The last ten years of cyber security have taught us a lot about hackers and their resilience to infiltrate some of the biggest companies in the world. Common mistakes continue to occur, such as Instagram account passwords being held in text format, and regular Internet users continue to fall for phishing scams or downloading malware.
Yahoo was hacked twice once in 2013 and 2014, with 3 billion and 500 million records impacted. First American Financial Corp used poor security practices, leading to 885 million records being impacted in 2019.
Facebook also had poor security practices that lead to 540 million records being accessible in 2019.
The evolution of cyber threats continues to outpace some of the world’s top tech companies. Zeus Trojan was released in 2008, and it was one of the first times security experts saw a trojan of this sophistication. The software was able to log a person’s keys pressed and grabbed information from forms. Over $70 million was stolen using this trojan.
Target was hacked as a result of a variant of the Zeus Trojan. Viruses, trojans and worms have been around for decades, but they were starting to become more advanced and complex in the last ten years.
Connected devices have also started to spread, and once a device or even automobile is connected, they have the potential to be hacked. Intruders have been able to infiltrate streaming video entertainment systems and in-car WiFi. Connected car vulnerabilities first came to light at the 2016 Black Hat security conference. Remote hacking had the potential, at the time, to access 471,000 vehicles.
We’re also seeing an expansion of the cyber security field. Information security analysts are in a field that takes less than five years to enter and has a median pay of $98,350. The field requires a Bachelor’s degree to enter and basic cyber security courses. The field is growing at a rate of 28%, which is far faster than average.
Security experts have started to put some of the responsibility in the hands of the consumer because perimeter security can always be breached.
Encryption and multi-factor authentication remain the two key most important tools in combating security breaches. Multi-factor authentication has the ability to prevent access to user accounts on banking systems, social media and other platforms. This has remained one of the most powerful tools in helping prevent single record access online.
Encryption is becoming more widespread, and we have seen some early encryption be able to be hacked. WPS, which allows devices to access WiFi, has been shown to be vulnerable, so we’re seeing that consumer ease of use can lead to an increased number of vulnerabilities.
We’re also seeing that while security experts continue to advance prevention measures, a lot of large-scale attacks are kept in the dark. The US military had 26.5 million records hacked in 2006, and it took weeks to alert the public that the attack occurred. Consumers are starting to put security into their own hands, and this has been an approach that security teams are recommending to keep data safe and secure.