Lessons from the 5 biggest online security breaches of 2015

1. Ashley Madison

When infidelity dating website Ashley Madison was breached by a group calling itself ‘The Impact Team’ in July 2015, around 35 million user accounts were compromised. What’s more, the group released personal information when the website was not immediately shut down, as per its demands. Websites that commercially encourage extramarital affairs are hotbeds for hackers: rival service Adult Friend Finder also suffered a similar attack this year.

The lesson:  Hackers are not always after credit card details – although these were also exposed in this attack. If your website or app gathers any sensitive information that may be embarrassing or damaging to a person’s reputation, you must look at sharpening up your online security.

2. Anthem

US health insurance firm Anthem lost more than 80 million customer records when it was hacked at the beginning of 2015. The FBI has yet to confirm who was behind the attack but reports say that much of the data was not encrypted – a must-have online security measure if your business collects sensitive medical information.

The lesson:  Because hackers stole social security numbers, birth dates and addresses, the breach also opened customers to the risk of identity theft. Fortunately, Anthem has a cybersecurity insurance policy to cover the costs of providing free credit-monitoring services and identity theft protection to those affected. Do you have similar insurance cover should your business be targeted by hackers?

3. Kaspersky Lab

If a security vendor can be attacked, where does that leave the rest of us? That’s exactly what happened to Russian antivirus and security firm, Kaspersky Lab. The company discovered that several of its internal systems were infiltrated by an attack. The reason for the attack was believed to be a link to powerful world meetings, for example around an Iranian nuclear deal.

The lesson:  The number one less here is that absolutely anyone can be a victim of hacker attacks, so never think that your business is not attractive or important enough. Secondly, if your company has political ties at all, factor that in to your disaster management strategy. Lastly, even though the motive here might have been political, the hackers managed to access the company’s latest technologies like Kaspersky’s Secure Operating System and Kaspersky Fraud Prevention. The thought that a criminal could get hold of or alter your intellectual property is certainly another motivation to increase your online security measures.

4. LastPass

Just as alarming as the Kaspersky breach was that of password management company LastPass. Email addresses, password reminders and more were compromised and encryption measures were found to be inadequate.

The lesson:  Nowadays, a password has to be very strong to be unhackable, which is why businesses such as Facebook and Gmail rely on two-step authentication to verify their users. LastPass uses a sophisticated algorithm to strengthen a user’s master password but should that be weak – i.e. one simple English lower case word – users will still be at risk. Always encourage your customers to choose strong passwords.

5. mSpy

Ironically, a company offering software that allows people to spy on others (parents on children, employers on staff, etc.) was ‘spied’ on itself in 2015 – a cyber attack that mSpy repeatedly denied. But when its database appeared on the dark web, it was clear that emails, text messages, payment details, passwords and more had been exposed.

The lesson:  It’s alarming that a company would go to great lengths to minimize reputational damage by downplaying a data leak, when thousands of children could now be vulnerable to online predators. If you ever fall victim to a data breach, have a plan in place to reassure your customers.

From these five examples it is clear that cyber criminals strike for many reasons. By pre-empting the risks with stronger online security, you can better protect your customers and your reputation.

There are many ways to increase your online security, whether through data encryption, how you store customer records and the verification methods you choose. By offering additional authentication methods – the most popular being two step authentication, e.g. with an SMS one-time PIN – you can stop relying on passwords only. Should your database be compromised, your customers will have the peace of mind that no one can access their accounts without this additional form of verification.

Find out how two-factor authentication can improve your application security or if you run an e-commerce website, read more about Clickatell’s two-factor authentication plugin for WordPress.