1/23/2014

The 13 Worst Security Threats of 2013

Follow GFI:

HOME

ABOUT US

TRIALS

BLOGROLL

VIDEO

TOP POSTS

CONTACT

The 13 Worst Security Threats of 2013

Christina Goggi on December 26, 2013

As 2013 draws to a close, it is only natural to take a moment to look back on the year that was, and evaluate it for both the ups and the downs. Was 2013 a good year or a bad one? Were there significant events that will help shape the course of 2014 and beyond, or was it wholly unremarkable and destined to fade into history? Wiser minds than mine will have to make that call, and it will likely vary from one reader to the next, but what we can do is take a look back at the past year to reminisce about the worst security threats of 2013. The philosopher poet George Santayana offers us some words of wisdom that we should all take to heart. Those who cannot remember the past are condemned to repeat it. By reviewing the major security threats of 2013, perhaps we can learn a lesson or two, and avoid repeat performances in 2014. Lets run them down and see what we can learn.

1. Human nature
First up is more a category of attack than any one specific event. Phishing attacks target everyone from your grandmother to your CEO, and unfortunately for big business, those big paychecks and stock options dont always indicate a more savvy understanding of security. A report recently published in Network World indicates that two out of three security pros surveyed have had to deal with a security incident that was not publicly disclosed, and that the majority of those incidents trace back to a senior executive. These included falling victim to phishing attacks, permitting family members to access corporate resources, downloading malware, and surfing porn. I guess we know why things werent disclosed.

2. Ransomware
Cryptolocker was the big killer malware this year, with the novel approach of encrypting all of a victims files and then holding them at ransom. Pay up, and the victim would be given the private key to decrypt the files. Hold out, and all that data would be rendered useless. While malware has been and always will be a problem, ransomware highlights the need for both strong antivirus solutions, and backups of important data that are not accessible to regular users.

3. State sponsored hacking

There were lots of reports this year of hacking as an organized activity sponsored by national governments. Whether from Syria, China, North Korea, or the United States, it seems that theres more to be worried about online than Nigerian princes and tenth graders with too much time on their hands. State sponsored hacking targeted more than just key pieces of infrastructure, with many commercial enterprises finding themselves targets as part of a larger plan to disrupt economies.

4. Hactivism
Anonymous, Luzsec, the Syrian Electronic Army and others all contributed to a rise in hacking to make a point, aka hactivism. Governments, businesses, and individuals all found themselves on the receiving in of digital bit-slaps as hactivists used the Internet to express their displeasure with actions, inactions, and public statements.

http://www.gfi.com/blog/the-13-worst-security-threats-of-2013/

1/4

1/23/2014

The 13 Worst Security Threats of 2013

5. Censorship
In the Information Age, where free and unfettered access to information is just a given for so many, its amazing how many countries still promote censorship of content. While I am all in favor of censoring things that exploit innocents, promote hatred and bigotry, or are clearly illegal, when a government starts to block what news and educational content is available, the line has been crossed and individual freedoms are now threatened. While it comes as no surprise that countries like Cuba and China are censoring what their citizens can access, Id expect better from Pakistan and Australia, and yet, both are implicated in numerous efforts to censor the Internet.

GFI Fixes It
How to Prevent Users from Changing GFI WebMonitor Proxy Settings in Firefox Using Group Policies
M ore articles

6. BYOD
With the prevalence of personal laptops, iPads, Android and Windows tablets, and smartphones flooding the market, its clear that 2013 has become the year of BYOD with users clamoring for access to company data from personal devices. Email is only the start, with messaging, corporate portals, and Line of Business (LOB) applications starting to make inroads into the BYOD space. Many security professionals found 2013 to be the year they moved from securing the device, to securing the data.

GFI World IT Dojo MSP Insights SMB Zone Tech Zone

7. HaaS
Have laptop, will travel. In an older time, Paladin was a character with a romantic background who ultimately helped people. In modern times, hackers for hire are a growing phenomenon that is starting to come to prominence. Hacking as a Service providers are just looking to hire out their talents they dont much care what the job is, as long as it pays.

