A Look Back at 2015’s Data Security and What 2016 Will Bring
One of the worst things that can happen to anyone is to have your privacy defined, especially when you are completely unaware that you have already become a victim of data security breach.
Data security breach can cause serious troubles and you must be aware that you can be a victim of such inconvenience anytime!
It can happen and catch you unprepared. It can be disconcerting, eminently if you have information you don’t want anyone to see, let alone have access to. It can also be troublesome if anyone now have access to certain information you know can be used to exploit. You may go offensive to stop the breach, or hope it’ll just go away. But one thing’s for certain, once it happens to you, you can never go back — but don’t put up without a fight.
Did you know that In 2014 alone, more than one billion personal records involving health, financial, email and home address data, and other personal information were illegally accessed? Those statistics revealed an increase of more than 54% as compared with the data security breaches that occurred in 2013.
As the year ends and 2016 inches closer, take a look back at some of the most outrageous data breaches that occurred this year and find out how companies cope up with such infiltration.
Top 10 of the Biggest Data Breaches of 2015
#1. Kaspersky Lab
Duqu 2.0, is not the usual type of cyber attack and this is the kind of infiltration that Kapersky Lab dealt with in June. Infiltration in several of its internal systems was believed to be the unusual type of data breach and appeared to be a nation-state-sponsored attack. The Kaspersky Lab breach involved events and venues with links to world power meetings, including negotiations for an Iran nuclear deal!
The Moscow-based security vendor noted that the data breaches that occurred because of the attack included information on the company’s newest technologies, such as Kaspersky’s Secure Operating System, Kaspersky Fraud Prevention, Kaspersky Security Network, and Anti-APT solutions and services.
#2. Multi-Bank Cyberheist
The activities of a billion-dollar bank cyberheist were first detected on December 2013. It affected about 100 banks worldwide.The data breach resulted in the infiltration of the banks’ networks through a range of tactics such as phishing and unwarranted access to key resources, including employee account credentials and privileges. Those credentials were used to make fraudulent transfers, which made hijacked ATM machines appear legitimate. This breach resulted to $1 billion into the pockets of cyber criminals.
#3. Harvard University
One of the targets of data breaches for 2015 are educational institutions, and Harvard University was not spared from the attacks. In July Harvard University dealt with the data breach. The cyber crime that occurred put the University among the victims of other education breaches in 2015. In total, the infiltration affected eight schools and administrative offices.
#4. Ashley Madison
The infamous site “Ashley Madison”, which promotes extra-marital affairs, was hacked last July by a group called ‘The Impact Team’. The said team have claimed that they have all of the sites users’ information and will release them unless Ashley Madison’s parent site, Avid Life Media, shuts down Ashley Madison. When ALM didn’t give in to the group’s request, the latter released all the information they have in parts; including personal and credit card information. Millions of users’ data have been released to public since August. The site is currently facing millions of dollars in the lawsuit against Avid Life Media for the incident as the site promised that users can delete their account if they pay, but it obviously was a fraud since their supposed deleted account was published.
In October, Scottrade, a retail brokerage firm confirmed that there has been an illegal access in their network. Apparently, hackers stole millions of the firm’s customers’ contact details which was obviously used for scam purposes. A month after, it was discovered that the four men alleged to have hacked JP Morgan and Chase are the ones behind the Scottrade infiltration.
#6. Army National Guard
Over 850,000 Army National Guard members’ information was compromised, including Social Security System and personal information, when a contract employee mishandled the transfer of the aforementioned information to a non-accredited data center.
UK telecoms, TalkTalk, became a victim of hacking last October. It was reported that over 157,000 of its subscribers were affected by the attack on the company’s website. Over 20,000 of their subscribers’ data, including bank account information, were compromised. In earlier reports, TalkTalk CEO, Baroness Dido, didn’t know the scale of the attack, which caused its customers to panic, and even annul their subscription, out of fear to become a victim. Shockingly, the incident was actually the second time for the year — third according to some reports. An undisclosed hacking took place earlier this year, although the company hasn’t given any details about it.
