Call us today at (305) 698 - 0032

Network Security: Recent Hacks And How You Can Protect Yourself

April 4, 2017

2016 was a banner year for large organizations proving vulnerable to pernicious data theft, although they were far from alone. In fact, that year saw 3.04 million data records compromised each day, a genuinely frightening statistic serving as a reminder of how our confidential information is only as safe as the security protocols guarding it.

With security hacks making constant headlines one would think that most businesses have shored up their network defenses. However, a 2015 survey revealed only 38% of global organizations feel they are prepared to handle a sophisticated attack, and fully 81% of those who are the victims of data breaches had no managed security services in place.

Hackers are very adept at finding and exploiting network vulnerabilities. It is a difficult endgame trying to stay ahead of would-be data thieves; however, the risk of failure can mean legal liability, costly system downtime and damage to your organization’s reputation.

Let’s take a look at three of the largest security hacks from 2016, determine what you can learn from them, and explore policies and practices that can help protect your critical data against theft.

RECENT SECURITY HACKS AND HOW YOU CAN PROTECT YOURSELF

We sometimes take for granted how well large organizations safeguard their user data. As we will see, even the biggest and most technologically savvy organizations can prove vulnerable to an attack by a determined individual or group.

YAHOO

It has been called the largest data breach in history. In November 2016, Yahoo revealed that more than one billion user accounts were compromised three years prior in August 2013. To make matters worse, this announcement came on the heels of a separate 2014 breach that affected 500 million accounts.

“For potentially affected accounts,” wrote Yahoo CISO Bob Lord, “the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.”

So what happened?

In the case of the 2014 breach, the company believes that a “state-sponsored actor” was involved. The 2013 hack, though, was found to be the result of forged cookies – snippets of code that stay in your browser to remember your login credentials – that allowed attackers to gain access to the accounts.

Security consultant Brian Krebs maintains that Yahoo “appeared to fall far behind its peers in blocking spam and other email-based attacks.” He further points out that features such as secret questions tend to end up weakening the overall security of these accounts.

DROPBOX

Another online behemoth, Dropbox, announced in 2016 that a 2012 hack had exposed the passwords and email addresses of over 68 million users.

These passwords were quickly found to be up for sale on the dark web for an asking price of two bitcoins. Fortunately, all the affected email addresses and passwords were encrypted; however, they remain vulnerable.

Malcolm Harkins of security firm Cylance says in a Washington Post article, “passwords are outdated, they are annoying to users, they annoy IT teams, they are hard to remember,” further demonstrating that passwords alone are not often sufficient to protect sensitive information.

So what happened?

According to Dropbox, the original hack started with a stolen password that was used to access an employee’s account and retrieve a data set of user information. The company claims that they have put additional measures in place to ensure that it does not happen again.

TUMBLR

If you venture into the dark web, you will find more than Dropbox user information for sale. Tumblr announced in 2016 that they too had been the victim of a hack three years prior that resulted in the compromise of 65 million accounts, with all of the sensitive data available for purchase.

Moreover, like Dropbox, the Tumblr passwords and email addresses were salted and hashed, making it tough for anyone obtaining them to make practical use out of them.

So what happened?

It is not clear how the breach occurred, and Tumblr has been relatively tight-lipped about it.

In a statement, Tumblr admitted that the data breach was authentic but claimed that due to the difficulty of decrypting the information it was highly unlikely that accounts had been accessed. Still, because of the lax practices many individuals employ with regard to setting their passwords, it is not out of the question to presume that this sensitive information could fairly easily be deduced.

WHAT WE CAN LEARN

The common thread in these three examples is the relative ease with which hackers were able to gain sensitive information. These were not cases of using sophisticated applications to brute-force their way into highly secure networks. On the contrary – Yahoo, Dropbox, and Tumblr were the victims of their complacency.

What can we learn from these hacks?

  • Large numbers of user accounts were compromised at one time
  • The Yahoo attack showed that the ubiquitous cookies are a potential vulnerability
  • Dropbox’s hack was the result of a single password being used to access millions of accounts
  • All the stolen information was available for sale
  • Salting and hashing, while making it difficult to decrypt the data, cannot stop a hacker from deducing passwords cross-referenced from other breaches
  • Passwords are a weak form of data protection

HOW TO PROTECT YOUR INFORMATION

With these takeaways in mind, there are several steps you can take to ensure the security of your network. These include:

  • Using two-factor authentication instead of a single password to access sensitive information
  • Ensuring you update your software and deploy security patches
  • Establishing robust security procedures and enforce them so that all employees work together to deter data breaches
  • Using data encryption to ensure that any data obtained illegally cannot be easily accessed
  • Ensuring that your system is protected against viruses and malware
  • Minimizing the number of administrator accounts that can provide easy access to sensitive data

Learning the lessons of these security breaches and implementing safeguards to counter them can help your organization remain safe and secure. Taking these minimum steps can help save you from becoming yet another frightening statistic.

