Top 2014 cyberattacks attacks and how to avoid them in 2015

2014 saw a host of cyberattacks and their difficult-to-manage consequences. Let us take a look at those infamous incidents and learn what we can do to mitigate the risks in the coming year.

A blackmailing hacker attack shut down IT systems, hijacked Twitter accounts, and leaked confidential information – everything from private correspondence among executives to salary and performance data about employees. The hackers have not been identified and they continue to threaten to release sensitive data if their demands are not met.    

The accounts of several Hollywood celebrities were compromised by a targeted attack on their user names, passwords, and security questions. This attack resulted in the leak of nude images and damaged reputations. The images were believed to have been obtained via breach of a cloud services suite developed by an American multinational corporation. 

Two teenagers found an operator manual online for an ATM at a local supermarket. They went to the ATM to try to put it in operator mode and to their surprise, it worked. What was more shocking was that the first random guess at the six-digit password worked the first time they tried. Fortunately, these two honest teenagers promptly notified the bank and no damage was done. 

The credentials of a number of employees were compromised which allowed the attackers to gain access to the company’s network and sensitive customer data. Although the cause of the attack was not confirmed, a phishing attack remained a likely candidate.    

Hackers breached a server containing clients’ contact and clinical information in a US state’s Department of Public Health and Human Services. The breach occurred due to a security flaw in third-party software used by the department and the hackers accessed the server before the vulnerability was patched.

Some of these attacks didn’t require any hacking prowess and could have been avoided or mitigated. Here are some tips to help protect yourselves:

Employees are the biggest threat to a company's security when it comes to data breaches. Most employees may have the best intention to remain secure but they still make common mistakes because they are unaware of the security risks. It helps to schedule a companywide session to educate your employees on password best practices.

It is human nature to choose an easy-to-remember password which is more susceptible to password attack. You can enforce a more complex password policy but this may create a management headache, with users forgetting passwords. The solution? Enable passphrases to allow users to create long but memorable passwords to increase security. Increasing the length beyond 20 characters makes password attacks very expensive – to the point of rendering such an attack infeasible. Also, the passphrase feature allows users to create passphrase they can easily remember such as “T@morr@w I leave for Disneyland!” so they never have to resort to insecure ways to memorize their passwords.

Multi-factor authentication (MFA) requires more than one form of authentication to verify user identity. MFA combines two or more independent credentials: what the user knows (password), what the user has (smart card) and what the user is (biometrics). This makes it hard for hackers to steal your password because they will also need to have access to other credentials.  

For more information on how you can protect passwords and your data, download this whitepaper.

Darren James is the Product Specialist at Specops Software