2018: Year in Review & Looking Forward to 2019

January 15, 2019

Oh, boy, 2018 was a heck a year for data hacks and breaches! Some of the biggest security breaches in 2018 include (Top 5 according to Business Insider):

  • Aadhar: 1.1 billion
  • Marriott-Starwood Hotels: 500 million
  • Exactis: 340 million
  • MyFitness Pal: 150 million
  • Quora: 100 million

Others included in the list for the top 20 are MyHeritage, Cambridge Analytica, Google+, Chegg, Facebook, Ticketfly, Timehop, Careem, Cathay Pacific Airways, Sheln, Saks and Lord & Taylor, My Personality, T-Mobile, SingHealth, Orbitz and British Airways.

Let’s take a look at some of the reasons why:

  • Vulnerable third-party plugins
  • Malware on a customer support product hosted by a third-party supplier.
  • Use of an outdated hashing algorithm.
  • No security protocols in place
  • Open APIs
  • Injection of card skimming scripts
  • Servers exposed to the public

The list goes on and on…

More importantly, following these data breaches: What can we learn from them?

  • Human weakness is at the forefront. Train, Train, Train. Phishing emails are at the forefront of most data breaches. Teach your people:
    • When in doubt, communicate, and delete.
      • Call before opening.
      • If in doubt, delete the email.
    • Enforce the security policy.
    • Put in concentric rings of security: Network security, desktop security, application security, email security, process security.
    • Test, Test, Test.
    • Learn from the best and from the incidents. Analyze the incidents that are made public. Find out what happened and how it happened, then see if it applies to your area or circumstance.

It’s Only Going to Get More Interesting

In the meantime, take a look at a great web site that will help you keep track of the data breaches: Privacy Rights Clearinghouse (PRC) [https://www.privacyrights.org/data-breaches]. This site allows you to view the data breaches, breach type, organization type, and map them!

When you first visit the site, well… My reaction was OMG!  As of 1/15/2019 the number of record breaches is 11,582, 116, 452. (I Know!). The number of “known” data breaches is 9,033 since 2005 (Cringe!)

The breach types for 2018 are –

Thanks, from Fort LifeStatus360.

Leave a Reply

Your email address will not be published. Required fields are marked *