It’s the holiday season, and if you are an IT security professional like me, going home for the holidays often means you are the designated briefing corrreadespondent on all things data breaches. This year, instead of trying to explain IT jargon to my friends and family, I decided to compile a list of 2016 breaches and security incidents that will be sure to spark some interesting conversation at any holiday dinner table.

2016 Data Breach Cheat Sheet for the Security Professional

These breaches, as painful as they may be, remind us that identity and access management (IAM) is often overlooked and underbudgeted. Had there been strong controls in place to authenticate users throughout sessions, the subsequent use of any compromised credentials would have likely had a lesser effect.

Let’s take a moment to remember some of this year’s breaches that undoubtedly made the 2016 naughty list.

SWIFT’s Master Heist and Weebly’s Folly

Cyberattackers used the Bangladesh Central Bank’s SWIFT code to complete transactions amounting to around $81 million, ultimately transferring the funds from the bank’s New York account to accounts across Asia.

Additionally, Weebly announced that 43 million customers were victims of a breach that exposed their credentials and IP addresses. The web hosting service admitted it was at fault in the incident.

Yahoo and the New Perimeter

Still hurting from its 500 million accounts hacked in 2014, Yahoo made its second announcement this year, disclosing a different attack that exposed more than 1 billion accounts in 2013. The sheer volume of these attacks against a single company is unprecedented. The Yahoo breach serves as a prime example of why organizations need to adopt ways to authenticate beyond usernames and passwords. One such method is multifactor authentication, which is useful for logging into mobile devices.

Oracle Micros

Micros, a point-of-sale division of Oracle, suffered a breach that exposed hundreds of systems leveraged by retail customers. The cybercriminals installed malware that compromised usernames and passwords as they were being fed into the system.

Mirai Botnet Attack

The Mirai botnet attack consisted of malware that disrupted some of the internet’s highest-profile websites — Spotify, Twitter and PayPal, to name a few. It originated from malware infecting poorly secured Internet of Things (IoT) devices such as routers, DVRs and mobile devices.

NSA Hacking Tools Stolen

As any intelligence agency, the National Security Agency (NSA) houses advanced tools for hacking. This year, in one of the most impressive breaches on record, the NSA’s hacking tools were not only stolen, but later auctioned. To make matters worse, a disgruntled security professional from the NSA later stole terabytes of classified data. Et tu, Brute?

Bad Year for Social Media

MySpace, the once-mighty social networking site, suffered an astonishing security breach in which 427 million accounts were compromised. Similarly, Tumblr experienced a breach of 65 million accounts. Although the incident occurred in 2013, it went undetected until May 2016.

Finally, LinkedIn was forced to deliver several waves of crushing news to its users this past year. While the networking company originally believed that a 2012 breach risked 6 million user credentials, it recently notified users that the impact of the incident was actually much worse: Vice Motherboard reported that a well-known cybercriminal called Peace had been selling 117 million LinkedIn credentials.

Embracing IAM

For the IT industry, 2016 was certainly an exciting and challenging year filled with damaging, yet ultimately educational breaches. Organizations still have a long way to go in the space of IAM.

Learn more about IAM solutions or the Security Access Manager offering.

More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today