Biggest cyber-security events of 2015; lessons learned for a safer 2016

• 2 million compromised records
• 38% increase in security incidents
• First hacked smart car
• First ransomware for Linux
• Launch of Windows 10 and privacy concerns
• 14 million US government employees exposed
• An embarrassing celebrity iCloud hack
• New strains of Android ransomware

These facts and numbers define 2015 in terms of cyber-security. It’s time to draw the line and review the most remarkable events of 2015 to see what we can learn from them.

Healthcare breaches

In 2014, medical fraud allegedly caused losses worth $272 billion across the entire US healthcare system. 2015 doesn’t fall short. Two major US-based health insurers, Anthem and Premera, were hacked, resulting in the largest theft of medical records to date. The Anthem Inc. breach exposed 78.8 million records, while 11 million records from Premera Blue Cross were leaked.

Lesson learned: Medical records are valuable assets. Cyber-criminals use them in schemes to obtain money for services and goods they don’t actually provide.

Hotel industry

In 2014, the retail industry was responsible for the largest number of identities exposed. This year, five major hotel groups confirmed data breaches at their properties. Hilton, the Trump Tower, Starwood Hotels & Resorts, Mandarin Oriental and White Lodging Services Corporation were victims of point-of-sale malware.

Lesson learned: The high level of traffic in hotels offers huge exploitation potential.

IoT breaches

In a controlled demonstration, security experts Charlie Miller and Chris Valasek accessed the Uconnect infotainment system of a Jeep Cherokee, hijacking basic functions and stopping the vehicle from miles away. The hack forced Fiat Chrysler Automobiles NV to recall 1.4 million vehicles.

The VTech hack affected about 5 million adults and 200,000 children, leaking photos of parents and kids. By linking stolen children’s names with their parents’ names, attackers could figure out the last names and locations of the kids.

Lessons learned: Firmware updates are crucial to any IoT device, be it a toy or a smart vehicle. Lawmakers need to resolve legal liability issues to avoid life-threatening events.

Ashely Madison

37 million people were registered to online dating site Ashley Madison before it got hacked. Intimate details about millions of users were exposed to the world. Embarrassment, million-dollar lawsuits, bounties on hacker heads and alleged suicides soon followed.

Lesson learned: Don’t use your work address on dating sites.

Telecom companies

One of UK’s major telecom companies was breached by hackers and some 4 million customers were exposed to data theft. The company website was hacked, and attackers accessed servers storing names and addresses, email addresses, telephone numbers and, most importantly, credit card and bank details.

Lesson learned: Script-kiddies can cause some serious damage to your business.

Last Pass

In June 2015, password management program LastPass was hacked and more than 7 million users were affected. In addition to encrypted passwords, cyber-criminals gained access to email addresses and password reminder phrases, rendering the service effectively useless.

Lesson learned: Never reuse passwords – especially your master password!

Experian

15 million records telecom customers held on Experian servers were exposed in October due to a faulty encryption implementation. The hackers stole names, addresses and Social Security numbers and sold them on the dark web.

Lessons learned: Encryption is awesome as long as it’s done right.

The Hacking Team

The Hacking Team, an Italian business that sells zero-day exploits to governments so they can break into systems, was itself hacked. The hack and subsequent dump of 400 gigabytes of its internal emails shed some light on the nature of exploit sales, how they’re negotiated, and how they’ve been kept in check by security protections.

Lesson learned: Hackers can be hacked. In the murky world of state surveillance, companies sell products used to commit violations of human rights and freedom of information.