2018 has been a roller-coaster ride when it comes to cybersecurity. It was the year that announced major security breaches almost every week. This year, organizations also focused on getting back on track with regulatory compliances, thanks to the General Data Protection Regulation (GDPR).
Consequently, we can expect an increase in the demand for people with security skills owing to the volume and scale of security breaches we experienced as a global audience. Businesses of all kinds face the constant pressure to maintain high-security standards in their IT solutions. Which also means they will need more people on board who know the application and software security in and out and can develop secure code.
As we near the end of 2018, let’s go back over the major security loopholes that got exposed and exploited, all over the world.
The Facebook Breach
Late in September this year, Facebook admitted that a cyber attack on its network had exposed the personal information of around 50 million users. Deemed as the largest in the tech giant’s history, the data breach took place at a sensitive time for Facebook when the company already stood under speculations of data security and privacy concerns.
Attackers exploited a functionality in Facebook’s code to break into accounts and take control of them. The New York Times also reported at the time that the accounts of Facebook top executives Mark Zuckerberg and Sheryl Sandberg were also compromised.
Moreover, once attackers entered into user accounts, they could have potentially found the way to compromise other related accounts such as Instagram, Spotify and more where people use their Facebook account to log in.
Three vulnerabilities caused this data breach, where two of them were introduced by an online tool that was supposed to improve user data privacy. The third was added by a tool that’s only meant to upload birthday videos easily.
Facebook’s sad data breach cost it four percent of its global annual revenue, which amounts to $1.63 million.
What Else Went Wrong in 2018
Aadhaar breach
Disclosed earlier in January this year, the Aadhaar data breach is a notable one that concerned India. A whopping 1.1 billion records may have been compromised in the Aadhaar data breach. Reporters with a news service paid 500 INR to log into a service that was anonymously sold over WhatsApp.
Using the service, the reporters could enter any Aadhaar number (a 12-digit code assigned for identification to each Indian). Doing so, a person could access vast information about anyone as stored by the UIDAI (Unique Identification Authority of India).
Citizen data included name, address, phone number, email address, and photo. Moreover, an additional payment of 300 INR would allow anyone to print an ID card for any Aadhaar number.
The data breach affected the records of all 1.1 billion citizens of India.
You can listen to The NULLCON Podcast: Episode 3. The episode entirely focused on security issues of Aadhaar found in 2018.
Marriott breach
In late November, Marriott International revealed that cyber attackers had breached its Starwood reservation system, stealing the personal information of up to 500 million guests. The hotel chain asked guests for their credit card information, addresses, and passport numbers in some cases.
The attack had started as far back as in 2014 and was a strict reminder that large companies still face data security as a challenge.
Google+ breach
Only a month after Facebook disclosed its devastating breach, Google announced that a bug in Google’s developer platform on its Google+ network exposed the data of 500,000 users. User information records such as name, email address, gender, age, and occupation were compromised as part of the attack.
Following the breach, Google decided to shut down its social service as it has since long been on low usage.
These are only a few examples from a host of others. But, they all highlight the fact that organizations are not doing much to combat and deal with security loopholes.
Analyzing Data Breaches
Let’s see what these hacks say about data security –
- For Companies – Organizations that collect private and sensitive data from their users should implement security policies and perform regular testing and checks to discover vulnerabilities sooner. The scale and strength of impact of these security compromises are felt by organizations for a long time after they happen. It’s easy to say that brand image suffers for a lifetime when security systems fail to protect customer data. For companies, these security breaches mean one thing- they should focus more on security best practices to avoid loophole creeps into their system.
- For Individuals – Software security practitioners and experts may feel the need to upskill and gain a better understanding of the nitty-gritty of software security best practices to help their organizations implement stringent policies and guard their reputation. As part of an organization, or as a security consultant, these data breaches may point toward a higher need for professionals with a deep know-how of secure code and application security.
Next Steps for You
Are you worried a cyber attack might hit your software solution? It’s common for founders and executives to feel that way when a lot is at stake. Here’s what you can do to improve your app’s security:
- Help your security team upskill. When they know their stuff in and out, they will be in a better position to manage your software’s security.
- Install security best practices, so your IT solutions are guarded against malicious attacks.
Both objectives can be achieved by being part of a community that helps you learn about software security and thrive in this digitally risky era. Such a community is getting together everyyear at nullcon – a massive consortium of security enthusiasts, tech companies, and developers- who come together to discuss and learn.
– Written by Divya Agrawal & Edited by Pratik Ghumade for nullcon
Photo Credits – Petty Officer 3rd Class Andrew Barresi
