Reflecting on 2015: Security Moments That Made Us Pause
As I look back on 2015, it was the Year Hacking Got Personal, and criminals wholeheartedly stuck to the theme, launching attacks against several high profile companies and websites. In addition, ransomware hit its stride as one of the most popular forms of digital extortion, and researchers and consumers alike were awakened to the idea that the Internet of Things may not be as secure as assumed.
The year began in the wake of the massive Sony breach, which made cybersecurity policy a nationwide discussion. The security discussion continued to gain momentum as Net Neutrality came to a decisive vote in February, and again in April when Tesla’s site was hacked. June and July proved that “summer slowdown” doesn’t apply to cybercrime, as both the Office of Personnel Management and the dating site Ashley Madison were popped in quick succession, and researchers revealed just how possible it is to hack vehicles at Blackhat. Ransomware took center stage in the fall as Cisco’s Talos security team took down a sizeable chunk of the Angler Exploit Kit, and IoT is currently dominating headlines as the holiday shopping season descends.
With all of these sensational stories bringing the epidemic of cybercrime to the attention of media and therefore, the public like never before, it’s hard to pin one event as the watershed moment of the year — however, we’ve never shied away from a challenge at OpenDNS before.
We asked our customers and members of the OpenDNS Labs team to list not only the security moment that made them pause in 2015, but also what topped their 2016 security industry wishlist. Here’s what they shared:
What Security Events Made You Pause in 2015?
“The growing level of sophistication in credit card skimming operations, and how many large retailers in the United States have yet to fully adopt credit card chip technology is a bit concerning.” – Todd Thiel, Manager, IT Infrastructure at Veeva
“OPM (Office of Personnel Management). Mainly because of the magnitude and wide array of personal information.” – Leon Ravenna, Vice President Security & Compliance, Interactive Intelligence
“Hearing about the Valve password reset vulnerability was disappointing.” – Vinny Lariza, Security Analyst/Community Moderator, OpenDNS
“A trend, really. The breach and data theft from multiple healthcare insurers signals that much more than government secrets and financial holdings are considered valuable and targeted. Coupled with the breach of a toy vendor late this year, it appears PII from all commercial verticals is ripe for attack and exploitation.” – Neil Erath, AVP IT Infrastructure Security, Chubb Group of Insurance Companies
“The Lenovo superfish root certificate fiasco. Lenovo installed certificates on new systems to intercept SSL traffic and inject advertising into users traffic. Additionally, the recent eDellRoot self-signed certificate Dell installed in new systems. It was meant to make it easier for Dell customers to get support, but also made it simple for attackers to cryptographically impersonate HTTPS-protected websites.” – Josh Pyorre, Security Analyst, OpenDNS
“Although it was very recent, the Juniper backdoor issue was pretty massive.” – Kevin Bottomley, Security Analyst, OpenDNS
“It wasn’t a single incident that gave me pause in 2015. Every breach that impacted me personally gave me pause, three of which resulted in reissuing a credit card. I have “free” identity protection from 3 different identity protection services now. I won’t know whether to laugh or cry when I get the letter saying that one of my identity protection services was breached.” – Tom Hash, Director, Security Engineering, OpenDNS
“Ransomware – There was a realization that so many companies were getting hit. We had to prep for this one as if we were getting ready for some rough weather.” – Tom Olejniczak, Manager Network Engineering, Camuto Group
What Is On Your Security Wish List for 2016?
“I would really like to see Netflix’s FIDO platform develop a stronger following in the security community, and continue to mature into an ‘out of box’ integration hub for security solutions.” – Todd Thiel, Manager, IT Infrastructure, Veeva
“Tighter integration of SourceFire and OpenDNS.” – Leon Ravenna, Vice President Security & Compliance, Interactive Intelligence
“Improved phishing protection everywhere! Phishing is like the common cold, where just about everyone has dealt with it and there isn’t really a solid cure for it. Let’s find a solid cure for it.” – Vinny Lariza, Security Analyst/Community Moderator, OpenDNS
“Behavioral analysis of network traffic indicating systems and users where data loss is likely, even if not explicitly detected.” – Neil Erath, AVP IT Infrastructure Security, Chubb Group of Insurance Companies
“How about a constitutional amendment on strong encryption. If congress “bans” the use of strong encryption, only the government and criminals will have strong encryption. The 2nd amendment has held up pretty well over the years. A similar one regarding encryption is inevitable.” – Tom Hash, Director, Security Engineering, OpenDNS
“All in all I would really love to see an unencumbered, unsolicited, untracked Internet experience not bogged down by advertisements, spam, malware or ‘likes.’ Essentially a De-commercialized internet that would result in pure, raw information delivery. On both counts, I feel that OpenDNS has been after a similar common goal, which is to provide a safe, fast, and fun Internet experience.” – Tom Olejniczak, Manager Network Engineering, Camuto Group