Tech Group offers comprehensive IT services to companies and organizations in Miami and the South Florida area. We have 25 years of experience helping businesses overcome technology hurdles to help move them forward. Contact us to learn how we can empower your technology to help you reach your goals.

Why You Need a Managed Service Provider (MSP): Unraveling the Benefits
Why Tech Group is the Premier IT Solutions Service Provider in Miami and South Florida
Why South Florida Businesses Need Proactive IT Management (Not Break-Fix)
Why Tech Group is the Premier Cybersecurity Service Provider in Miami and South Florida
Why SMBs Must Proactively Address the Threat of Mobile Hacks
Why Should You Get On The Cloud?
Why More SMBs are Turning to the Cloud to Reduce TCO
Why Hybrid Clouds are More Than Just Another Trend
Why Do You Need IT Solutions? Understanding the Critical Role of Technology in Business Success
Why ERP Systems are Essential for Growing Businesses: A Comprehensive Guide
Unlock the Power of IT Solutions in Miami: Why Tech Group is the Go-To Choice for Small and Medium-Sized Businesses
What are IT Solutions? Exploring the Digital Backbone of Modern Businesses
Understand How Data Losses Happen – In Order to Prevent Them
Understanding Managed Services and How They Benefit SMBs
Understanding Cybersecurity: A Comprehensive Guide
Understanding Managed Service Providers (MSPs): A Comprehensive Guide
The True Cost of IT Downtime for South Florida Companies (and How to Prevent It)
Three Steps To Fix IT Management for SMBs
Understanding IT Support: Definition, Functions, and Importance
The Importance of Cybersecurity for Small and Medium-Sized Businesses in 2024
The Good, The Bad, and the Ugly of Mobility and BYOD
The Sky’s the Limit for SMBs Taking to the Cloud
The Role of IT in Supporting Remote Work: Best Practices for Secure and Efficient Operations
The Crucial Role of IT Support in Modern Businesses
The Essential Need for Cybersecurity in Today’s Digital Age
Stay Secure My Friend More Hackers Targeting SMBs
Tech Group: Leading IT Managed Services in Miami and South Florida
Six Steps to Better Data Backup and Quicker Recovery
Seven ‘Must Haves’ for Your Small Business Website
The Benefits of a Managed Service Provider
Tech Group: Leading IT Support in Miami and South Florida
Private Versus Public Cloud Hosting For Small Business
Navigating the World of IT MSPs: How They Work and Why They Matter
Office 365: What You Need to Know Before You Migrate
Network Security: Recent Hacks And How You Can Protect Yourself
Is your Business Safe from Virtual Threats?
Keep Your IT Guy and Outsource IT Services, Too
IT Support in Miami: Why Tech Group is the Top Choice for Small and Medium-Sized Businesses
Mitigate Costly New Technology Risks for Continued Stability and Profitability
Just Because You’re Not a Big Target, Doesn’t Mean You’re Safe
Is That Email a Phishing Scheme?
Is That A Business Continuity Plan in Your Pocket…Or A Bunch of Jargon?
Inquiring SMBs Want to Know… What’s the Difference Between a Help Desk and NOC?
How to Trim the Fat From Data Center Costs
How Much Does Downtime Really Cost Your Business?
How IT Support Works: Ensuring Efficiency and Stability in Technology Management
How SMBs Can Utilize the Cloud To Build Their Business
How Do IT Solutions Work? Unveiling the Mechanisms Driving Business Innovation
Has Your Website Been Optimized for Mobile Users?
How Managed IT Services Can Drive Efficiency and Cost Savings for Your Business
Five Things You Should Do Right Now to Preserve Your Network and Systems
Four Key Components of a Robust Security Plan Every SMB Must Know
Five Ways Your Business Can Improve Its Search Engine Rankings
Five Popular Custom Software Development Models
Disaster Recovery Checklist: Are You Prepared?
ERP Systems in Miami: Why Tech Group is the Ideal Partner for Small and Medium-Sized Businesses
Demystifying Cybersecurity: How It Works and Its Key Types
Data Loss Can Cause You to Shut Down
Cybersecurity in Miami: Why Tech Group is the Ultimate Choice for Small and Medium-Sized Businesses
Cloud Monitoring Can Be the Difference Maker for SMBs
Cloud Migration for Miami Businesses: What to Expect, Avoid, and Plan For
Can You Really Afford Not to Have a Backup Plan?
Are Managed IT Services Right For You? A Few Things to Consider
Breaking News: Downtime Kills Small Businesses
Click, Click, BOOM – You’re in Business But Is Your Technology Ready?
4 Essential Pieces to Any Small Business BYOD Strategy
8 Hard Truths for SMBs not Worried About Data Recovery and Business Continuity
A Complete Cybersecurity Checklist for Miami Small Businesses in 2025
3 Things to Consider Before Jumping Into BYOD
A Smarter Approach to Mobile Device Management
5 Ways SMBs Can Save Money on Security