As undeniably advanced cyber security has become, in many respects, it’s equally impossible to refute the idea that it still has quite a way to go. This has been made evident to business, financial and tech security breaches, hacking incidents and mass identity thefts that have been documented. From consumer retail and payment processing to health care and software, virtually no commercial sector has gone unaffected by this phenomenon.
In order to fully understand what vulnerabilities may need to be faced in the future, it’s important to examine the circumstances regarding some of the biggest and most damaging hacks and breaches in recent history.
Target and other major retail hacks
In 2013, Target effectively became synonymous with “hacking” and “data breach.” As noted by IBM’s SecurityIntelligence blog, the attack on Target’s databases took place during 2013’s holiday season and exposed, in whole or part, the personal and financial information of 70 million customers. Additionally, about 40 million of the retailer’s credit card accounts were robbed in the hack. It cost approximately $240 million for Target to replace the stolen funds connected to those cards, and the chain’s public image was considerably besmirched – in part because Target didn’t go public about the hack until six days after IT staff discovered it.
The Target hack is arguably the best-known incident of its type for average Americans, but it isn’t the biggest. Four years earlier, in two separate 2009 attacks, cybercriminals hit J.C. Penney, 7-Eleven, the Nasdaq composite and the Dow Jones industrial average, as well as payment processor Heartland Payment Systems, according to 24/7 Wall St. The former cost the four companies about $300 million and compromised 160 million records, while the Heartland breach alone exposed 130 million credit card records.
Other massive retail hacks of the past decade include:
- TJX: The parent company of Marshall’s and T.J. Maxx had its network penetrated in 2005, with up to 94 million credit card accounts exposed. Financial losses were never fully estimated.
- Home Depot: Leading to at least $62 million in losses, hackers broke into the credit card information of 56 million individuals.
- Sony: The electronics company lost $170 million in settlements paid to compensate 77 million of its PlayStation Network users whose information was stolen in 2011.
Health care and information-related hacks
One of the biggest casualty of data breaches and hacks is, information. The 2014 Yahoo cyberattack exposed the personal information and login credentials of anywhere between 500 million and more than a billion users, according to security firm InfoArmor. This is the broadest hack of its kind to date.
What could be even more devastating in the near future is the trend of health care providers becoming a primary target for many different hackers. Both 2015 and 2016 saw many millions of medical records broken into: 113,267,174 and 16,471,765, respectively, according to HIPAA Journal. While 2015 featured several colossal hacks, including Anthem – Modern Healthcare reported that the insurer lost 78.8 million customer and employee records – the following year had a greater number of hacking incidents, with 113 individual cyberattacks occurring compared to 57 in 2015.
Medical files are an ideal target for black-hat hackers because of their comprehensive nature. Not only can these malicious actors amass millions of different names, addresses, phone numbers and credit card or banking information, but they can also get their hands on insurance policy data, which allows for the commission of insurance fraud, an extremely profitable crime.
If anything can be readily derived from an examination of these many hacking incidents, it is the uncertainty of organizations’ future in cyberspace. As cyber security has evolved, so too have the techniques used by the most skilled hackers.
What will ensure the most likely mitigation of cyberattacks and their damage down the road? The development of even more sophisticated encryption methods, thicker firewalls (figuratively speaking) and more thorough anti-virus programs is quite important. But these tools wouldn’t be much help without expert cyber security professionals to operate them and proliferate their usage throughout organizations.