are their own.

At the beginning of the year, Security Discovery and Cybernews researchers uncovered a dataset of 26 billion(!) leaked entries associated with LinkedIn, Twitter.com, Tencent, Dropbox, Adobe, Canva, Telegram and other platforms. Government agencies in the U.S., Brazil, Germany, the Philippines, and Turkey are also among the organizations hit by the "mother of all breaches" (MOAB).

As the investigation team reported, a significant share of information in the dataset was compromised during past data breaches. However, the stash also contains new data.

Related: A Scammer Tried to Come For My Small Business — and Yours Could Be Next. Here's How to Protect Yourself.

Aftermath for businesses

Simply put, this 12-terabyte behemoth will send shockwaves through the business community, posing a continual threat to personal information and corporate security.

But this is not just a breach; it's a comprehensive toolkit for threat actors to orchestrate an endless number of cyberattacks, including identity theft. Criminals can maliciously exploit the stolen personal data from the MOAB dataset. It is a powerful weapon capable of wreaking havoc on a global scale.

Related: How to Protect Your Customers (and Your Brand) From Data Breaches

So, in the coming weeks, it's time to move to a proactive stance. Here are some signals businesses should listen to when monitoring their infrastructure:

  1. Uncommon access scenarios. In light of a data breach like this, keeping a close eye on access logs for any unusual activity is critical. A sudden surge in requests or unfamiliar IP addresses could indicate unauthorized entry. Logins during non-standard hours, especially outside of ordinary business hours, may be considered malicious activity as well.
  2. Suspicious account activity. In an attempt to take over the compromised account, scammers may reveal themselves through unexpected adjustments in user privileges or alterations to account roles. Frequent changes in login locations, irregular login times, and spikes in data access are also red flags.
  3. Surge in phishing attempts. Massive breaches often provide fertile ground for cybercriminals to launch phishing attacks targeting employees or customers related to affected brands. Unscheduled phishing training or educational campaigns may help your staff and clients recognize phishing scams at early stages.
  4. Abnormal network traffic. Another alert of malicious activity is unexplained spikes in outbound traffic and unusual communication patterns between internal systems.
  5. Boost in helpdesk requests. A growing volume of user requests to the support team can also indicate a problem, especially when there is a sudden surge in inquiries related to compromised accounts or suspicious activities.
  6. Customer feedback. An influx of complaints about unauthorized access, account compromises, or suspicious transactions should trigger an immediate investigation.

Related: The Role of Leadership in Creating a Cybersecurity Culture — How to Foster Awareness and Accountability Across the Organization

A new security paradigm

Unfortunately, the MOAB is just a single event in the never-ending war between cybercriminals and corporations. In an age of the constant growth of security threats, companies must develop a refined sense of foresight. Recognizing patterns and anomalies within their data is not just a skill; it's a necessity. The MOAB underscores the importance of proactive monitoring, urging companies to invest in robust systems that swiftly detect irregularities.

Importantly, entering this new reality means that user security is again becoming more crucial than user experience. Some companies have a hard time accepting that fact. However, in the long run, it's worth the gamble.

It doesn't imply building a kind of imposing wall with menacing guards around your infrastructure that makes users avoid your service. The security measures you deploy can be easy to use for customers. The latest identity verification options — such as self-check-in at airports — prove the concept while staying user-friendly and secure.

Guide to the transformation

Effective information security management powered by global standards such as ISO/IEC 27001 and ISO/IEC 27002 is at the core of the process. By adhering to the standards, an organization guarantees that it has established an Information Security Management System for addressing security risks associated with data owned or managed by the company. Despite certification often being associated with enterprise-level organizations, middle-sized companies, especially those from industries where data safety matters, such as FinTech, should not skip this step. Moreover, unlike ISO 27001, you don't need certification to prove compliance with ISO 27002, which, being more informative than regulatory, details the controls required.

Enhancing authentication policies may be the next step to take. Unfortunately, you can't rely on your customers to be prudent while setting logins and passwords. Nevertheless, nudging them to select more advanced options is under your control.

More companies across different sectors now implement multi-factor authentication involving users' biometrics like fingerprint scans or face recognition. With the idea of a passwordless future pushed by tech giants like Google, this approach is gradually becoming an industry best practice. On the one hand, setting a "Privacy Screen" to secure Google Drive on iOS mobile devices through Touch ID or Face ID requires additional action on the user's end. On the other, once the feature is enabled, user satisfaction soars as well.

Finally, the adoption of liveness detection technology — both for IDs and selfies — in identity verification procedures is crucial. It helps determine whether the source of a biometric sample is a live individual, and provides evidence that a user-submitted document photo is a genuine passport or other document. Additionally, this step can be made mandatory, not only during registration for a service but also at the purchase stage. Neural networks under the hood of the liveness detection process are constantly improving, showing high accuracy rates. That also contributes to data processing speed, making it possible to perform a liveness check in seconds.

Related: 8 Ways a Data Breach Could Take Out Your Company Tomorrow

Final thoughts

The MOAB incident serves as a call to action for businesses worldwide. Unfortunately, the brand names on the MOAB list prove that there is room for improvement for all the companies, including enterprise-level. It's more critical than ever to bolster defenses, sharpen our cyber instincts, and fortify our systems against the impending storm.

Still, there is no need to turn the sign-in or payment processes into a math quiz with a bunch of problems to be solved on the customer's part. UX still matters, especially for companies from B2C sectors whose success is measured by the number of active users. For this reason, a mobile banking app is always more secure than an e-book subscription service.

Ihar Kliashchou

Entrepreneur Leadership Network® Contributor

Chief Technology Officer at Regula

Ihar oversees ID verification tech development and the product portfolio. His biometrics expertise drives anti-fraud innovation in-house. He also leads Regula’s global tech collaborations, including projects with institutions and EU ID verification strategies.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Leadership

7 Telltale Signs of a Weak Leader

Whether a bully or a people pleaser who can't tell hard truths, poor leadership takes many forms.

Franchise 500 Annual Ranking

50 Franchise CMOs Who Are Changing the Game

Get to know the industry's most influential marketing power players.

Thought Leaders

6 Tips From a Clean Beauty Entrepreneur

Sarah Biggers went from a newbie in the natural beauty space to a pro in just a few years. Here are six things she wishes she'd known at the beginning.

Side Hustle

'Hustling Every Day': These Friends Started a Side Hustle With $2,500 Each — It 'Snowballed' to Over $500,000 and Became a Multimillion-Dollar Brand

Paris Emily Nicholson and Saskia Teje Jenkins had a 2020 brainstorm session that led to a lucrative business.

Marketing

5 Critical Mistakes to Avoid When Giving a Presentation

Are you tired of enduring dull presentations? Over the years, I have compiled a list of common presentation mistakes and how to avoid them. Here are my top five tips.

Science & Technology

5 Rule-Bending AI Hacks to Make Your Mornings More Productive and Profitable

By 2025, AI will transform productivity by streamlining workflows and cutting costs. Major companies like Microsoft, Google, and OpenAI are leading the way, advancing AI into "Phase 3," where tools act as digital assistants. Discover 5 AI hacks to boost efficiency and redefine your daily routine.