2011 saw a vast growth in the number of malware attacks on businesses and individuals. Hackers are now at a point where they can “wreak havok and access the best-kept secrets of organisations without ever leaving their living-rooms”. From phishing scams, to the Sony hack, 2011 has seen the worst of all cyber attacks. Millions of people’s data has been compromised around the world: hackers have made millions, whilst companies have lost millions. So, will 2012 see a repeat of last year? Or will we clamp down on cyber crime once and for all?
We here at IT Governance Ltd have picked the bad and the very bad to show you just what a year it’s been in cyberspace….
1. Sony PlayStation hack
Now this really was the worst of the worst – names, addresses and card details were stolen from around 77 million people who had accounts with the PlayStation Network (PSN).
2. Student loan phishing scam
Students across the UK mistakenly handed over access to their bank details after receiving an email asking them to confirm their details. Anywhere between £1,000 and £5,000 was stolen from each student who gave access.
3. Android apps
22 apps were removed from the android market by Google after it was discovered they contained fradulant software. The apps tricked users into sending premium text messages.
4. RIM hack
Blackberry’s blog was hacked after the London riots, warning Blackberry not to assist the police.
Powys Council, England, was fined £130,000 after the details of a child protection case were sent to the wrong person. This was one of the largest fines the ICO have actioned against a council. Read more >>
WikiLeaks was responsible for releasing top secret information about governments across the world on its website.
7. NHS Breach
Lulzsec hacked the NHS, alerting them that their information security management system was inadequate. However, they put on the “white hat” approach, publicizing the hack but not revealing any compromising information.
8. Gmail phishing scam
Chinese identity thieves used ‘spear phishing’ tactics to take over hundreds of Gmail accounts, including those belonging to senior officials and military personnel.
9. Epsilon data breach
Epsilon, the email communication giant was hacked in March 2011, where customer email lists were stolen from at least 26 different companies.
10. RSA attack
One of the most high-profile breaches of 2011 involved the world’s most-used two-factor authentication systems. Hackers stole information relating to RSA’s SecurID system, by mimicking RSA naming conventions to avoid detection. What was so unique about this case, was that only one attack on an RSA customer was ever reported, showing that the counter-actions RSA took were extremely effective.
The lesson to take away from these hacks and breaches is that companies and individuals alike need to be educated on cyber issues. There needs to be an understanding of what to look out for, what to click and what not to click, who to give your details to and who not to, and to generally be alert, rather than sticking our heads in the sand.
Education will help combat cyber issues and prevent repeat attacks occurring in 2012.
We have a number of staff awareness training courses available at IT Governance, covering DPA, Information Security and ISO 27001 and PCI DSS training. These are extremely effective and affordable, considering no travelling or other course attendance costs are incurred, as learners can study from their desk in their spare time.