Hacked Hall of Fame: Lessons Learned From the Biggest Cyber Breaches of 2016 - XIOLOGIX XIOLOGIX
Security

Hacked Hall of Fame: Lessons Learned From the Biggest Cyber Breaches of 2016

Cyber-Security

2016 brought cybersecurity to the forefront. One can’t turn on the nightly news without hearing about some massive data breach.  Presently, the news is dominated by the alleged Russian hack—which has called into question our democratic process.

The cyber criminals keep upping the ante, with increasingly sophisticated tactics leading to larger spoils. To get an idea of the 2016 threat landscape, check out these stats:

  • In the U.S. nearly 80% of companies suffered a cyber attack in the last year—and more than half experienced a ransomware incident.
  • Over 22 billion records were exposed.
  • In a survey of over 500 companies, with an average of 5,400 employees, 40% were attacked by ransomware. Of those, over a third lost money and 20% had to stop operations.

Ransomware and other hacking schemes affect everyone. Organizations have a responsibility to take measures to ensure that sensitive data is kept safe.

Highlights of Biggest Cyber Attacks

Here are some of the larger cyber attacks of the past year:

  • SWIFT. No surprise that financial institutions are prime targets, and SWIFT, the system banks use to send payment messages, is no exception.  In February, hackers stole $81 million from member, Bangladesh’s Central Bank. The criminals used SWIFT credentials swiped from a bank employee to transfer funds to accounts throughout Asia.
  • Hollywood Presbyterian Medical Center. The hospital’s computer system was infected with ransomware, with criminals demanding 3.6 million in bitcoins.  This attack had real-life ramifications for patients, as computers are used for documenting patient care, transmitting lab work, sharing x-rays, and more. The hospital ponied up $17,000 for a decryption key to restore the systems.
  • Yahoo. In September, Yahoo announced that over 500 million accounts were compromised.  Names, email addresses, telephone numbers, dates of birth, passwords and even answers to security questions were stolen.
  • LinkedIn had 117 million accounts hacked.  Part of the problem was embarrassingly easy passwords to crack, such as 123456 and linkedin.
  • San Francisco Public Railway (MUNI). MUNI’s system was infected with malware, locking kiosks and computers.  Apparently, an IT admin clicked on a link that downloaded the malware files. Hackers claim they have 30GB of stolen data, including information about employees and riders.

Lessons Learned

Cyber breaches won’t magically disappear, but organizations can take steps to protect assets and sensitive information.

  • Ransomware will continue to be a real threat. But simple measures can counteract its effectiveness. While over 40% report paying ransom, 71% address the problem by backing up data.
  • Educate users on avoiding phishing and social engineering scams.  Make sure employees know not to click on suspicious links. A study by Verizon found that 30% of phishing emails were opened and 12% of people tested clicked on the suspect attachment.
  • Make sure everyone is aware of password best practices. 123456 doesn’t cut it.
  • Use a layered security platform that includes firewalls, email security, data encryption, user authentication, Antivirus software and patch management.

Xiologix, offers the expertise and best-in-class technology you need to keep you out of the hacked hall of fame. A Fortinet Cyber Threat Assessment can help determine your organization’s vulnerabilities and biggest threats so you can be prepared in this ever-changing threat landscape. Contact us to learn more.