Five things we’ve learned from 2015’s biggest security breaches

In Information Security ByTeam Acumin / 3rd February 2016

Last year played host to some of the most outrageous and extreme security breaches we’ve seen since the internet became available to the masses. Huge scandals like the hackings of Ashley Madison and Talk Talk clued the world in to the fact that most of the information we put online can be accessed unethically if we are not careful. What’s more, the companies we entrust with our most personal data do not always do enough to ensure that it is kept securely out of harm’s way from those individuals with less than altruistic motives.

Although many of the biggest security breaches that took place last year caused problems for a considerable number of people, if we can take one positive from them it would be that they gave a glimpse into the world of online security to a wide audience, and taught people who were previously unaware a few things about the nature of the beast that we would be mindful to pay attention to in 2016 and beyond.

With that in mind, here are five things we’ve learned, or at least had reinforced, from the events of last year:

1. Security is not enough

Although it’s important to put as many security measure in place as possible, as these will help to fight off even the most sophisticated hackers and make it much more difficult for them to access our important data, it is never going to be enough on its own.

Sadly, it’s a fact that there isn’t a piece of software or hardware that is not vulnerable to hacks. With this being the case, it’s important that everyone, especially large corporations, puts warning systems in place. These will alert them to the fact that a hacker has gained access to a system the second they do so.

One promising piece of software that aims to do just that is Darktrace, which uses algorithms to detect anomalies and profile behavior patterns so that it can instantly spot and alert a breach.

2. Companies do not always handle data the way we would like them to

When the Ashley Madison scandal broke and the details of up to 60 million of the dating site’s personal details were made public, it caused distress and discomfort in countless ways. Aside from the fact that many prominent married people who were using the site had been outed, perhaps even more alarming was the fact that the company had held on to the details of people who had long since cancelled their subscriptions. This meant that they were still vulnerable to data breaches even though they had been forced to pay to have their details removed from the system.

What this shows us is that we should all be much more careful about who we do and do not give our personal details to online. It should also serve as a warning to those corporations that hoard their customers’ data and do not go through the correct deletion procedures when asked to do so.

3. Many companies are not encrypting our data

This is such as simple one that we should really assume that all companies are doing it, but thanks to information on security breaches of companies like VTech, we learned that many large corporations are still not encrypting our data and passwords, nor are they using SSL.

This was particularly shocking in the case of VTech, because the company is known for producing tablet computers for children. As a result, the unencrypted data of around 6.4 million children was made available.

Hopefully, this and other similar stories will prompt companies to do more to ensure that they use proper encryption methods in the future.

4. Customer data is the biggest motivator of cyber hacks

From the hacking of Talk Talk to the breaches of Vodafone and HSBC, it has become abundantly clear that the main reason why hackers and cyber criminals carry out attacks on large corporations is that they wish to get their hands on as much customer data as possible.

Of course, there are other reasons for attacking a company, such as a moral or political beef, but by and large, accessing our sensitive data is front and centre in their minds.

There are a couple of reasons why this is the case: firstly, by seizing customer data, hackers can often gain access to enough information to carry out identify fraud, or work a number of scams on those affected, to their personal gain.

Secondly, this data can be used to blackmail the companies it was extracted from, as we saw in the Talk Talk case amongst others, where hackers demanded a ransom from the company for the safe return of breached data.

5. Two-factor authentication is vital

A final key point we learned from the likes of the breach at Anthem, where the sensitive security details of more than 80 million people were stolen, is the importance of two-factor authentication.

In this particular case, if two-factor authentication had been in place, then hackers would have needed access to a physical token or an administrator’s device to complete their security breach. This would probably have been enough to stop them in their tracks and prevent a devastating security breach from happening.

As you read the above, it no doubt came to your attention that the main reason so many high-profile security breaches are taking place is simply because companies are not doing enough to keep our data safe.

Many of the biggest corporations are operating systems that have so many security holes that they are rich pickings for even the most mundane hackers, and this means that we, as individuals, are very limited in what we can do to stop further incidences, although we should not be complacent in taking whatever security measures we can.

Perhaps the best thing we can do is put more pressure on the companies we use to up their game, employ the best cyber security people possible and take greater care with the precious data they hold.