3 - 4 OCTOBER 2018 / EXCEL LONDON
Register Now
IP EXPOCyber SecurityDeveloperAI and AnalyticsIoTBlockchain

A year or two in cyber

Friday 13 July 2018

Another week and chances are another data breach will hit the headlines. In the digital age it can feel like we can’t go two seconds without another big name brand suffering from a data breach or cyber criminals unleashing a new malware strain. Whilst no one wants to fall victim to a data breach or cyber-attack there’s plenty to learn from those who have. We’re taking a look back at some of the most notable cyber security incidents of the last ten years to provide some food for thought.

1.       Wannacry

Arguably the biggest and most notorious ransomware attack in history, in May 2017 Wannacry infected computers in over 150 countries and crippled organisations ranging from the NHS to FedEx, Telefonica and even Boeing. The virus exploited a vulnerability in Windows, which Microsoft had already issued a patch for two months earlier, but may users had failed to deploy before Wannacry hit. The lesson here? Stay on top of patching and install a top notch antivirus system. A number of the worlds biggest antivirus vendors were actively blocking the ransomware from reaching their customers, a testament to how important good cyber security software is.

2.       Equifax

In 2017 credit report company Equifax suffered a data breach of epic proportions, with 146.6 million individuals affected across the globe. Over a period of two months, criminals lifted 146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million address information, 209,000 payment cards (number and expiry date) exposed, 38,000 American drivers' licenses and 3,200 passport details. With so many people affected it’s almost a surprise that the cyber criminals managed to break into the Equifax databases due to something as simple as an unpatched version of Apache Struts. Yet another lesson for everyone on the importance of patching!  

3.       US Homeland Security

Data breaches aren’t always the work of external agents. In January 2018 US Homeland Security revealed that it had discovered a “privacy incident” just short of a year earlier as part of an ongoing criminal investigation. That privacy incident was a former employee who had made an unauthorised transfer of personally identifiable information for 246,167 federal government staff and an undefined number of individuals who were under investigation by the department. This incident is certainly proof that even in some of the most secure organisations, employees can be just as much of a risk as external threats.

4.       Cambridge Analytica

It’s not just traditional bad actors which are compromising sensitive information about customers either. In early 2018 Facebook and Cambridge Analytics were in the firing line after it was revealed the later had been syphoning data from Facebook without user consent which was then used to influence voters in both the US elections and the Brexit vote. In light of this incident, many people will have no doubt become more sceptical of what they do and don’t choose to share with brands. It will certainly be interesting to see how technology adapts to provide more digital security for individuals impacted by this incident.  

5.       US Homeland Security

Proving that data breaches have the potential to be of an individual’s own making, in December 2017 the UK’s data privacy regulator had to warn MPs against sharing passwords for their work computers. Whilst no data was known to be compromised, with such a lackadaisical approach to sharing passwords the MPs doing this are clearly leaving themselves open to potential incidents in the future. With many MPs starting the need for people to respond to emails as the reason for sharing passwords, they clearly need to learn about email delegation, and maybe adopt a password manager if they are having to rely on colleagues to remember their password for them. 

Make sure you're up to speed on the latest in cyber security tools techniques and best practice by registering free for IP EXPO Europe, co-located at Digital Transformation EXPO now. 

Top