Looking back on 2019 and the cyber security incidents that most threatened individuals and businesses, what can we learn?
Well, it turns out that two years after WannaCry released, it’s still having an effect on users all over the world.
The initial (2017) WannaCry ransomware attack was a “patching” lesson learnt for 200,000 victims and 300,000 infected computers across 150 countries. Why? Because the affected users would’ve avoided the ransomware attack if they’d updated Microsoft when the update became available.
Unpatched operating systems
The cyber criminals behind WannaCry took advantage of an OS vulnerability, knowing that users are often slow to patch their systems and applications, and that until the patch is installed there’s a window of opportunity for them to enter through that vulnerability.
When a patch is issued, criminals use software to compare the current software with the patch, thereby discovering the vulnerability and then carrying out their attack quickly.
WannaCry is still out there, and until users patch Windows 7 computers, we could see more attacks taking place.
In early 2019, the Marriott breach saw a record-setting 383 million guests’ personal information leaked (that’s double the score of the Equifax breach of 2017, which exposed the personal information of 147 million people) due to an unsecured database.
But the lesson to secure big databases wasn’t learnt. Facebook suffered three separate breaches during the course of 2019, and the biggest of these was linked to its poor password storage management, which saw 540 million records expose personal information that was left on unprotected servers.
SA cyber security stats
The South African Banking Risk Information Centre reported that cyber attacks across digital banking platforms alone increased by 75% in 2018 and resulted in losses of more than R262 million.
According to Kaspersky Lab, there were more than 13 500 attempted cyber attacks in South Africa every day during the first three months of 2019, showing an increase of 22% in malware attacks since 2018.
One of the biggest data breaches in South Africa last year was the attack on Eskom, which saw the private details of its clients exposed when hackers discovered an unsecured port and caused a database to become publicly accessible.
The browsing history of more than 1 million users, including South African mobile users, was leaked via web filtering software by South African ICT company Conor Solutions. The breached data base was unsecured and unencrypted, so again, it was an easy attack that could’ve been prevented with standard attention to cyber security.
More surprising than the endless incidents CNet reports online is that, for each breach, basic security measures weren’t in place.
What can we learn?
If you need to up your cyber security game, ask us about Panda Security, the top-of-range cyber security solution that will reduce the chance of a data breach.