Worldwide, there were several hundred cyberattacks and breaches this year. Sadly, most analysts predict that the attacks will continue throughout 2018 and beyond.
Here is a month-by-month analysis of the ones you heard about (and possibly the ones you have not), what analysts are forecasting for the future and what your organization can do today to better protect yourself from an attack.
2017 Minor and Major Cyberattacks
January: Cellebrite, an Israeli firm that markets smartphone hacking tools, had 900 gigabytes of data stolen by a hacker. Ironic, isn’t it?
February: A group of hacktivists called Anonymous, hacked into the Freedom Hosting II Dark Web, taking a fifth of the .onion websites is down.
March: WikiLeaks published thousands of documents revealing top CIA hacking secrets, including the agency’s ability to break into iPhones, Android phones, smart TVs, and Microsoft, Mac and Linux operating systems, dubbed the first release as Vault 7, a covert global hacking operation being run by the US Central Intelligence Agency (CIA).
April: HipChat, a team communication platform, was hacked and the hacker made off with a significant amount of data. According to a security notice published on the HipChat blog, the attacker was able to access user-account information, including names, email addresses, and hashed passwords.
May: WannaCry brought computer systems from Russia to China to the UK and the US to their knees, locking people out of their data and demanding they pay a ransom or lose everything. More than 230,000 computers in 150 countries were affected, with victims that included hospitals, banks, telecommunications companies and warehouses.
June: Petya, the malicious software spread through large organizations, caused PCs and data alike to be locked up and held for ransom.
July: Hackers who breached a Kansas Department of Commerce data system used by multiple states gained access to more than 5.5 million Social Security Numbers and put the agency on the hook to pay for credit monitoring services for all victims.
August: The HBO hacking scandal started as a few leaked Game of Thrones episodes. Then, the FBI got involved and it turned out the cyberattack compromised around 1.5 terabytes of data.
September: Equifax was struck by a cyberattack that affected more than 143 million U.S. customers of the credit reporting agency, shedding light on one of the largest and most intrusive breaches in history. Intruders accessed names, Social Security Numbers, birth dates, addresses and driver’s license numbers.
October: Yahoo revealed every single account on its system at the time of the 2013 data breach was affected in the cyberattack. The company said new intelligence suggested as many as 3 billion accounts were compromised in the attack, which was first revealed last December. Yahoo had previously admitted around 1 billion accounts were affected.
November: Uber covered up a cyberattack that happened last year that exposed data of 57 million riders and drivers. Former CEO Travis Kalanick knew of the hack, and former CSO Joe Sullivan helped conceal it.
December: Hackers recently invaded the safety system of a critical infrastructure facility in a watershed attack that halted plant operations, marking the first report of a safety system breach at an industrial plant by hackers, who have in recent years placed increasing attention on breaking into utilities, factories and other types of critical infrastructure.
Scared Yet? More is to Come
Here are some interesting research statistics from various think tanks:
- Online cyber attacks are expected to reach 6 billion people by 2022, which means 77% of the world’s population will experience hacking in one shape or form.
- Cybercrimes will cost the world $6 trillion by 2021, double what it cost in 2016.
- Ransomware attacks on healthcare organizations will quadruple by 2020.
- In 2016, more than 50% of all cyberattacks were against small businesses.
How Your Business Can Protect Itself
While there is no guarantee that your organization will avert a cyberattack, there are 8 basic, common sense things you can do today:
- Conduct training that makes cybersecurity every employee’s business. Make sure it is engrained in the daily lives of everyone, from the CEO to the junior accountant.
- Be sure to apply all software patches and updates in a timely manner. This includes updates on any BYOD devices, in particular, smartphones.
- Migrate old software applications to newer platforms.
- Be sure to have the latest operating system version and updates on all your devices.
- Go to the highest level of encryption available for your organization.
- Strictly enforce cybersecurity policies.
- Disclose any cyberattack and data breaches as they occur. Hiding or delaying the news, will have a real impact on your brand promise.
- Hire an outside firm to test, audit and monitor your network and data.
As You Move into the New Year, Think of Shellproof Security
ShellProof Security strives to bring to enterprise-grade cybersecurity to small and mid-sized businesses. We know that a single breach of your data can be enough to put you out of business, which is why we will provide you with the resources and procedures to adequately protect against the toughest cyber foes. Give us a call at 212-887-1600 to learn more!