The Biggest Security Breaches of 2016: What We’ve Learned

Cyber Security breaches are expensive, annoying, and even, sometimes, hilarious.  No one wants to be on the receiving end, but most are at some point.  Right now cyber security costs an average of $3.8-4 million dollars per incident!  As staggering as that sounds, the projections are even worse, with cyber crime estimated to cost $2 trillion by 2019.  Yes, that’s 2,000,000,000,000—a lot of zeros!

Each week we’ve covered some of the biggest news in the cyber land.  Now it’s time for our season awards: the biggest security breaches of 2016 (barring something happening in those last few days that breaks a record).

What’s more, we’ll tell you what you can learn from the failure of others.

The Biggest Breach of 2016

The title of “biggest security breach of 2016” goes to a breach of 2013—because we only just learned of it.  Yahoo announced earlier this month that 1 billion accounts were compromised.  Keep in mind that there are less than 8 billion people in the entire world and that kind of gives you the proper sense of scale for this hack.

No credit card information was stolen, but user names, passwords, security questions and personal information like birthdates were all reportedly compromised.

WHAT WE’VE LEARNED:
Passwords matter.  More than ever before, internet security starts with user education.

The Most Political Hack of 2016

Never has a year involved more discussion of hacking and politics (and emails and would-be presidents) and rival nations and growing tensions and possible retaliations and on and on…so choosing one big political hack to rule them all is not the easiest superlative of this list.

But the award goes to: Hillary Clinton’s private email server. Sure, the Democratic National Convention, Colin Powell, and several other key officials were hacked this year.  Yes, the news coverage of such stories seemed unending.  But the one that may have even cost a presidential election win was that email server scandal.

(Now to see how a possible Russian involvement scandal plays out…biggest political hack to be reported in 2017?)

WHAT WE’VE LEARNED:
Private email servers aren’t legal for politicians?  Don’t get on Julian Assange’s bad side? The FBI and CIA don’t always agree?

Frankly, not sure what we learned from this one, but we sure heard a great deal about it.

The Most Expensive Hack of 2016

Considering that an Epsilon hack in 2011 cost a reported $4 billion USD, 2016 wasn’t so bad.

The average cost of a cyber security breach is reportedly around $4 million dollars, with the most expensive generally being healthcare (where data breaches cost about $400 per record!), this year’s winner is far above average (but still didn’t match Epsilon).

The most expensive hack of 2016 was the Bangladesh bank hack, an incident from February this year.  Apparently, accounts were drained of approximately $81 million dollars in a matter of minutes (and typo stalled the hack short of the $1 billion attempt).

WHAT WE’VE LEARNED:
Cover your assets (even banks use unified software).

Most Annoying Hack of 2016

A cyber incident can cause incredible expense and inconvenience: to the business under attack, to the employees or user impacted, and certainly to investigators attempting to ameliorate and solve these sometimes virtually untraceable incidents.

This year, we have seen many exacerbating cyber incidents: all that jazz going on at the Rio Olympics, required password changes at Dropbox, and malware-related blackouts in the Ukraine, all caused massive irritation.

Rarely does a hack cause as much annoyance, however, to such a broad base of public as this year’s winner of the “Most Annoying Hack of 2016” award: the DDoS (distributed denial of service) attack on Dyn that shut down “half the internet.”

If you were one of the thousands of people unable to complete a research assignment, job requirement (or just plain stream your favorite show) that infamous day, you now likely know how annoying such an attack can be.

WHAT WE’VE LEARNED:
Loads about the IoT, and here’s a lesson for everyone: do not allow a device to use its default user name or passwords!

Biggest Personal Hit

Hacks are often personal, not just political.  Nude photos get stolen from the cloud; Twitter accounts get hijacked; names get smeared in the cyberverse.

But in 2016 the award for the biggest hack aimed at a single individual goes to the massive DDoS attack aimed at security blogger Brian Krebs, reportedly the largest DDoS attack in internet history.  That attack also utilized a bot army from the IoT, but why target Krebs specifically?  Conclusions can be jumped to, based on his profession, but no solid evidence (or perpetrator) has been announced to date.

WHAT WE’VE LEARNED:
Watching Krebs was like a lesson in decorum: the man publicly acknowledged the incident, but also gracefully navigated the entire situation.

Considering how political hacking got in 2016, at least one major player displayed grace and dignity.

So here’s to the winners (and even the losers): May 2017 bring you greater cyber security.

Leave a Reply