Though cyberattacks dominated the news in 2014, with companies such as JPMorgan Chase, Target and Home Depot suffering from breaches, cyberattacks aren’t limited to only big companies. Brand recognition matters little to cybercriminals, and organizations of all sizes have been victims of a data breach. This trend will likely continue in 2015, with attacks growing not only in number, but in sophistication, as well.

The following is a look at a handful of the most damaging threats of 2014 and how they changed the corporate conversation on data security and protection:

Home Depot Data Breach

In this breach, cybercriminals compromised more than 56 million credit card and debit card accounts, along with 53 million customer email addresses. They used the stolen email information in multiple phishing scams that targeted unsuspecting customers. Similar to the Target breach, attackers used stolen credentials from a third-party vendor and exploited an unpatched vulnerability in Microsoft Windows to compromise the company’s point of sale devices. According to Krebs on Security, they targeted the 7,500 self-checkout lanes, which were clearly referenced as payment terminals by the internal systems.

Heartbleed Bug

The Heartbleed bug existed for two years before it was discovered as a vulnerability. It exists in the very popular OpenSSL data encryption standard that reportedly affected more than 500 million websites at the time of discovery. Several organizations were breached through this exploited vulnerability, including the Canada Revenue Agency, where more than 900 Social Insurance Numbers were compromised in just a matter of hours.

Bash Bug

This bug, which had gone unnoticed for more than two decades, let cybercriminals execute malicious code within a bash shell, the typical command prompt on PCs, Macs and Linux machines. This let them overwrite authentication information and gain access to confidential information by taking control of the operating system. Since this vulnerability existed for such a long time, it also affected many older systems whose operating systems were no longer supported with patches to fix the vulnerability.

JPMorgan Chase

In this breach, cybercriminals gained access to names, addresses, phone numbers, email addresses and internal JPMorgan Chase information for more than 83 million accounts. The source of the attack that led to the data breach was discovered to be an overlooked network server that was missing a simple security fix that enabled two-factor authentication.

Why You Need to Act

While it is impossible to anticipate every attack and prevent every data breach, it’s important to be equipped with the following tools and security programs to have an integrated threat protection system that protects your company’s data and minimizes the risk and damage caused by an attack:

  • Comprehensive Asset Discovery: You can’t protect what you can’t see. It’s vital to ensure you have visibility into every endpoint within your organization regardless of whether it is fixed, mobile or remote.
  • Install Two-Step Authentication for Logins: This simple security fix ensures additional protection against a potential breach in case of lost or stolen passwords.
  • Real-Time Situational Awareness and Incident Response: You need to have a tool that can give you real-time visibility into your endpoints with the capability to ensure automatic quarantine and immediate remediation of all your endpoints, wherever they are located.
  • Automated Patch Management: Having an efficient automated patch management solution that can find vulnerable endpoints and apply required patches within minutes or hours can reduce the window of exposure to any potential threats.
  • Vulnerability Management: Having an efficient vulnerability management system would ensure the most vulnerable endpoints are patched and secured first by analyzing the risks associated with the various vulnerabilities and identifying the priority of remediation through patches and configuration management.
  • Mobile Threat Management: Given the shift to an increasingly mobile workforce, mobile malware is the next big security threat to every enterprise. With employees using a number of apps and devices to increase productivity, your enterprise is susceptible to rogue and malicious apps compromising your data.

How IBM Can Help

IBM Security provides you with the right tools to ensure you are well-equipped to face increasingly sophisticated advanced threats. The following solutions are designed to disrupt the life cycle of advanced attacks with a three-pronged approach that helps you prevent, detect and respond to threats:

  • IBM BigFix™ ensures your endpoints are in continuous compliance with various security and operational policies. With real-time visibility into your endpoints and automated custom remediation capabilities, it ensures your organization is equipped with a real-time situational awareness and incident response system.
  • IBM MaaS360™ lets you provision, secure and manage your mobile devices, apps and content — all from a single portal — while minimizing risk to your organization.
  • IBM QRadar SIEM™ consolidates log source event data from thousands of device endpoints and applications distributed throughout a network. It performs immediate normalization and correlation activities on raw data to distinguish real threats from false positives.
  • IBM Security Trusteer Apex™ Advanced Malware Protection provides protection against unknown, zero-day threats and advanced malware without affecting user productivity. This software protects endpoints throughout the threat life cycle by applying an integrated, multilayered defense that breaks the attack chain and preempts infection.

More from Endpoint

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.  Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats.Signature-Based Antivirus SoftwareSignature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique to the respective…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

3 Reasons to Make EDR Part of Your Incident Response Plan

As threat actors grow in number, the frequency of attacks witnessed globally will continue to rise exponentially. The numerous cases headlining the news today demonstrate that no organization is immune from the risks of a breach. What is an Incident Response Plan? Incident response (IR) refers to an organization’s approach, processes and technologies to detect and respond to cyber breaches. An IR plan specifies how cyberattacks should be identified, contained and remediated. It enables organizations to act quickly and effectively…