In 2016, cybersecurity breaches cost businesses nearly $14 billion and exposed an average of 240,000 records per incident. In 2017, the number of breaches is anticipated to rise by 36%. The constant drumbeat of threats and attacks is becoming so mainstream that businesses are expected to invest more than $93 billion in cyber defenses by 2018 (HBR).
Over the course of 2017, cybersecurity has remained a hot topic all over the country, on every news channel, across every vertical. This year proved more than ever that threat actors are becoming more sophisticated and cyber-attacks are being used as more than just hitting organizations for bitcoin. We saw some of the largest incidents in history, gained more clarity into just how bad the Yahoo breach was, and are starting to see foreign governments using cyber-attacks as a method of warfare. Let’s take a look at the biggest hits of the year.
On May 12th, a strain of ransomware called WannaCry spread around the world, walloping hundreds of thousands of targets, including public utilities and large corporations (Wired). The cybersecurity Wanna-cry ransomware attack became as powerful as it did because many users had not updated their systems. However, it didn’t see the payout we’re sure they expected. Wanna-Cry netted less than $130,000 and was uncovered to be a North Korean tactic geared at generating revenue.
When all was said in done, the attack effected systems in over 150 countries. It’s estimate that losses caused by Wanna-Cry could end up costing over $4 billion.
In June, a cyber-risk expert uncovered that a conservative data company had a publicly accessible database containing personal information for 198 million US voters—possibly every American voter going back more than 10 years (Wired). There was no hiding this – it was accessible to anyone that had the link. This was not a hack, but a result of a misconfiguration. Misconfigurations are often the biggest cybersecurity risk across the board.
If you contacted Verizon’s customer service from Feb – July, there is a good chance your records might have been compromised. The security issue, caused by a ‘human error’ is now assumed to impact as many as 14 million customers. The incident stemmed from NICE security measures that were not set up properly. The company made a security setting public, instead of private, on an Amazon S3 storage server — a common technology used by businesses to keep data in the cloud. This means Verizon data stored in the cloud was temporarily visible to anyone who had the public link (CNN Tech).
Remember, human error is responsible for over 80% of all cybersecurity breaches and events.
143,000,000 consumers had personal and sensitive information exposed. Equifax (one of three of major purveyors, marketers, and collectors of all financial data in the U.S.) was hacked. There’s no clear information as to when this actual breach began, but we do know that it was detected on or about July 29th, 2017. There were so many things Equifax did wrong in the hours, days, and weeks following the announcement of the attack. To read our Expert Analysis of the event, please see our article here.
In October, Yahoo announced that over 1,000,000 of their accounts were compromised. Now, we know that that number is actually 3,000,000,000. Yes, that means that ALL of Yahoo’s accounts were affected by a breach that started in 2013 and wasn’t discovered until 2016.
5thColumn has a wide spectrum of both strategic and tactical services, including assessments, aimed at making sure you have the best defense on your side. If you suspect your organization is experiencing a breach, please see our best practices guide for incident response here and get in touch with us right away.
Remember, the best defense is a good offense.