Cyber attacks: These are two simple words that can send shivers down the spines of business owners, government leaders, and everyday consumers alike. It's hard to believe the scale and breadth that cyber attacks had on the public in 2017. It was a year that nothing seemed safe, and it’s likely that you or someone you loved was touched by one of the cyber crimes
As of Dec. 27, the Identity Theft Resource Center (ITRC) estimated that there were a total of 1,339 known data breaches of at least 174,402,528 records in 2017. In the report, the ITRC defines a data breach as “an incident in which an individual name plus a Social Security number, driver’s license number, medical record or financial record (credit/debit cards included) is potentially put at risk because of exposure.”
Let’s take a look at some of the biggest hacks of 2017 that made cybersecurity news.
In September, the financial information and security of approximately 145 million Americans were put at risk when cybercriminals hacked one of the three largest credit bureaus. The hack, which lasted from mid-May through July, is considered one of the “worst data breaches of all time because of the amount of sensitive information exposed,” and the company waited two months before announcing the attack.
According to CNN, former Equifax CEO Richard Smith said that one unidentified person (who had since been fired) was responsible for the security failure. However, the public still remains in the dark about who is responsible for the hack.
2. U.S. Government
In April, the National Security Agency (NSA) was shaken to its core when it was discovered that its cyber tools were leaked by an anonymous group known only as the Shadow Brokers. It was learned that the hackers were able to easily compromise a variety of Windows servers and operating systems through the use of those stolen virtual tools.
The tools, which were created by the NSA to spy on other countries, were then turned on American citizens and businesses through a variety of methods. Ransomware, a form of malicious software that encrypts users’ data under the threat that the information will be destroyed if not paid in digital currency, shut down millions of people’s computers. Additionally, “U.S. officials had to explain to close allies — and to business leaders in the United States — how cyber weapons developed at Fort Meade in Maryland came to be used against them.”
As if that wasn’t bad enough, the New York Times reports that experts believe more attacks using the stolen NSA tools are still on the horizon.
Spanning more than 150 countries, WannaCry ransomware is one such example of a series of cyber attacks that were made possible by leveraging some of the NSA’s leaked hacker tools. Cybercriminals targeted more than 300,000 private and business computers around the world running outdated Windows software. The ransomware infected the machines and encrypted their data, enabling the hackers to demand payment to avoid data being destroyed.
The impact of the virtual attacks wasn’t just economic; they were felt by businesses and organizations across a wide variety of industries, including auto manufacturers and healthcare providers, ultimately putting lives at risk.
While it was originally unknown who was responsible for the attack, officials from the United States and the United Kingdom announced in December that North Korea was responsible for the attacks.
It’s bad enough when a company has to announce that some of its users’ account information has been stolen. However, it was even worse for Yahoo’s parent company, Verizon, when they announced in October 2017 that the original estimates of how many accounts were compromised in the cyber attack that dated back to August 2013 were wrong. They said that it was actually 3 billion accounts — literally every single user account — that were involved in the attack.
Yahoo said that while the breach exposed the names, email addresses, and passwords of its users, their financial information remained safe.
In November, former Yahoo CEO Marissa Mayer testified to Congress that the security breach was discovered in 2016, when it originally reported the hacking of 1 billion accounts. The company still claims to not know who was ultimately responsible for the attack.
5. Amazon Servers
Several incidents of cyber hacks related to Amazon’s cloud storage services. In June, it was discovered that almost 200 million voter records were revealed online after a third party data firm misconfigured an Amazon storage security setting. It was just one example of a major breach related to the company’s servers due to poor security configurations by third party companies using their services.
The U.S. Department of Defense, Accenture, and Verizon also had data that was made vulnerable on the servers. These lapses in security resulted in sensitive information from the Pentagon, Accenture’s sensitive passwords and data, and the personal information of 6 million Verizon customers being leaked online.
Some good news that results from these data breaches is that has spurred legislative action. In late November, three U.S. senators introduced the Data Security and Breach Notification Act, a bill that, if passed, will require businesses to report any data breaches within 30 days. If they fail to disclose this information, executives could face jail time.
So what can you do to protect yourself and your business from cyber attacks and other cyber crimes? To combat evolving ransomware techniques and malware, the Federal Bureau of Investigation (FBI) recommends that all organizations should focus on two main areas of cyber protection:
- Prevention efforts, both in both in terms of cybersecurity awareness training for employees and robust technical prevention controls, and
- The creation of a solid business continuity and recovery plan in the event of a ransomware attack.
What are your thoughts on these cyber attacks from 2017? Please share your thoughts and insights around cyber attacks in the Comment box below or shoot me an email if you'd like to chat about this in more detail.