US’ cellular-giant, T-Mobile became the hacking group, Experian’s, latest victim as its credit agency falls to their tactics. The breach took place last September which affected 15 million of T-Mobile’s customers — compromising their data, including personal information, social security numbers, bank account information, and even passport information was believed to be taken. Encrypted Social Security numbers were reported to be compromised by the company but they weren’t clear about it — just giving their customers a heads up.
The world’s biggest provider of cordless phones and known for its educational products, VTech, became the talk of town when its system had an unauthorized access to over 4.8 million records and its database, including personal information of almost 200,000 kids. It’s considered as one of the most controversial breaches of the year as the attack targeted kids, which was very unusual compared to other data breach victims.
US government agency, Internal Revenue Service, experienced data breach in May of this year. When it was first disclosed to the public, only 100,000 taxpayers were identified as victims, but in recent reports, it went up to almost 350,000. According to the agency, the hackers had access to taxpayer’s’ personal information, social security system, and other data which were used to access taxpayer’s previous returns and file fraudulent tax returns. Over $50 million of tax refunds were stolen due to the breach.
2015 Data Security Innovations
#1 Intel Security
Computer security software company-giant, Intel Security, launched its newest product, the MCAFEE Public Cloud Server Security Suite, which helps manage security policies for public cloud, such as, Amazon Web Service and Microsoft Azure to name a few. The company also introduced new updates and developments to its security solutions in data protection, cloud security, threat management, and other security services. Moreover updated some of its software’s like Next Generation Firewall, Enterprise Security Manager, and Data Exchange Layer, which the company claims that will help increase visibility and threat protection capabilities. Intel also worked with communications technology and services provider, Ericsson, to manage its security services.
#2 Easy Solution Total Fraud Protection
Online security provide, Easy Solutions, made public the Total Fraud Protection solution that provides threat detection and management across all devices, clouds and channel in a single pane of glass view. It makes an anomalous transaction and fraud be detected even before it happens. It’s mainly built for anti-fraud purposes and helps intercept any forms of such attacks.
#3 Cloud Security Alliance
Known for its contribution for cloud computing, Cloud Security Alliance, in partnership with IC2, introduced new guidelines regarding the Internet of Things, or IoT, regarding advanced security skills for cloud computing. According to the alliance, the guidelines were created to set the standard for design, implementation, and management of the cloud. Moreover, they released what can be considered as the most powerful program for security assurance in the cloud, the CSA Star Watch — an open beta tool that helps with rigorous training, harmonizing the standards and manage security assessment for the cloud that uses Cloud Control Matrix (CCM) and Consensus Assessments Initiative Questionnaire.
#4 EMC Syncplicity
US-based company, EMC Corporation, released its newest feature, Customer Managed Keys, that lets enterprises store encryption keys for their shared data on rights-management server in their own enterprise. It gives them the option to either store rights management keys in the cloud or Syncplicity data centers. The Customer Managed Keys makes it easier to access enterprise data and share it across devices. Also, the cloud services encrypts the data they store.
#5 Ghangor Cloud
Released earlier this year, Ghanghor Cloud provides a new generation of information security, risk, and compliance based on engine and security algorithms to aid in real-time analyzation of large data. It comes along with the Information Security Enforcer that can help identify policy and GRC enforcement, automated data identification and classification, and role authorization. It’s built around preventing data leaks and enforcing information security.
Fearless Forecast: 2016’s Top Cyber Security Trends
Here are some of the trends to look forward to in terms of data and cyber security
#1 Internet of Things
Internet of Things (hereinafter be referred to as IoT) is any things or objects connected to the internet and other devices, which allows them to send and receive data. It can be a good thing since everything can be connected and communicated which make things run efficiently, but, as mentioned by Splunk’s Senior Vice President, Haiyan Song, IoT will be a significant threat as the system becomes more and more vulnerable and easier to infiltrate since all data and information can be accessed in the cyberspace.
The thing with our system today, everything is in the cyberspace, but putting all your eggs in just one basket puts you at high-risk since everything about you can be accessed even without your consent. According to Seculert CEO, Richard Greene, Wi-fi is now the starting point of hackers to access accounts and systems, personal or corporations. So even simply connecting to wi-fi gives hackers and crime groups access to your accounts.
