2016 saw many notorious data breaches, along with developments in malware and other threats to security. It’s always helpful to reflect on these developments so that the knowledge can be used in the future to aid in developing new strategies for taking on the latest threats. How will your business learn from the mistakes of others in 2017?
Let’s take a look back at some of the major revelations from this past year.
The Internet of Things is Vulnerable
Thousands of devices are infected with malware, which can lead them to form a massive botnet, hackers are then able to utilize this infected swarm to cause havoc. The Mirai botnet, which targets Internet of Things devices, infects smart devices and uses them for various purposes. One of the most notorious recent attacks was on the DNS provider Dyn, which resulted in issues with domain name resolution for several hours last year. Major websites were unable to function properly, and it’s safe to say that the IoT will be yet another major mode of attack for hackers in 2017. Whether or not device manufacturers will continue to see security as an afterthought has yet to be seen.
Ransomware is Becoming More Powerful
2016 certainly had no shortage of ransomware attacks, with many new types of ransomware cropping up practically overnight. The scariest part of this development is that these ransomware attacks seem to be improving in both sophistication and threat level. Take, for example, the Petya ransomware, which encrypts not only the victim’s files, but also their master boot record. Ransomware as a Service offerings also appeared, allowing even more people of varying skill levels to execute these attacks. Nobody is safe; businesses, private users, and even hospitals all have crosshairs fixed to themselves. This means that businesses need to take extra precaution when dealing with spam emails, with the ideal solution being to prevent them altogether.
Governments Can Be Hacked
Two major hacks on the United States showed the world that even large government agencies can be hacked. One of the attacks resulted in a breach at the Internal Revenue Service, while the other had to do with the Democratic National Committee. Over 101,000 PINs were swiped via an e-file PIN reset function, and the data from the DNC breach, perhaps inevitably, wound up on Wikileaks. There were also attacks on voting systems in Illinois and Arizona.
The lesson learned: the United States government isn’t prepared to deal with cyber warfare, and if a government can be hit by hacking attacks, so can your business.
Yahoo’s User Accounts
Yahoo experienced not just one data breach, but two, with the second only coming to light a few months ago. The first data breach, which happened in 2014 and reported in 2016, exposed more than 500 million user accounts. In December 2016, Yahoo announced that it had been hacked in a separate incident in August 2013. That’s three years between the attack and informing users that their accounts have been compromised. This gives Yahoo the “honor” of being the source of the largest hack of user data ever.