6 Lessons From Major Data Breaches This Year

Though many incidents stemmed from familiar security failures, they served up — or resurfaced — some important takeaways.

7 Slides

Data breaches can have many causes, but most of them boil down to an organization failing to do something or detect something they should have if they had been following security best practices.

Even so, these attacks can reveal a lot about the bad guys' tactics, techniques, and procedures, the state of malware, and developing trends on the threat horizon.

Many ransomware attacks, for instance, might have the same root cause — like a poorly configured RDP server that provides an initial foothold on the network, or a user clicking on a malicious attachment and downloading malware on their system. Yet today's ransomware attacks are very different from those of even a year ago. Many involve double- and triple extortion schemes where attackers not only encrypt data but also use data theft and denial-of-service attacks as additional forms of leverage. As a result, the impact of ransomware attacks — and the responses to them — are different today than they might have been just a year ago.

Similarly, while phishing continues to be one of the most common initial attack vectors, phishing schemes themselves have become a lot more sophisticated and targeted, with many attacks now combining the use of email, text messages and phone calls.

Here's a look at some breaches or clusters of similarly themed attacks over the past year that served up (or resurfaced ) some key lessons for security leaders.

About the Author(s)

Jai Vijayan, Contributing Writer

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights