What We Learned from 3 Cyberattacks in 2016

Cybersecurity has been in the news close to every day for the past several months'. With foreign actors gaining access to highly private information from large companies and political parties and hacking collectives shutting down widely popular sites like Spotify, Netflix and Pinterest, there is a growing fear about how much more damage a cybercriminal or group could do.

No network is safe from a cyberattack, that much is plain. 49 percent of businesses suffered a network breach in 2016. What can be gleaned from these cyberattacks? Companies and organizations need to take precautions and invest in a solid cyberattack insurance plan. Can you afford to lose your data and tens of thousands of dollars in reparations?

The DNC Cyberattack
Based on intelligence reports confirmed by the FBI, CIA and NSA, it's official: Russia intervened in the 2016 presidential election by hacking into the Democratic National Committee's network, stealing private emails and releasing them to the American public with the aid of WikiLeaks.

The emails showed that the DNC's chair, Debbie Wasserman Schultz, did not want senator Bernie Sanders to get the democratic nomination and was hoping to tip the race in Hillary Clinton's favor. The release of the emails was explosive, and Wasserman Schultz was forced to step down as chair. It's been argued that if these emails had not been made public, Clinton might have won the presidential election.

What's to be learned from this attack? Passwords should be changed regularly and the network tested for security vulnerabilities routinely. If you have shared less-than-moral information with a confidante via email, you could fall prey to a cybercriminal with a vendetta against your organization. It won't matter how well you performed at your job or how liked you were by your peers; you will be defined by your dishonest turn of phrase, sullying you (and your company's) reputation.

The Dyn DDoS Cyberattack
In October 2016, a hacking collective launched the largest DDoS cyberattack to date on the DNS server provider Dyn, a New Hampshire-based company specializing in routing internet traffic and managing website domains.

Using IoT devices, the cybercriminals responsible for the attack used botnets to infiltrate connected devices (cameras, monitors, televisions, phones, etc.) and overload Dyn's systems. This disrupted user traffic and caused popular sites like Amazon, Etsy and Twitter to go down for hours.

What can be taken from this attack? According to Nathaniel Gleicher of Dark Reading, the "systemic [security] flaws leave [users] vulnerable to many kinds of attacks." By connecting online accounts and smart devices, the public is making it easier for cybercriminals to hack into their network and their many social media profiles, finance and retail accounts. Essentially, a hacker just has to gain entry into a single account to get access to every other account. Gleicher writes that the cloud and other types of data centers have "glaring security flaws." By trying to make logins fast and easy, security features have been ignored, giving cybercriminals access to private information.

The Yahoo! Cyberattack
Last September the public learned that 500 million Yahoo user accounts had been breached. Three months later, Yahoo confirmed that 1 billion accounts had been corrupted.

Using forged cookies, the cybercriminals responsible for the attack were able to get into user accounts unnoticed. Pieces of code were left in user browser caches, leaving the accounts open to the cybercriminal and ripe for the picking.

People tend to use the same username/email and password for multiple accounts. This makes it incredibly simple for a cybercriminal to steal data from any number of accounts because there is no preventative security. Lesson learned: use different usernames and passwords for different accounts. If the hacker really wants to get into your network, make them work for it.

If your preventative measures should fail, don't rush to alarm. A cyberattack insurance plan will cover the costs of the damage and get your company back on track. Click here for a free cyber insurance quote with CyberPolicy.

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375