Last year was a year filled with security gaffes, data breaches, and hacks—many of which were felt country and even nationwide. Well-known organizations such as Yahoo, the NSA, and the IRS each had to deal with their own security breaches that found millions of user accounts compromised or exposed to malicious third parties. Everything from login details to personally identifiable information (PII) was released or obtained by hackers in 2016; but the attacks didn’t stop with just looted data.
Larger attacks occurred during Q3 and Q4, seeming to serve only a single purpose: disruption. There were also breaches revealed in 2016 that actually occurred years prior (much to the public’s dismay), which indicates that not only were many of these companies not capable of detecting the breach, but that they also most likely didn’t have any kind of recovery plan in place to handle the aftermath of being compromised.
While ‘blunder’ might seem like a harsh word for victims of a hack, the majority of companies could have done a lot more to mitigate the damage of their respective breaches. A noticeable percentage of the affected groups also didn’t immediately come forward about the hacks, which also constitutes a blunder, albeit a legal and PR related one.
The following summaries highlight five of the most prolific IT blunders to go down in 2016.
In 2016, Yahoo! announced that they’d been hacked. Around 500 million user accounts and their corresponding login details had been exposed by the breach. The problem? The actual attack had occurred in 2014 but the company didn’t discover it until 2016—so they said. Even worse was when they announced that a second attack had occurred—this one dating back to 2013.
Not only did they lose half a billion user accounts to hackers, they either weren’t watching their systems or they knew about the breaches but didn’t go public right away. Both scenarios present their share of problems, from their legal obligation to disclose that a breach had occurred, to having their IT and security fail them so completely.
Dyn is an Internet performance management company that faced a distributed denial of service (DDoS) attack in October of 2016. There were multiple waves of the attack that caused more than twenty services to lag or go down completely, but Dyn was on top of it. They effectively managed the attacks and did a stellar job of keeping the public apprised of their efforts. It was one of the largest attacks of its kind in history, effectively leaving its mark on 2016 as a turning point in cyber terrorism.
Dyn is a good example of a company that had the right plan and reaction to an attack.
Investigators still aren’t sure how Peace obtained so many user details, but there’s speculation that the data obtained was from a breach in 2012. If that’s the case, Tumblr, LinkedIn, and Myspace lacked the protection or steps to address the initial breach and allowed themselves to be targeted once more. It’s likely due to users reusing their old/previous passwords, but the responsibility still belonged to the respective companies to take a more reliable approach to fixing their security issues than simply requesting users to change their passwords.
Even the most prepared groups can become victim to cybercriminals, as was the case with Dyn, but it’s important to take note of how cyberattacks have evolved. We learn from the mistakes and misfortunes of others, but we can also increase our knowledge of security measures by seeing how companies respond to cyberattacks successfully.
The Cost of Dealing with Cyberattacks
Prevention and proactive maintenance are the two tactics best capable of lowering the cost of dealing with fallout from cyberattacks, hacks, and breaches; and at the rate that those costs are climbing, learning how to manage threats is key.
Keeping apprised of the latest breaches gives us a window into how our own security best practices should adapt to meet the new challenges we face in IT security. Start the New Year out on the right foot by working with IT consultants who can keep your computer networks running securely and efficiently.