It’s not the time to sit back in relief that you haven’t been hacked yet. Instead, it’s time to assume the worst and expect you will be hacked as the odds stack against you. According to the Wall Street Journal’s personal tech columnist Joanna Stern, “If you haven’t been hacked yet, the chances are even greater in 2017.”
It’s easy to see why the odds are increasing as we produce more data. But can they be prevented? Here’s what we’ve learned from some of the biggest hacks to date and what could have been done differently.
When Yahoo’s data was breached and hackers stole 500 million accounts, it was later revealed that figure just scratched the surface. It was revealed a second hack accessed over one billion accounts, making it one the worst hacks in history until Equifax bumped it out of first place. Four people, including two Russian spies, were eventually indicted for the hack.
Reports circulated that Yahoo’s CEO Marissa Mayer resisted calls for greater funding to boost security and prioritized other areas instead. However, the real criticism came when it was revealed the second hack happened a full two years after the original breach. Yet Yahoo did not act quickly and work with law enforcement on the issue or inform the public that their security had been compromised. Yahoo clearly dropped the ball on focusing on vulnerabilities and rolling out a faster response to the hack.
When hackers infiltrated credit reporting bureau Equifax system in mid-May, the public backlash was immediate. Equifax never updated a patch for a known web-application vulnerability and it directly lead to 143 million people having their social security and credit history exposed. But what made the incident so unbelievable is Information about the vulnerability and a subsequent patch was made available two full months before the Equifax hack.
And this wasn’t the only hacking incident with hackers infiltrating vulnerabilities and failing to update patches that lead to a large scale hack. Ransworm also infected the devices of millions and lead to the Global Wanna Cry hack that shut down hospitals, companies and individuals. Although companies can do more to update their patches and upgrade their systems, consumers can do the same for their own devices and invest in identity theft monitoring services to ensure their data is safe and out of the hands of hackers.
Some of the most popular players in the 2016 presidential election wasn’t on the ballot at all. When it was revealed that the Democratic National Committee’s computers had been hacked, it brought Russia into the forefront of a hacking scandal. To date, U.S. prosecutors are considering charging at least six Russian officials in the case.
Hackers were able to gain access to the chairman of Hillary Clinton’s presidential campaign through a phishing scheme targeting his Gmail account. Other party members were also hacked when an official-looking Google notification was sent and baited the campaign into revealing their login credentials. Aside from staying diligent to the trends in phishing schemes, simply using an inexpensive two-factor authentication (2FA) resource could have also helped avoid the breach and create an added layer of security.
In 2014, one of the largest hacks in retail history compromised the credit card information of 56 million Home Depot customers. Hackers used custom-built malware and used credentials swiped from a third-party vendor to insert malware on self-checkout machines. The retail giant ultimately offered $19 million to try and settle the customer’s hacking lawsuit.
Considering the technology and knowledge available at the time of the breach, the best course of action may have simply been identifying the malware and subsequent breach as soon as it happened to stop it in its tracks. Instead, it took Home Depot nine months to identify the breach and stop the damage from spiraling into free fall. According to reporting by TIME, companies like Home Depot should spend more resources figuring out how to immediately stop attacks instead of strictly focusing on identifying them. In Home Depot’s case, they should have been scrutinizing their point of sale machines to look for malware and vulnerability issues.
Hackers aren’t going anywhere, and are likely going to get more sophisticated as time goes on. But they will also rely on people becoming complacent with their digital safety and enter our devices and systems through known vulnerabilities and phishing schemes. Although companies need to do more to protect their customers, it’s also up to consumers to protect themselves, stay diligent and monitor their data for identity theft on a regular basis. After all, we can’t rely on big business to keep us safe when they can’t keep their own companies safe.