On January 19, 2017, the Identity Theft Resource Center (ITRC) released the final tally of data breaches in 2016. “The number of U.S. data breaches tracked in 2016 hit an all-time record high of 1,093” according to the ITRC. This massive jump in cyber-attacks of all kinds in 2016 translates to a 40 percent increase over 2015’s already high number of 780 data breaches.
It seems that no level of data protection for some companies—and no matter how diligent the IT team—is enough to deter cyber-criminals from trying to sneak their way into systems belong to everyone from small business owners to multi-national corporations.
Data Breaches in 2016 Only Got Bigger and More Complex
CRN’s year-end data breach wrap-up reported that not only did things not improve in 2016, in terms of slowing down massive data breaches, but data breaches were even worse and more massive than the large-scale intrusions in 2015.
Hackers seem to up their cyber-crime game each year—striking out at increasingly unique and challenging targets via ever-evolving methods—to match IT leaders’ efforts to hold them at bay.
The Top 5 Data Breaches of 2016
As your IT team members steel themselves to prepare to face the challenges ahead in 2017, it may help to review some of the top 5 data breaches of 2016. When reviewing the various types and sizes of intrusions, you may note trends and clues to help your IT team protect your organization’s system. These cases, as well as their respective circumstances and resolutions, may help your organization avoid experiencing similar data breaches, along with the fallout that frequently accompanies cyber-attacks.
1. The Democratic National Committee (DNC) Hacking
This past election year was filled with overlapping political and technical complications, which ultimately filtered—in both the tech and colloquial sense—into the mainstream population and consciousness. People of the United States and the world, who otherwise might have completely ignored the year in data breaches, became acutely aware of the election year cyber-intrusion that caused a domino effect of unprecedented results and consequences. Launched by a notorious hacker called Guccifer 2.0, this hacking resulted in the resignation of the DNC Chair Debbie Wasserman Schultz. Pundits also continue to speculate that this hack was, at least in part, responsible for the loss of the presidential win for Hillary Clinton. If nothing else, this world stage level data breach helped shed light on top-level security risks and vulnerabilities, underlining the importance of protecting servers.
2. Yahoo’s Double Dose of Data Breaches
As if one massive data breach within a year was not enough, Yahoo encountered two data breaches during the second half of the year. The first breach occurred in September and was described as “the biggest data breach in history,” according to We Live Security. The search engine and email provider, founded in 1995, had to admit that more than 500 million customers’ data—including names, email addresses, telephone numbers, and hashed passwords—might have been compromised. Worse still, it seems that the hacking began in 2014 and was only discovered last year. And again, worse still, Yahoo announced in December that, in an unrelated cyber-attack, an additional 1 billion customers’ data has been compromised. It is important to note that Yahoo did not discover the second hacking on its own, only learning of the incident from a federal law enforcement agency. This case reveals how critical your IT team’s constant cyber-vigilance is in keeping your customers’ confidential data secure at all times.
3. 21st Century Oncology
The healthcare industry remains a prime target of modern hackers. This Fort Myers-based clinic that offers cancer care services released a statement via their website in March 2016, announcing that 2.2 million patients’ confidential data might have been compromised during a cyber-attack that began in October 2015. Although the clinic’s IT department discovered the data breach in November 2015, the FBI requested that they did not make an announcement during their ongoing investigation.
This do-it-yourself website creation platform encountered a data breach in February 2016—but only discovered in October 2016—that had the potential to affect 43 million users. The website building company notified users that their user names, passwords, email addresses, and IP addresses were compromised, but they Weebly’s IT team does not believe any financial information was compromised since they do not store credit card information on their servers. Weebly’s use of bcrypt hashing also prevented hackers from logging into users’ websites.
5. OurMine Ascendancy
The Increasing Attacks on Social Media Platforms and Users, Interactive Game Applications and Popular Websites. This particular hacking shows that any idea of immunity from hacking is an illusion. If Facebook CEO Mark Zuckerberg, Twitter’s Jack Dorsey, and Google’s Sundar Pichai are vulnerable to determined hackers, everyone else certainly is. Other targets of OurMine—flowing across their various platform targets—have included Pokémon Go, Buzzfeed, and Variety.
Additional data breaches that happened in 2016 worth noting include a large uptick in ransomware attacks, the infiltration of unpatched systems and organizations with shoddy security, and the creation of backdoors in operating systems that tricked users into downloading malicious versions of software. All the various types of data breaches show that hackers continually seek, find, and attempt new ways to undermine your efforts.
Information, vigilance, and diligence are your IT team’s best defenses against creative hackers.
The Outlook for Data Breaches in 2017
CRN further noted in its late 2016 article that, “as 2016 comes to a close, all signs point toward another year of data breaches and security threats, with emerging threat vectors around IoT and other points of entry.” While this news does not bode well for kicking back and enjoying peace of mind at work, it simply means that your IT team needs to keep fighting the good fight. Staying aware of the increasingly creative and damaging data security risks is the key to protecting your own system.
Enlist the Help of Database Security Experts Who Continually Monitor Risks and Threats
At I.S. Partners, LLC., our database security team can help you create an information security policy that serves as a practical and philosophical guide toward implementing and enforcing your company’s information security goals to keep your computing environment protected. We can also help iron out the wrinkles in your existing policy and come up with rules of expected observation and behavior for users, managers, system administrators, and security personnel to quickly detect issues and respond accordingly.
Whatever your database security goals are for your organization, we can help. Give us a call at 215-675-1400 or send us a message to let us know what you need and when you would like to discuss how we can help you achieve your goals to steer clear of data breaches.