It’s the holiday season, and if you are an IT security professional like me, going home for the holidays often means you are the designated briefing corrreadespondent on all things data breaches. This year, instead of trying to explain IT jargon to my friends and family, I decided to compile a list of 2016 breaches and security incidents that will be sure to spark some interesting conversation at any holiday dinner table.

2016 Data Breach Cheat Sheet for the Security Professional

These breaches, as painful as they may be, remind us that identity and access management (IAM) is often overlooked and underbudgeted. Had there been strong controls in place to authenticate users throughout sessions, the subsequent use of any compromised credentials would have likely had a lesser effect.

Let’s take a moment to remember some of this year’s breaches that undoubtedly made the 2016 naughty list.

SWIFT’s Master Heist and Weebly’s Folly

Cyberattackers used the Bangladesh Central Bank’s SWIFT code to complete transactions amounting to around $81 million, ultimately transferring the funds from the bank’s New York account to accounts across Asia.

Additionally, Weebly announced that 43 million customers were victims of a breach that exposed their credentials and IP addresses. The web hosting service admitted it was at fault in the incident.

Yahoo and the New Perimeter

Still hurting from its 500 million accounts hacked in 2014, Yahoo made its second announcement this year, disclosing a different attack that exposed more than 1 billion accounts in 2013. The sheer volume of these attacks against a single company is unprecedented. The Yahoo breach serves as a prime example of why organizations need to adopt ways to authenticate beyond usernames and passwords. One such method is multifactor authentication, which is useful for logging into mobile devices.

Oracle Micros

Micros, a point-of-sale division of Oracle, suffered a breach that exposed hundreds of systems leveraged by retail customers. The cybercriminals installed malware that compromised usernames and passwords as they were being fed into the system.

Mirai Botnet Attack

The Mirai botnet attack consisted of malware that disrupted some of the internet’s highest-profile websites — Spotify, Twitter and PayPal, to name a few. It originated from malware infecting poorly secured Internet of Things (IoT) devices such as routers, DVRs and mobile devices.

NSA Hacking Tools Stolen

As any intelligence agency, the National Security Agency (NSA) houses advanced tools for hacking. This year, in one of the most impressive breaches on record, the NSA’s hacking tools were not only stolen, but later auctioned. To make matters worse, a disgruntled security professional from the NSA later stole terabytes of classified data. Et tu, Brute?

Bad Year for Social Media

MySpace, the once-mighty social networking site, suffered an astonishing security breach in which 427 million accounts were compromised. Similarly, Tumblr experienced a breach of 65 million accounts. Although the incident occurred in 2013, it went undetected until May 2016.

Finally, LinkedIn was forced to deliver several waves of crushing news to its users this past year. While the networking company originally believed that a 2012 breach risked 6 million user credentials, it recently notified users that the impact of the incident was actually much worse: Vice Motherboard reported that a well-known cybercriminal called Peace had been selling 117 million LinkedIn credentials.

Embracing IAM

For the IT industry, 2016 was certainly an exciting and challenging year filled with damaging, yet ultimately educational breaches. Organizations still have a long way to go in the space of IAM.

Learn more about IAM solutions or the Security Access Manager offering.

More from Data Protection

Why safeguarding sensitive data is so crucial

4 min read - A data breach at virtual medical provider Confidant Health lays bare the vast difference between personally identifiable information (PII) on the one hand and sensitive data on the other.The story began when security researcher Jeremiah Fowler discovered an unsecured database containing 5.3 terabytes of exposed data linked to Confidant Health. The company provides addiction recovery help and mental health treatment in Connecticut, Florida, Texas and other states.The breach, first reported by WIRED, involved PII, such as patient names and addresses,…

Addressing growing concerns about cybersecurity in manufacturing

4 min read - Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface.According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.Apparently, the data being stored in industrial control systems is…

3 proven use cases for AI in preventative cybersecurity

3 min read - IBM’s Cost of a Data Breach Report 2024 highlights a ground-breaking finding: The application of AI-powered automation in prevention has saved organizations an average of $2.2 million.Enterprises have been using AI for years in detection, investigation and response. However, as attack surfaces expand, security leaders must adopt a more proactive stance.Here are three ways how AI is helping to make that possible:1. Attack surface management: Proactive defense with AIIncreased complexity and interconnectedness are a growing headache for security teams, and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today