Cyber Security : TOP DATA BREACHES (IN LAST FEW YEARS)

TOP DATA BREACHES (IN LAST FEW YEARS)

 

 

Cyber security is the application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber attacks. It aims to reduce the risk of cyber attacks and protect against the unauthorized exploitation of systems, networks and technologies.

 

Data Breaching

 

A Data Breach is an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner. A small company or large organization may suffer a data breach.

Types Of Data Breaches
Types Of Securities
Breaching Methods Observe Across Industries
Figure 2 :Breaching Methods Observe Across Industries

 

 

 

 

Most data breaches are attributed to hacking or malware attacks. Other frequently observed breach methods include the following:

  • Insider leak :A trusted individual or person of authority with access privileges steals data.
  • Payment card fraud: Payment card data is stolen using physical skimming devices.
  • Loss or theft: Portable drives, laptops, office computers, files, and other physical properties are lost or stolen.
  • Unintended disclosure: Through mistakes or negligence, sensitive data is exposed.
  • Unknown: In a small of number of cases, the actual breach method is unknown or undisclosed

 

Table 1 : Top 20 breach victims based on number of records stolen

 

Date

 

Organization

 

Industry

 

Number of Records Stolen

2005

 

AOL

 

ISP

 

92,000,000

 

2006

 

TJX Companies

 

Retailer

94,000,000

2008

 

National Archive and Records Administration

 

Government agency

 

76,000,000

 

2008

Heartland Payment Systems  

Credit and debit processor

134,000,000

 

2011

 

Sony PlayStation Network

 

Electronics firm

 

102,000,000

2012

 

LinkedIn

 

Social media website

 

165,000,000

 

2012

 

Dropbox

 

File-sharing and hosting service provider

68,000,000

 

2012

 

Rambler

 

Internet portal and email service provider

98,100,000

2013

 

Tumblr

 

Short-blogging website

 

65,000,000

2013

 

Experian

 

Credit bureau

200,000,000

 

2013

 

Target

 

Retailer

 

110,000,000

 

2014

 

Yahoo

 

Email service provider

3,000,000,000

 

2014

 

eBay

 

Online auction website

145,000,000

 

2014

 

JP Morgan & Chase

 

Investment banking firm

 

83,000,000 (76,000,000 consumers.

7,000,000 small businesses)

 

2015

 

Anthem

 

Health insurer

78,800,000

 

2016

 

Myspace

 

Social media website

360,000,000

 

2016

 

Adult Friend Finder

 

Adult website

 

412,200,000

 

2017

 

Equifax

 

Information solutions company

145,500,000

 

2017

 

My Heritage

 

Genealogy-testing service provider

92,283,889

 

2018

 

Under Armor/MyFitnessPal

 

Fitness mobile app

150,000,000

 

 

So, The Question is How Dose a Breach Occurs?

 

Figure 3 : How Does a Data Breach Occurs

How Does a Data Breach Occurs

 

 

Research

The attacker, having picked a target, looks for weaknesses to exploit employees, systems, or the network. This entails long hours of research on the attacker’s part and may involve stalking employees’ social media profiles to find what sort of infrastructure the company has.

Attack

Having scoped a target’s weaknesses, the attacker makes initial contact either through a network-based or social attack.

In a network-based attack, the attacker exploits weaknesses in the target’s infrastructure to instigate a breach. These weaknesses may include, but are not limited to SQL injection, vulnerability exploitation, and/or session hijacking.

In a social attack, the attacker uses social engineering tactics to infiltrate the target network. This may involve a maliciously crafted email sent to an employee, tailor-made to catch that specific employee’s attention. The email can phish for information, fooling the reader into supplying personal data to the sender, or come with a malware attachment set to execute when downloaded.

Exfiltrate

Once inside the network, the attacker is free to extract data from the company’s network. This data may be used for either blackmail or cyber propaganda. The information an attacker collects can also be used to execute more damaging attacks on the target’s infrastructure.

 

 

Conclusion

Make Yourself Secure

 

For Enterprises

 

  • Patch systems and networks accordingly.

 

  • IT administrators should make sure all systems in the network are patched and updated to prevent attackers from exploiting vulnerabilities in unpatched or outdated software.

 

  • Educate and enforce. Inform your employees about the threats, train them to watch out for social engineering tactics, and introduce and/or enforce guidelines on how to handle a threat if encountered.
  • Implement security measures. Create a process to identify vulnerabilities and address threats in your network. Regularly perform security audits and make sure all of the systems connected to your company network are accounted for.

For Employees

  • Keep track of your banking receiptsThe first sign of being compromised is finding strange charges on your account that you did not make.
  • Be mindful of what you share on social mediaDon’t get carried away. If possible, don’t reveal too much about yourself on your profile.
  • Secure all your devicesThese devices include laptops, mobile devices, and wearables.

 

By : Shlok Verma

TechdoctorIN

Channel was developed for Learning New About Artificial Intelligence , Machine Learning and With Innovative Project Ideas.  Channel has  Following Playlists

 

Channel link: https://www.youtube.com/c/TechDoctorIN

LinkedIn : https://www.linkedin.com/in/dr-pawan-whig-a9730b11/?originalSubdomain=in

Google Scholar: https://scholar.google.com/citations?user=AyrId_EAAAAJ&hl=en

TechDoctorIn is a very useful educational channel run by Dr. Pawan Whig Senior IEEE Member. The content is verified by him at it is very useful.

 

Dr. Pawan Whig

[email protected]

9811908699

Leave a Comment

Your email address will not be published.