2015 Online Threat Report: What Happened And What Did We Learn

When it comes to online security, 2015 was a rough year for everyone. Businesses found themselves targeted more as hacking grew as an industry, and consumers and employees found their data being leaked at every corner. Even if you look at the news right now, chances are you’ll find a number of articles relating to the recent mainstream hack.

We need to grow and learn in order to continue to fight these threats. Businesses and specialists do their best to react to the threats as they come, but the average computer needs to be aware of what is threatening them and the places at risk so that they can make educated decisions regarding their data and where they put it. Identity theft is always right around the corner.

There are plenty of other hacks that happened this year, but here are the major ones that should capture your attention:

Ashley Madison

If you heard about any cyberattack and data breach this year, it was probably this one. This July the email addresses and other personal info of millions of Ashley Madison users was released to the public after a hacker group calling themselves The Impact Team demanded and were denied the immediate shutdown of the adult site and related websites. Accounts belonging to public officials have been found, and we are still dealing with some of the fallout of this attack.

Here is what we can learn:

• You are never really anonymous online and data can be kept forever. Despite leading customers to believe the opposite, Ashley Madison did not delete user data upon account deletion.
• You absolutely cannot trust companies to keep your data private, especially those that base their business model on setting up affairs.
• When a total data breach occurs much like this one, it can be absolutely devastating. What if something like this were to occur with Social Security numbers and addresses? It would be impossible to entirely recover.

U.S. Government’s Office of Personnel Management

Not even the most powerful government in the world is safe. The Office of Personnel Management suffered a data breach that could affect 21.5 million employees of the U.S. Government, revealing a great deal of their information. Try to think of it as someone coming into your HR office with a cart and taking everything that isn’t bolted to the floor. The government was slow in letting employees know about the danger, and there were already many vulnerabilities that the department was warned about.

What did the world learn from this debacle?

• The U.S. Government might be good at collecting information but it still has holes in its security when it comes to protecting it. It still isn’t trustworthy when it comes to keeping citizens’ info private online.
• People also need to be concerned about their employers and how they handle data. Employee records are an excellent source of information from hackers.
• Preparedness is the key to survival. Organizations cannot delay in upgrading their security.

Anthem Health Insurance

Anthem, the United States’ second largest health insurance company, was the target of one of the largest data breaches in modern history this February. The personal information of millions of people (Anthem deals with about 80 million customers) was lost, with Anthem stating that it was due to a “sophisticated attack” that got into their records. No medical data was lost, but an unknown number of people now have their most private data in the hands of hackers.

What we can learn:

• Healthcare providers and health insurance companies need to have more protection. This is only a high point in a long history of attacks against unprepared health care providers. Since you can’t go without health insurance, try to lobby for tougher regulations or call your provider asking about their cybersecurity standards.
• Some companies will have more data than others. The Target breach years ago was brutal, but Target didn’t have your Social Security number and medical history on file. Priorities need to be made.
• Just because a company is massive doesn’t mean it cares about data security. Corners were likely cut somewhere, and data security is a seemingly easy target for a slashed budget.

LastPass

This June, we learned that LastPass, a major player in the Password Management market, was the victim of a data breach. Fortunately it wasn’t a full breach, but millions of people were still at risk depending on the master password they used. The company responded downplaying the threat, but if any company needed to have airtight security, it was LastPass.

What we learned:

• If you are going to use password management software, then you should put in the time to use multiple forms of verification. If this kind of account gets hacked, cybercriminals will have a field day with your accounts.
• No one is safe, and the companies we are supposed to rely on the most to have decent security cannot always be trusted. Due to the data they possess, they are a bigger target, nearly inviting the best and brightest in the cybercriminal world to take their shot.

What To Do Now

Regardless of how hopeless the situation might seem, you can still protect yourself well if you use the right tools and strategies. Here is what you should do:

• Learn about basic online security for yourself, and then teach those you care about the basics. No tools or gadgets are going to help you if you don’t know what a phishing email looks like.
• Get a Virtual Private Network (VPN) for any device you use outside of your home. A VPN is a service that will connect your smartphone or computer to an offsite secure server via an encrypted connection. The encrypted connection will keep you safe on problematic public networks and keep onlookers out. It will also allow you to hide your IP address, preventing anyone from tracking you and allowing you to access otherwise blocked sites.
• Learn more about the websites and services you use frequently. Look into the methods they use to protect customer data. Look particularly into companies that you know would be a high-priority target for hackers. Don’t be afraid to make phone calls or send some emails to get your questions answered. Your security and the security of those you care about are worth it.

You are never completely safe, but you are also never completely alone. This year can prove extremely educational from a cybersecurity standpoint. All you need to do is a take a look at the facts and be willing to learn. Remember the above names and know that everything is under threat. That being said, don’t let it interfere with your everyday life and arm yourself with the right knowledge.

Are there any major cyberattacks that happened this year that you would like to talk about? Do you feel as though there are any cybersecurity subjects you or your loved ones need more information about? Do you have any opinions about what happened in any of the events mentioned above? Please leave a comment below and join the conversation.