By Samantha Wickes, who is a freelance writer specialising in cyber security, technology and business, with over three years’ experience in writing for online publications.
Every year sees the release of new security updates and patches and yet, the threat posed by cyberattacks only seems to increase. Malicious actors are constantly looking for new ways to infiltrate hardware and software by exploiting newly discovered vulnerabilities and creating new malware threats.
Throughout 2017 there were a number of high-profile cyberattacks that demonstrated that businesses large and small need to continually improve their security efforts. Below we’ve listed five of the most significant attacks last year and what we can learn from them.
Despite being one of the largest companies in the world, Uber showed that size is no guarantee against cyberattacks, after revealing that hackers stole personal information relating to 57 million customers and drivers. Although the breach actually took place late in 2016, it wasn’t revealed until November 2017, after the ride-hailing firm paid the hackers $100,000 to delete the stolen data and keep quiet.
Although no hack makes for good publicity, Uber’s reputation took a substantial hit because it refused to inform those affected. The company has now removed its chief security officer, but it remains to be seen if this is enough to restore damaged trust. The lesson here is clear; if a breach does happen, it’s best to come clean.
Ransomware is big business for hackers, forcing companies to pay huge sums if they want to regain access to important files. One of the most high-profile examples last year was WannaCry, which affected more than 200,000 computers in more than 150 countries worldwide.
There are, however, a number of defence measures that businesses can put in place to prevent themselves from becoming victims of the WannaCry attack and other ransomware exploits. Disaster recovery solutions can enable businesses to restore their systems to a point before the attack occurred, for example, helping to mitigate the damage.
There are a huge variety of security protocols that businesses can employ to help with their cyber-defences, so it is surprising when companies neglect some of the most simple. In September 2017, Deloitte revealed that an unknown hacker had gained access to the company’s email accounts due to a lack of two-factor authentication. Although two-factor authentication is relatively simple to implement, many companies choose not to employ it. In fact, a similar breach affecting the UK parliament’s emails also took place last year.
Last year, Equifax taught businesses from all over the world exactly how not to react to a cyberattack. If the fact that personal data relating to 145 million people being stolen was bad enough, the credit bureau’s official Twitter account started directing customers to a fake phishing website following the breach. The incident revealed a slapdash approach to security – which is not what you want from a business that stores your passwords, email addresses and social security numbers.
Cellebrite develops hacking tools for its clients, but found out that its own defences were far from impregnable in January 2017. The company revealed that a hacker stole 900GB of data from an external web server, including basic contact information for a number of users. The breach should remind companies everywhere that any information stored externally, whether in a private or public cloud environment, needs to be safeguarded appropriately.
Edited and prepared by Amy Murphy, Journalism student from DCU.