When even a tech giant can’t promise the security and integrity of its data, how can small players hope to defend themselves against malicious hackers?

In September 2018, Facebook discovered that 50 million of their users had their accounts compromised. Hackers reportedly took advantage of a software bug that was introduced in a 2017 video uploading feature to gain ‘access tokens’ and take over some of the accounts.

The social media platform logged out 90 million users—including 40 million potentially at risk—and patched up the bugs to solve the problem. This controversy follows the heels of their Cambridge Analytica scandal earlier this year.

Understandably, this news has left both consumers and businesses upset. Facebook is one of the biggest digital companies to date, and they thrive on the information users give them. Mishandling that trust is one of the biggest errors a business can make, as we’re sure to see a lot of consequences from this issue.

The State of Cybersecurity in 2018

Facebook is just one of the millions of companies that are victims of hacking. Statistics show there are over 130 large-scale breaches in the States every year, and that number is increasing by 27% annually.

Global average cost of cyber crime over five years, presented in graph form — Source: 2017 Cost of Cyber Crime Study

To put it in even a larger perspective:

31% of companies have experienced cyber-attacks targeting their operational infrastructure.
24,400 malicious mobile apps get blocked every day.
Yahoo!, Uber, Google, and Under Armor’s My Fitness Pal are just some of the biggest companies attacked by a data breach within the last two years alone.

Cyber threats can take on many forms, and your business is at risk whether you are hiring IT outsourcing services or have an in-house team. The most common of these are malware, ransomware, corporate account takeovers (CATO), distributed denial of service (DDoS) attacks, spam, and phishing.

The year 2017 specifically saw a rise in ransomware attacks, where hackers can threaten a business to expose their confidential information unless a ransom is paid. These threats are expected to continue increasing at an alarming rate of 350% annually.

What Can We Learn from Facebook’s Latest Security Breach?

Lesson #1: The more data you have, the more likely you are to be a target.

Facebook has over 2.2 billion users. The amount of data that can be mined from that platform alone will give hackers a lot of leverage to ask for ransom, steal your identity, or plot other malicious crimes. According to Symantec, phone numbers (63%) and device location (37%) are the two most often leaked information from apps.

The solution: Don’t collect data you don’t need. While data is necessary for marketing, personalization, and other business goals, it won’t do your consumers any good if you can’t build a safe space for their valuable information.

Lesson #2: As cybersecurity advances, so do cyberthreats.

The saying “set it and forget it” doesn’t work for cybersecurity. While you’re working on securing your system, hackers are also working hard to bring you down. As cybersecurity firm Crowdstrike’s advertisement says: “Yesterday’s antivirus can’t stop today’s cyber attacks.”

Getting hacked will cost a company more than continuously investing in the tech needed to keep security tight. The figures are overwhelming: The average cost of a malware attack on accompany is $2.4 million. Cybersecurity Ventures pegged global ransomware costs at $5 billion in 2017. The bigger the size of your company, the higher the price it would take to recuperate from your losses.

The solution: Always update your security protocols. Be aware that there are hackers who want to steal your data every day, especially if you’re high-profile. Facebook is a top target because of their massive standing in the industry. However, this doesn’t excuse smaller companies to slack off on security.

Lesson #3: Padding features can be your weak link.

Facebook promised other digital companies that users are likely to sign up for their platform if they have a unified login—and this is how Facebook Connect was born. While there is truth to their statement, the added convenience did come with a risk.

Besides the stolen login info, Facebook later admitted that they are unsure if the hackers were able to access other accounts linked to their profile. The Facebook security breach affected all their partner websites and caused alarm for the platforms to take extra security measures.

The solution: Be wary when adding new features that center on convenience. Software updates and added features may expose weak spots in your security system. Gartner notes that misconfigurations account for 75-99% of all breaches, depending on the platform. It’s inevitable to add new features, but you should exercise caution while doing so.

Lesson #4: Having risk management in place can help you recover.

Your company’s next steps after getting attacked matters. Every plan of action is unique to each company, but it’s worth discussing before any hack even takes place.

Facebook was quick to admit the data breach to their users, followed with a statement that the problem has already been fixed. They had the right tools to detect how their system got compromised and logged out all the accounts affected.

Other companies don’t have it so lucky. A famous example is the data breach from Yahoo a few years ago. This severely hurt their image and revenue because the company kept the issue a secret for around two years. People lost trust in them, and the rest is history.

The solution: Prepare for the worst. Know the different types of cybersecurity threats, like compromised credentials, system vulnerabilities, and loss of data, to name a few. Have a contingency plan intact, so your business stays afloat amidst the attack.

Is cybersecurity just a joke?

The short answer is no—but it’s not perfect.

Cybersecurity isn’t foolproof, and unfortunately, it will never be. If anything, the whole Facebook issue is a reminder that it’s incredibly difficult to safeguard so much data—tech giants are vulnerable to attacks too. Hackers are smart and should never be underestimated. However, having multiple lines of defense is much better than having none at all.

Investing in network security is a no-brainer. Don’t question whether or not you need cybersecurity. Instead, assess the degree of protection you need to dodge threats and attacks successfully. Keeping your company and consumer data safe should be one of your top priorities at all times.

Cookie	Duration	Description
__cf_bm	30 minutes	Cloudflare set the cookie to support Cloudflare Bot Management.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
browser_id	5 years	This cookie is used for identifying the visitor browser on re-visit to the website.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
wmc	1 year 1 month 4 days	Workable sets this cookie to assign a unique visitor ID for statistical purposes.

Cookie	Duration	Description
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
scribd_ubtc	10 years	Scribd sets this cookie to gather data on user behaviour across several websites and maximise the relevancy of the advertisements on the website.
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.