2015 was a bad year for data security. With massive attacks on industry giants like Target, Anthem, and bitcoin, security experts were forced to reevaluate their vulnerabilities and respond to quickly evolving hackers. However, for all of the money lost and reputations tarnished in 2015, there were many lessons learned. Here are some of the top lessons from the year’s worst hacks.
Cyber attacks affect the real world.
These attacks are no longer about social security numbers and credit card information. With hackers targeting pharmaceutical companies, hospitals, and health care organizations, these attacks have the very real possibility of physically harming their victims. Data breaches can disrupt critical care systems, interrupt the production of vital medications, and otherwise impact humans on an individual level.
Additionally, these industries may be targeted for the wealth of sensitive information they have on their clients. Given that health care providers and hospitals don’t often invest in high level security or are using legacy systems, they can be particularly vulnerable to attack.
Hackers are looking for high-value targets.
Some of the worst breaches of 2015 affected large financial institutions like those targeted by the Carbanak crime ring. Attackers have ramped up their interests from “petty theft” to heist-style operations that can cost billions of dollars. Attackers may send emails posing as financial executives, or they may be an insider abusing their access to sensitive information.
Social engineering is on the rise.
Attackers are capitalizing on human error through enhanced focus on social engineering. If employees haven’t been briefed on security sensitivity, they’re more likely to fall victim to fraudulent emails that can provide a way in for malicious hackers. We saw this happen with the U.S. Office of Personnel Management in 2015, and we’ll likely see it happen on a larger scale in the years to come.
Attacks are often long-term.
Gone are the days of quick in-and-out attacks. Many attackers find a way in and plant malware that can provide them with sensitive data for months on end. If companies don’t have the infrastructure in place to detect these breaches, these targeted attacks may go on indefinitely.
Apps can be used to target iOS users.
For years, Apple devices have proven to be resistant to attacks, but that changed in 2015. With the uncovering of XcodeGhost, it seems that iOS apps are now vulnerable to attack. Developers were forced to re-think their development process and keep their tools and resources under a high level of scrutiny. This new malware is a game-changer in app development, so it may change the way we build apps in the coming years.
2015 was a big year for data security, but experts are learning from past mistakes and increasing their arsenal against cyber attackers.