SmileDirect Becomes Latest Victim in String of Cyberattacks
Cybersecurity News
SmileDirectClub, a celebrated tele-dentistry company, just lost over 15% of their market value in under 15 minutes. The cause? A cyber security breach from two weeks ago.
Background
With a global shift to virtual services over the last year, SmileDirectClub was set to expand at a rapid clip. Their business provides virtual dental care-through home kits, 3D scans, and Zoom appointments-so that everyone can access the latest healthcare without ever leaving the comfort (and safety) of their home. And, over the last 12 months, business has been booming.
The Attack
On May 3rd, the company filed a disclosure with the SEC stating that they'd been victim to a cyberattack. While the company claims that it "is not aware of any data loss from, or other loss of assets as a result of the incident, including any exposure of customer or team member information," they cautioned that the incident has caused and will continue to cause significant disruptions to their operations.
Since disclosures of this sort try to portray an optimistic outlook, the fact that SmileDirectClub paints such a grim picture speaks to the level of damage that was done. In particular, the breach seems to have compromised wide swaths of the company, including "treatment planning, manufacturing operations, and product delivery," indicating that it's not an isolated or quarantined event.
In terms of the attack itself, SmileDirectClub did not go into too much detail, but stated that "no ransom was paid," suggesting that it was in fact a ransomware attack. In the coming days and weeks, we expect more details to emerge on the specific attack vector, timeline, and ongoing mitigation efforts.
The Fallout
On the morning following the release, SmileDirectClub's stock tanked over 15% in less than 15 minutes. To put that in real terms, due to this single event, the company lost around half a billion dollars. So far.
On top of that, mitigation and recovery efforts are expected to cost between 10 and 15 million dollars.
The Takeaway
The return on your company's cybersecurity costs cannot only be measured in terms of what problems you've fixed. Usually, the more important value will lie in what problems you've helped prevent. And, since malicious cyber incidents tend to inflict a particularly high degree of damage, preemptive investments in an effective cybersecurity strategy can provide an extremely high ROI.
Previously, criminals would need to physically break into your company headquarters in order to inflict any significant harm. And even when they're successful, there's only so much damage that can be physically done in one location, at one time. Fast forward to the current situation, and hackers can hold entire companies hostage from anywhere in the world with very little chance of being apprehended or brought to justice. It's little surprise, then, that cyberattacks can be 10 to 100 times more damaging than any physical breach ever could.
Here are some helpful articles on how to plan, develop, and evaluate your own organization's cybersecurity program so that you'll not only be prepared when things go wrong, but will also have the proactive measures in place to make sure that things keep going right.
Cybersecurity in the Boardroom: Key strategies on how to keep board members on board.
The True Cost of a Cybersecurity Attack: A breakdown of the latest research data.
Top Five Challenges Facing CISOs in 2021: Review and prepare for emerging trends, technologies, and threats.
What is Attack Surface Management?: Expanding your defenses across multiple fronts.
About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.