Once again it’s coming close to the end of another year which means it’s time to review the biggest trends of 2019. And what is something that came up a lot this year – hackers and security breaches!
Thanks to GDPR (General Data Protection Regulation) companies are more aware than ever of these issues and the severity of what these issues can cause and this has become an essential step in ensuring the protection of EU citizens Data. However, sadly both small and large companies are still getting caught out by the ICO for data breaches.
Although this is not a new phenomenon, there is no indication of constant threat of exploits coming to a halt. 2019 witnessed a number of unprecedented hacks including systems that were previously seen as impermeable, like OS.
It is clear that high profile attacks are done with monetary aims, however, there have been a few occasions where these have traced to governments across the globe attempting to take done individuals.
This wave of breaches continues to crash companies. We have to realise that our information has value and so we have to put measures in place to try and combat these issues. This can be simple tasks such as password management (ie stop reusing the same password) or to prevent saving personal and payment information online as much as possible.
Timeline of breaches this year:
January
Severe vulnerability in Apple FaceTime – a bug that let attackers call and self answer a FaceTime call without any interaction from the callee, opening the door for secret surveillance.
March
Vertifications.io’s database contains over 982 million email addresses but was leaked by a marketing company in one of the biggest database breaches to have ever occurred. Emails were sent to email addresses to verify if they were valid, however, it had no security measures in place to protect the massive database of email addresses it had collected.
April
Hackers broke into Microsoft’s Visual Studio seeding into the backdoors of at least 3 video games and as many as 92,000 were running malicious versions of affected video games. This is an example of a supply chain hack where hackers send out malicious codes to a company software and in turn will distribute clients.
May
On May 25th, British Airways were fined £183 million for breaching customer data, the very next day the Marriott hotel also received a heft fine of £99 million. Whatsapp also experienced issues when they were hacked which resulted in spyware being installed on users’ phones.
July
Millions of people’s information was stolen in a Capital One breach, resulting in one of the largest hacks on the financial institution in history. Users’ banking information – including transaction history, balances, credit scores and addresses were stolen. Some people’s social security numbers were taken but credit card information was not compromised.
August
Fortnite warned 250 million players of a hack after being hit with ransomware – users were warned after some players were hit with ransomware that encrypted files on their computers and demanded payments for them to be unlocked. The online video game warned its massive user base against downloading a supposed aimbot cheat tool, which claimed to give players an edge over competitors but actually loaded computers with ransomware.
November
Thousands claimed to be hacked after signing up to Disney online streaming services. Within the first week, it was predicted that of 10 million people who signed up, thousands of users went on sale on the dark web only hours after the service launched according to Zdnet. Disney+ accounts were selling for as little as $3 (£2.50) when a subscription fee itself was $7 (£5.40) a month.
These data breach incidences are proof that all businesses, regardless of their size, need to invest in cyber security and ensure that their databases are protected. Larger organisations like Facebook who use third parties and have access to your users’ data have to be particularly careful about how are handling data they receive from users.
Users can take the appropriate steps to ensure that your information is secured, this means constantly updating your passwords and avoiding using the same ones across platforms. If you are using a VPN connection to stay anonymous online, ensure that you use a good VPN provider to avoid having your data logged and sold to third parties without your consent.
How can Kick help you?
At Kick, we offer IT Security services which can help your organisation protect against cyber security threats. With our expertise in the industry, we have everything you need for a resilient, reliable and secure network. If you want some more information on what we have to offer or want some advice, give us a call on 01698 844 600 where a member of our team will be more than happy to help.