Lessons Learned #1: BlackRock Data Breach

It is a fact that the 4th industrial revolution increased our reliance on the internet and other networked cyber-technologies. Along with massive benefits, this change posed new technological risks or cyber risks. Worse yet, confidential information across all industries is being compromised on a bigger scale now. So data breaches have become an ordinary affair, yet they are complex events. Most organizations have an incident response plan to confront data breaches, but ascertaining the damage done can still be a tough task. We at Swiss Cyber Forum are excited to launch a new content series, Lessons Learned, where we will discuss data breaches in depth. We will also share powerful cyber security lessons and takeaways for businesses on how to prevent data breaches in 2020. Today we will have a deeper look at BlackRock data breach that occurred in January of 2019.


Fact

BlackRock, an American investment management company, provides various asset, financial, and risk management services to customers. The company revealed that it had suffered a data leak. The data showed up in three spreadsheets, linked on one of the New York-based organization’s websites, dedicated to its iShares exchange-traded funds. The exposed information included names, email addresses, and other information.

Lessons Learned #1: BlackRock Data Breach


Issue

BlackRock data breach was not the outcome of a malicious hacker trying to obtain access to information. This time, the breach resulted from human error. Someone at the company unintentionally posted spreadsheets of sales-related data to a public part of the website. This breach brought a critical issue of spreadsheet risk management back into the focus. Flexibility is one of the greatest strengths of spreadsheets, but when mixed with a lack of control, it brings significant risks.


Result

The incident is known to have affected nearly 20.000 of its financial advisers, and also 12.000 members of LPL Financial which is an independent broker-dealer. BlackRock clarified in a statement that there was no security breach and compromise of organisation systems.


Key takeaways for businesses

Human error is an overlooked security problem and is seen as a major contributing factor to cyber breaches. Technology is not the only factor that can promise security for people in the digital world. In order to produce more secure environments, people have to be considered part of the transformational focus. Simply put, solely technical solutions are unlikely to stop security breaches.

Human error includes sending confidential data to incorrect recipients via email, inadvertently sharing company data on public websites, or misconfiguring assets to enable undesirable access. The only way to minimize human mistakes in cyber security is to implement a holistic approach. This strategy should entail not only updating security policies but also training employees and having system monitoring and surveillance techniques in place.

Educating employees is essential for reducing the likelihood of human error. The biggest barrier to training for many organizations is the cost of and time allocated to training. But, if those organizations consider a different perspective, they will see the return on investment for training.

One of the resources you should consider as part of risk mitigation is enrolling your responsible teams in our Cybersecurity Specialist training. Check our Cyber Security Specialist training with Swiss Federal Diploma. The content of this course is designed by globally recognized cyber security academics. If you need more information, download the brochure.


Looking for more insights like this?

Data breaches often result in financial losses, reputational damage, and a loss of consumer trust for the organization. Therefore, it is vital for organizations to remain accountable by preventing them. We know the problem. So, we published our first whitepaper on how can data breaches be prevented. You can download a copy of it free of charge by clicking here. This exclusive material highlights important takeaways for 10 different data breaches that happened in 2019. Overall, it is intended to help organizations manage data breaches efficiently.