8. PRISM, MUSCULAR, and the NSA

While we may never know the extent to which the United States own National Security Agency has gone to subvert individuals privacy in the name of national security, one thing everyone can agree on is that they have gone too far. Another thing most ISPs can agree upon is that the damage done to the trust their customers have had for them may be so bad as to be beyond recovery. Major players like Microsoft, Google, and Yahoo have not only gone to great lengths to be completely transparent to their customers; they are pouring millions of dollars into legal actions to fight the NSA and their actions, and are implementing encryption within their own networks to better protect their customers from the governments prying eyes. What Edward Snowden did when he revealed the actions of the NSA may well be treason, but theres a growing sentiment that he may be a hero to people everywhere for revealing what is really going on.

All TalkTechToM e TalkTechToM e TV GFI Patch Central

Find us on Facebook

GFI Software
Like

48,207 people like GFI Softw are.

9. Social faux pas

Have a read of The 17 Facepalm Moments that Rocked Twitter and then consider the impact that inappropriate or unauthorized tweets and Facebook posts could have to your business. Embarrassment, loss of goodwill, alienation of customers all of these could happen should your Twitter account be hacked, or that intern who is handling your Facebook page makes a post that he thinks is funny but your customers dont. Make sure that you are using strong passwords that are frequently changed on all your social media accounts, and that no one has the authority to post something without someone else reviewing it.

Facebook social plugin

10. (The lack of) Encryption

Any data that leaves the four walls of your business should be encrypted. That means laptops, memory sticks, portable hard drives, and backup tapes should all be encrypted without exception or fail. The number of incidents where customers and patients NPI was compromised due to lost or stolen hardware this year was huge, and everyone from colleges and banks to hospitals and federal agencies were involved. The costs to cover people against identify fraud from these incidents will likely total in the billions of dollars US, and in every single one of these incidents, simply encrypting the data could have avoided it all.

11. Website vulnerabilities

Hacking websites is still popular, and no wonder, considering what a successful hack can get. Someone compromised 250,000 accounts hacking Twitter earlier this year, while a hack of Virginia Techs website revealed NPI on over 110,000 job applicants. Even the University of Delaware fell victim, with 74K students, faculty, and staff finding their personal information was accessed by unauthorized attackers exploiting a vulnerability in the universitys website.

12. Website stupidities

Its bad enough when your website has a vulnerability, but when someone simply does

http://www.gfi.com/blog/the-13-worst-security-threats-of-2013/

2/4

1/23/2014

The 13 Worst Security Threats of 2013

something stupid, it may be time to pull the cable. Cogent Healthcare blamed their vendor for the online exposure of 32,000 patients medical information, which was conveniently indexed by Google, but they should take heart. The Internal Revenue Service posted 100,000 citizens NPI online for a period of time, setting the bar low indeed.

13. (The lack of) DLP

Finally, the lack of data loss prevention can be a significant hole in your overall security posture. Just ask investigators at the New York Medicaid agency, where an employee emailed themselves the account NPI of over 17,000 Medicaid recipients. While DLP should have caught that, Im amazed that their email system didnt choke on what had to be a pretty large attachment! Whether you would call your own personal 2013 a great year or a terrible one, a year to fill you with hope for next year or dread, there are 13 lessons to be learned from others over the course of this year. Review the list above, consider your own security, and work to make 2014 a good year for you and yours.

About the Author: Christina Goggi

Christina is Web Marketing Content Specialist at GFI Software. She is a keen blogger and has contributed content to several IT sites, besides working as an editor and regular contributor to Talk Tech to Me. Christina also writes for various publications including the Times of Malta and its technology supplement.

Like

Tw eet

14

Share

Leave a Comment
Name Email Website Comment
Required Required

Notify me of follow-up comments by email. Notify me of new posts by email.

Recent Posts
If youre going to do video content, do it right! IT administrator, could this blog post change your life? IT security: A small and medium-sized business checklist 2014: The year of doing more with web filtering data? [Infographic]

Tech Zone
IT administrator, could this blog post change your life? 13 New Years Resolutions for Every SysAdmin 2013 - The Technology Year in Review The 13 Worst Security Threats of 2013

Recent Comments
The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins Running XP? Tick-Tock, Youre On the Clock 10 Tips to Enforce Your Online Security The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins

http://www.gfi.com/blog/the-13-worst-security-threats-of-2013/

3/4

1/23/2014

The 13 Worst Security Threats of 2013

TalkTechToMe - Copyright 2014 GFI Software | Privacy Policy | Copyright | Blog Terms of Use | Contact

http://www.gfi.com/blog/the-13-worst-security-threats-of-2013/

4/4