Cybersecurity2016 Review and2017 Preview

Looking at 2016 and 2017As businesses become more reliant on IT to meet customers’ changing wants and needs, systems get more complex, vulnerabilities arise and data becomes more attractive to hackers.

This slideshow reviews some of the biggest and most newsworthy cybersecurity incidents in 2016, and looks at potential issues for 2017. If there’s one lesson to be learned here, it’s that every organization — large and small — needs to be vigilant against cyberthreats.

Yahoo! (Not Once, But Twice)The once venerable web services company announced in 2016 that it had been hacked twice in the past.

The 2014 hack, announced first, exposed 500 million users. The 2013 hack, announced second, affected one billion Yahoo! accounts, making it the largest breach in history.

More reading: “Yahoo Says One Billion Accounts Were Hacked,” NY Times

LinkedInApproximately 117 million LinkedIn records were stolen in 2012, but the information began appearing online in 2016. Users were prompted in 2012 to change their passwords; those that hadn’t by 2016 had their passwords invalidated.

More reading: “Hackers Selling 117 Million LinkedIn Passwords,” CNN

OracleIn 2016, Oracle’s MICROS point-of-sale (POS) system was breached. The system was used in more than 300,000 POS registers around the world. The size and scope of the breach is still unknown, but experts suspect the hack was carried out by a Russian crime syndicate called the Carbanak Gang.MICROS is used by a wide range of retailers, hotels and restaurants, from Burger King to Gucci.More reading: “Data Breach at Oracle’s MICROS Point-of-Sale Division,” Krebs on Security

DropboxDropbox, the file-storage platform, announced in 2016 that it was hacked in 2012, with 68 million usernames and passwords stolen. The breach is traced back to an employee using the same password for both Dropbox and LinkedIn. (LinkedIn passwords had been compromised previously, allowing hackers to access the employee’s Dropbox work account.) Dropbox responded quickly, resetting many users’ passwords. More reading: “Dropbox Hack Leads to Leaking of 68m User Passwords on the Internet” — Guardian

CiscoBecause of an erroneous security setting on the mobile Cisco careers site, job seekers’ personal information was vulnerable to hacking. This information included names, emails, resumes, phone numbers, usernames, passwords, gender, race and veteran status. There is no indication that this information was accessed by a malicious party, as the vulnerability was discovered by an independent researcher and handled immediately.More reading: “Cisco Job Applicants Warned of Potential Mobile Site Data Leak” — ISN

U.S. Department of JusticeA total of 30,000 records about Department of Homeland Security and FBI employees were stolen. The information included names, titles, phone numbers and email addresses. However, more sensitive information, such as social security numbers, was not compromised.

More reading: “Justice, Homeland Security Probe Hack of DHS, FBI Employee Data” — NBC News

2017 Preview: RansomwareIn 2017, look for incidents of ransomware to increase. Ransomware is software that allows a malicious party to encrypt the data belonging to an individual or organization. The user then must pay a ransom for the decryption key. Organizations risk having their mission-critical operations frozen until the ransom is paid. Several hospitals were attacked with ransomware in 2016.

More reading: ”Beware the Rise of Ransomware” — Norton by Symantec (a security provider)

2017 Preview: IoTThe internet is no longer confined to computers, smartphones and tablets. Many devices now connect to the internet: vehicles, light switches, garage door openers, refrigerators and more. These devices, collectively called the Internet of Things (IoT), are attractive to cybercriminals, who may use them to steal information or conduct a Distributed Denial of Service (DDoS) attack.

More reading: “Why IoT Security Is So Critical” — TechCrunch

2017 Preview: HacktivismBoth government entities and commercial enterprises are at risk for hacktivism. In a report prepared for state and federal legislators, 54 percent worry that they will be breached by hacktivists — people or groups looking to expose sensitive information or deny service through a DDoS attack. Anonymous, a loose network of hacktivists, may be the best known group; it has directed efforts toward companies, government entities, churches and service organizations around the world.More reading: ”Understanding the Cyber Threat,” AT&T and the National Cybersecurity Alliance

2017 Preview: Third PartiesA chain is only as strong as its weakest link! That means it’s no longer enough for an organization to secure its own system — it’s imperative to make sure the third-party vendors that have access to operations and data are properly secured as well. The recent Wendy’s attack was actually coordinated not on Wendy’s itself, but through a malware attack on the fast food chain’s point-of-sale system. Attacks like this are expected to grow in frequency.More reading: “The Challenges of Third-Party Risk Management,” NetworkWorld

2017 Preview: PeopleA recent report says that more than 200,000 cybersecurity positions are currently unfilled in the U.S., and that demand for cybersecurity professionals is growing 3.5 times faster than for IT jobs as a whole, and 12 times faster than for other types of jobs. Companies might not be able to reach their important cybersecurity goals simply because they lack the right people with the right skills.More reading: “Demand to Fill Cybersecurity Jobs Booming,” Peninsula Press