#MIDDLEBURY
By JUSTIN GOLDEN
The ancient Roman God Janus is depicted as having two faces, one facing forward and the other backward. He looked to the future as well as the past. The month of January is sometimes credited to Janus as it begins the new year while it ends the old.
Some of the notable events that occurred in 2016 in terms of cyber security, e.g., hacking, phishing, and ransomware may provide clues to what 2017 holds in store for us.
The most notable occurrence was the hacked emails of the former chairman of Hillary Clinton’s presidential campaign, John Podesta. He clicked on a link in an email he received from what he believed was a “trusted source.” What followed next was a treasure trove of emails to/from him to political leaders, campaign contributors, media and celebrities were released over the course of the primary and the presidential campaign season with devastating effects.
Hollywood Presbyterian Hospital suffered a ransomware attack that put its patients and their medical data at risk. A staff member was sent what appeared to be a routine email, possibly an invoice with an attachment. The receiver clicked on the attached file and then it was off to the races. The hacker locked the hospital’s medical records and offered to sell the hospital a “key” to the records for a large sum of money. Eventually, a more “reasonable” amount was agreed upon. Their files were made accessible to the hospital after it paid a ransom of $17,000.
In September 2016, Yahoo announced the hacking of over 500 million user accounts in 2014. They have now disclosed a different attack in 2013 compromised over one billion users. The information stolen included personal data such as names, dates of birth, telephone numbers and passwords.
CNBC’s Harriet Taylor, in a 2015 article on 2016 cyber security threats, said global security strategist Derek Manky predicted hackers would launch increasingly sophisticated attacks on everything from critical infrastructure to medical devices. He said smartphones present the biggest risk category going forward. They are particularly attractive to cyber criminals because of the sheer numbers in use and multiple vectors of attack, including malicious apps and web browsing.
Employee carelessness is a leading factor in online commerce troubles. Robert Cattanach, a cyber security expert and lawyer at Dorsey and Whitney, said, “Firms should have in place strict policies and procedures about handling data, as well as specific encryption and password rules.”
To reduce your company’s threat landscape, ensure that you have current anti-virus security installed and operational on every device connected to the Internet. Have the latest security patches installed by your computer vendor. Lastly, mandate education and training for you and your employees on the current information security best practices.
While we look forward to what the new year will bring, looking back on the previous year may provide us a view of both possibilities and threats.
Golden Technology Services Inc. assists its clients in improving their cyber security. They can be reached at 972-679-9738 or justin.golden@gtscloud.com.