American activist Maggie Kuhn once said, “Well-aimed slingshots can topple giants.” In the case of reputable brands like Yahoo! and eBay, the slingshots were in the form of a well aimed cyber attack.
And the results were devastating.
Both brands lost the trust of loyal customers. Sales plummeted. Because of the breach, Yahoo! had to take a price cut on the original $4.8 billion sale of its core business to a major telecommunications company. eBay suffered a loss in revenue and activity after its data breach.
And this happened because both brands didn’t keep their data as secure as they should have.
Cyberthreats are very real and can even topple large businesses. To illustrate the magnitude and reality of cyber threats, consider these stats by Cybercrime Ventures:
- Cybercrime costs will grow to $6 trillion annually by 2021
- Global spending for cyber security services and products is expected to exceed $1 trillion over the next five years
- The year 2016 was a record breaker for data breaches up by 50% from 2015 – Bloomberg
The point is, some threats do slip through the cracks. In this post, you will learn what the most talked about hacks in history can teach you about keeping your online assets and data secure:
1 – Yahoo teaches us that Security must be a Priority and Network history must be Monitored
Image Source: Pexels
In December 2016, internet company Yahoo! revealed two major breaches of user account data. One of the breaches in which more than 1 billion users accounts were hacked was back in 2013. The other was in 2014 when around 500 million user accounts were affected.
During every app development process, we at Cygnis Media know that gaps in security might lead to data leaks. Even a large company like Yahoo! can be affected by a data breach if best security practices are ignored.
On that note, here is what we can learn from this infamous breach:
- Security teams must be involved in the development process: In the case of Yahoo!, Hackers used forged cookies to enable them to access user accounts without a password. To protect against sophisticated attacks, security teams must be made part of the development process from the start.
- Scanning past network activity: According to Verizon’s data breach report, the time during which an attacker is detected is usually 200 days. Yahoo!’s data breach was carried over a long period of time with hackers hiding in network traffic. Avoiding such a scenario means adopting a model of retrospective network visibility where updated threat intelligence is applied to past network activities like user behavior or login histories.
2 – Home Depot teaches us the importance of cloud security and encrypting customer credit card info
Image Source: Pexels
In 2014, a massive hack at Home Depot exposed 56 million credit cards and put tens of millions of its customers’ data at risk. The attack remained undetected for a long time since it was carried out by custom made malware, which according to a statement from the retailer, “had not been seen in previous attacks.”
Businesses that want to prevent such a scenario must keep the following in mind:
- Cloud based security: Companies like Home Depot have to store huge amounts of customer data. Relying on SaaS (software as a service) products to do so can cut the cost and complexity in securing critical online assets. You can also rely on software solutions like CodeGuard which can backup your website data on the cloud and keep it secure.
- Encrypt data at point of sale system: In the Home Depot attack, hackers used malware to collect data at POS (Point of Sale) systems, specifically cash registers. To avoid a similar scenario, a best practice is to encrypt all POS data upon entry.
- Security patches for new vulnerabilities: POS software should be kept updated with updates that contain new security patches for new vulnerabilities.
3 – LinkedIn teaches us the importance of stronger authentication practices
Image Source: Pixabay
In 2012, hackers stole 117 million email and password combinations from LinkedIn. This wasn’t known until the stolen data was made public four years later in 2016. Here is what this famous hack in history can teach us about online security today:
- Enable two factor authentication: Beside username and password, two factor authentication is an extra layer of security that requires what only users may know or have on them(2FA). Think about personal identification numbers which banks give to account holders when making online transactions. Since the authentication data is something only users would know, it is harder for hackers to steal.
- Force users to employ strong passwords: Easy passwords are easily stolen. Some examples of the passwords that were stolen from LinkedIn and made public are “12345678”, “princess” and “password1” which are pretty easy to break or guess. Point is, you can’t control how people use your products. But you can force them to choose stronger passwords during initial signups or during password changes.
To recap, these hacks in history can teach us these lessons:
- Security must be a priority during development and network history monitored regularly
- Cloud security is as important as cloud storage and data encryption should be made standard practice
- Authentication practices should be stronger to prevent customers from following weak sign up practices that may compromise their data