In 2016, cybersecurity made headlines — but not good ones. Last year, we learned about the largest ever data breach (Yahoo!), government employment information was made public, and data was compromised on a number of popular platforms and services.
In the following slideshow, we look back at some of the biggest cybersecurity incidents in 2016, and preview some potential threats for 2017.
2. Looking at 2016 and 2017
As businesses become more reliant on IT to meet
customers’ changing wants and needs, systems get more
complex, vulnerabilities arise and data becomes more
attractive to hackers.
This slideshow reviews some of the biggest and most
newsworthy cybersecurity incidents in 2016, and looks at
potential issues for 2017. If there’s one lesson to be
learned here, it’s that every organization — large and
small — needs to be vigilant against cyberthreats.
3. Yahoo! (Not Once, But Twice)
The once venerable web services company announced in
2016 that it had been hacked twice in the past.
The 2014 hack, announced first, exposed 500 million
users. The 2013 hack, announced second, affected one
billion Yahoo! accounts, making it the largest breach in
history.
More reading: “Yahoo Says One Billion Accounts Were Hacked,” NY Times
4. LinkedIn
Approximately 117 million LinkedIn records were stolen in
2012, but the information began appearing online in 2016.
Users were prompted in 2012 to change their passwords;
those that hadn’t by 2016 had their passwords invalidated.
More reading: “Hackers Selling 117 Million LinkedIn Passwords,” CNN
5. Oracle
In 2016, Oracle’s MICROS point-of-sale (POS) system
was breached. The system was used in more than
300,000 POS registers around the world. The size and
scope of the breach is still unknown, but experts suspect
the hack was carried out by a Russian crime syndicate
called the Carbanak Gang.
MICROS is used by a wide range of retailers, hotels and
restaurants, from Burger King to Gucci.
More reading: “Data Breach at Oracle’s MICROS Point-of-Sale Division,” Krebs on Security
6. Dropbox
Dropbox, the file-storage platform, announced in 2016
that it was hacked in 2012, with 68 million usernames and
passwords stolen. The breach is traced back to an
employee using the same password for both Dropbox and
LinkedIn. (LinkedIn passwords had been compromised
previously, allowing hackers to access the employee’s
Dropbox work account.) Dropbox responded quickly,
resetting many users’ passwords.
More reading: “Dropbox Hack Leads to Leaking of 68m User Passwords on the Internet” — Guardian
7. Cisco
Because of an erroneous security setting on the mobile
Cisco careers site, job seekers’ personal information was
vulnerable to hacking. This information included names,
emails, resumes, phone numbers, usernames,
passwords, gender, race and veteran status. There is no
indication that this information was accessed by a
malicious party, as the vulnerability was discovered by an
independent researcher and handled immediately.
More reading: “Cisco Job Applicants Warned of Potential Mobile Site Data Leak” — ISN
8. U.S. Department of Justice
A total of 30,000 records about Department of Homeland
Security and FBI employees were stolen. The information
included names, titles, phone numbers and email
addresses. However, more sensitive information, such as
social security numbers, was not compromised.
More reading: “Justice, Homeland Security Probe Hack of DHS, FBI Employee Data” — NBC News
9. 2017 Preview: Ransomware
In 2017, look for incidents of ransomware to increase.
Ransomware is software that allows a malicious party to
encrypt the data belonging to an individual or
organization. The user then must pay a ransom for the
decryption key. Organizations risk having their mission-
critical operations frozen until the ransom is paid. Several
hospitals were attacked with ransomware in 2016.
More reading: ”Beware the Rise of Ransomware” — Norton by Symantec (a security provider)
10. 2017 Preview: IoT
The internet is no longer confined to computers,
smartphones and tablets. Many devices now connect to
the internet: vehicles, light switches, garage door openers,
refrigerators and more. These devices, collectively called
the Internet of Things (IoT), are attractive to
cybercriminals, who may use them to steal information or
conduct a Distributed Denial of Service (DDoS) attack.
More reading: “Why IoT Security Is So Critical” — TechCrunch
11. 2017 Preview: Hacktivism
Both government entities and commercial enterprises are
at risk for hacktivism. In a report prepared for state and
federal legislators, 54 percent worry that they will be
breached by hacktivists — people or groups looking to
expose sensitive information or deny service through a
DDoS attack. Anonymous, a loose network of hacktivists,
may be the best known group; it has directed efforts
toward companies, government entities, churches and
service organizations around the world.
More reading: ”Understanding the Cyber Threat,” AT&T and the National Cybersecurity Alliance
12. 2017 Preview: Third Parties
A chain is only as strong as its weakest link! That means
it’s no longer enough for an organization to secure its own
system — it’s imperative to make sure the third-party
vendors that have access to operations and data are
properly secured as well. The recent Wendy’s attack was
actually coordinated not on Wendy’s itself, but through a
malware attack on the fast food chain’s point-of-sale
system. Attacks like this are expected to grow in
frequency.
More reading: “The Challenges of Third-Party Risk Management,” NetworkWorld
13. 2017 Preview: People
A recent report says that more than 200,000 cybersecurity
positions are currently unfilled in the U.S., and that
demand for cybersecurity professionals is growing 3.5
times faster than for IT jobs as a whole, and 12 times
faster than for other types of jobs. Companies might not
be able to reach their important cybersecurity goals simply
because they lack the right people with the right skills.
More reading: “Demand to Fill Cybersecurity Jobs Booming,” Peninsula Press