The world of information security was certainly a whirlwind of activity in 2017. It seemed no one was immune to some sort of security breach or incident and it only got worse through the year. Some of the affected companies involved in incidents are still paying the price for those breaches. The list below is just some of the cybersecurity incidents that took place in 2017.
- Uber announces cybersecurity incident that affects 57 million users.
- BadRabbit cripples Eastern European countries.
- Disqus suffers breach that affects millions.
- Yahoo reveals 3-billion accounts were hacked.
- Whole Foods hit by a security breach.
- Sonic Drive-In hit by a data breach.
- Imgur reports data breach that occurred in 2014.
- Equifax hackers demand $2.6 million USD.
- Verizon data leak exposes up to 6 million accounts.
That’s just a short list of information security incidents in 2017 and we probably don’t know about many others. With 2018 coming, the landscape for information security is wide open. We’re lucky enough to have a group of information security experts who are making some predictions for the industry in 2018. Check out their commentary below and the infographic that follows. Thanks to LogRhythm Labs for the information security infographic!
DOMINGO GUERRA, CO-FOUNDER AND PRESIDENT OF APPTHORITY:
ENTERPRISE DATA VIA MOBILE IS THE NEXT FRONTIER FOR CYBER CRIMINALS
Hackers will progress from small footprint ‘front door’ malware and Man-in-the-Middle attacks to attacks that access all of an app’s or a company’s data via the ‘backdoor’ – app vulnerabilities. The next big breach won’t happen because hackers take over a single phone—it will happen because they gain access to massive amounts of sensitive corporate data collected by the apps. Indeed, the next massive Equifax-style breach could be a mobile breach.
The problem is that mobile apps collect a large amount of valuable data, data that may not even be necessary for the app’s use, such as specifics about the user’s physical location, all the contacts, or access to their cloud storage accounts. This data may be stored on the device, offloaded for processing to the cloud, shared with third parties, and even leaked through poor encryption and developer practices.
So, while the focus is on breaches to corporate systems via compromised user credentials or web apps, 2018 will be the year that the public realizes what hackers already know, enterprise data is available for the taking, in massive amounts, via leaky mobile apps. In fact, it just happened to Uber, where hackers stole the data of almost 60 million users and drivers because they found the Uber developer’s username and password to access Uber data stored in an Amazon server. That’s why forward-thinking organizations are putting the proper mobile defenses in place—before they become the next Equifax or Uber.
Read the full article on TechAeris here.