Every year, cybersecurity experts look at the previous year’s network security mistakes—the ones that resulted in massive data breaches and made headlines—to learn what went wrong and how those cybersecurity mistakes could be avoided in the future. 2018 was yet another year in a long, unbroken chain of years with major cybersecurity incidents (and 2019 is showing no signs of breaking the tradition, either).
Merely listing off the data breaches and the number of people who were affected by each provides a valuable lesson in vigilance. However, it’s important to look beyond the numbers to learn details about how each data breach occurred. With this information, it’s easier to glean lessons from these events that can be used to prevent future cybersecurity mistakes.
So, let’s study the events of the past so we aren’t doomed to repeat them:
The Marriott/Starwood Data Breach
The data breach suffered by Marriott’s Starwood properties was not just one of the biggest data breaches of 2018, it ranks high on the list of the biggest data breaches of all time—though not at the top. As reported by Computer Weekly, the network security breach “exposed the data of half a billion customers of the Marriott hotel group’s Starwood properties, including the St Regis, Westin, Sheraton, Aloft, Le Meridien, Four Points and W Hotel brands.”
The company’s booking system was the primary target of the cyberattack. According to Computer Weekly, the specific data stolen during the Starwood data breach included: “customers’ names, addresses, phone numbers, card numbers, passport numbers and even information about where and who they were traveling with.” Yet, oddly, officials cited in the article stated that “this information wasn’t used for any known financial gains or identity thefts.”
So, why would attackers target this information, if not to use it for financial gain? The prevalent theory is that the attack was politically motivated and was sponsored by a foreign state. As an NPR.org article cites: “preliminary indications show the breach was executed by hackers affiliated with the Chinese Ministry of State Security.” The stolen information could conceivably be used to track politicians and their associates, as well as to identify intelligence agents.
The most shocking part of this breach isn’t that the accounts of 500 million people were compromised—it’s that the breach took place over the course of four years before it was finally identified. The lesson here may be that no business’ cybersecurity architecture is absolute—and that actively checking for cyber threats and intrusions on the network is crucial.
Failing to routinely check for the presence of active intruders is one of the biggest network security mistakes that a company can make.
The Aadhaar Data Breach
While the cybersecurity breach that hit Marriott/Starwood was major, it still wasn’t the largest data breach of 2018. That dubious distinction goes to Aadhaar, which had a data breach compromising the personal information of 1.1 billion of India’s citizens. As reported by Avast (a free antivirus company), the data exposed in the breach included “Aadhaar numbers, names, email and physical addresses, phone numbers, and photos.”
The attackers were selling a portal into India’s Unique Identification Authority for around ₹500 according to the Avast article—which, at an exchange rate of 1 rupee equaling about $0.014 (based on the exchange rate as of Feb. 3, 2019), is $7 in U.S. currency. For $7, it would be possible to buy instant access to the personal data of 1.1 billion people.
In fact, according to a Washington Post article about the Aadhaar data breach, reporters were able to get into contact with an unnamed individual to buy access to the portal and that, for an additional $5, “the individual offered reporters software to print out unique identification cards, called Aadhaar cards, that can be used to access various government services including fuel subsidies and free school meals.” This would create an enormous opportunity for unscrupulous individuals to commit fraud with the stolen information.
Unfortunately, information about the breach remains limited, and an official statement from the Unique Identification Authority cited in the Post article says that “Claims of bypassing or duping the Aadhaar enrollment system are totally unfounded. Aadhaar data is fully safe and secure and has robust, uncompromised security.” Because of this assertion that no breach has occurred, there are no details known about what kind of cyber threat caused the alleged breach, who is behind the attack, and what, if any, network security measures could be taken to prevent future breaches.
So, what’s the lesson here? The primary takeaway is that no organization, regardless of size, is immune to cyber threats. Even the biggest government-sponsored programs can be targeted and successfully breached if they have any flaws in their network security architecture.
An alternative lesson could be to ensure that there are no unused or extraneous user accounts in your network, as these give attackers opportunities to access sensitive data. By deleting unused user accounts and restricting the access privileges of active accounts to the absolute minimum required, the effects of a cybersecurity breach can be minimized.
These two data breaches are far from the only ones that occurred in 2018. With 2019 poised to be yet another year full of major cybersecurity incidents, however, it is important to learn from the network security mistakes of others and take proactive measures to protect your own organization.
Need help securing your network against cyber threats? Talk to the team at Compuquip for help and advice today!
Back to Cybersecurity Basics
Master the 8 basic elements of a strong cybersecurity posture.