Hackers basically infiltrate any system that people accesses which makes IoT really destructive. For example, if any of your appliance is connected to a network, or say your car, and hackers were able to infiltrate the system running your car or appliance, it can do you so much harm and you never know what they can do with such a power over you.
But proliferation isn’t the answer either. As mentioned by Haiyan, it will cause more disruption and physical damage as compared to hardware and software disruption. IoT will definitely bolster as it has proven itself playing hardball, but its expansion comes with caches that need to be considered as well, to protect its value and the people who uses and depends on it.
#2 Rise of Hacktivists
Hackers, or Hacktivist as popularly known, are not a new phenomenon. In fact, it has existed for a very long time now, and continues to pest the cyberspace. But recently, the rise of hacking groups coming together for an issue becomes more apparent, rather than what usual hackers go after. ‘Anonymous’, for example, are hacktivists going after groups wreaking havoc in our society, namely ISIS. As said by Richard Greene, they don’t infiltrate systems to gain money and power, but rather, for a particular cause. There are other hacktivists that targets government-sites to prove a point to the government and have them see what they’re fighting for.
The rise of hacktivists is inevitable because they are well-equipped with sophisticated tools and models, even companies don’t have access to; well-protected by some of the world’s powerful people; and have the luxury of time focusing on coming up with strategies that are hard to identify.
According to Sisense CEO, Amir Orad, companies will start creating a ‘fake’ site that appears exactly as the original site to lure infiltrators and protect the real site. In this way, they have a chance of catching the attacker and see his actual process of hacking.
#4 Cloud System
Cloud computing is a relatively new model, gaining favors from almost every company as it offers convenience since you can access and information in the cloud anywhere you want, and not just in a particular place. And having that easy access to it certainly makes everything in it at risk and prone to unwarranted access.
But don’t fret because Senior VP and Global Head for Cloud, Infrastructure Services and Security of Infosys, Samson David, predicts that cloud security will have a much simpler system that will have security processes to help map the current IT system. A lighter, scalable cloud security solutions will be introduced. There will also be a trend in encrypted data backup and agentless cloud-based replication, and companies will now gravitate towards automated tiered solutions and data de-duplication to avert heterogeneity of technology. Here’s hoping for a more secured cloud, because almost everyone uses it and it would be a shame if such a good on an ingenuity be put to waste.
#5 Prediction over Prevention
In 2016, Richard Greene presumes that companies and organization will soon realize that predicting the next move of hacktivists and crime groups would definitely help instead of finding ways way to prevent them. Anticipating when the attack will take place, and how it would be, can help knowing the right way to strike. CTO and co-founder of Safe beach, Itzi Kotler claims that, companies and organizations must think like a hacker to better understand the motivation behind the hacking, and better avert any harm that they inflict when hacking. There will also be a rise of companies and organizations also doing the tactics of hackers and crime groups to beat them at their own game. As they say, a good offense is a the best defense.
Malware will continue to flourish and be resilient as ever, as hackers now have so many ways of using them to penetrate cyberspace without us noticing. According to Gadellnet.com, there are certain kinds of malware that hackers commonly utilize. First, Malvertising. It uses advertising network to spread malware and viruses, so you won’t know which can have it. Mobile Malware is also another form wherein hackers access personal information when you log-in to your apps, that’s why updating your apps can be helpful. Another would be data destruction wherein the intent is to destroy any information in the cyberspace which can be catastrophic to any parties affected. These are just some of the many forms of Malware existing, and some of these we’ll definitely see in the future — and can be more detrimental than they are now.
Author Bio – INOC is a US-based Network Operations Center company that is expertly trained to manage incidents and mentored via continuous review to become skilled experts in the business. INOC’s platform securely and seamlessly connects to your infrastructure, providing the most advanced event detection and efficient workflow management. INOC’s network, server and application monitoring services provide detailed metrics and visibility, allowing our NOC team to react quickly and troubleshoot effectively