We’re only a short way in to 2015, and already a handful of cyber security incidents have set the industry abuzz.
Perhaps most notably, just as President Barack Obama was closing up his speech on the nation’s response to increased incidents of cyber crime, the U.S. military’s Twitter account was compromised by a terrorist organization.
That, in part at least, prompted PM David Cameron and the U.S. president to meet and discuss counter-cyber terrorism war games – exercises, said to be the first of their kind, that will start later this year for those working in IT security jobs in the financial sector.
Free eBook: Modern Retail Security Risk – Get your copy now.
A look at the main cyber security incidents of 2014 indicates that such a robust response seems to be needed.
1. Sony data breach
It is likely that “The Interview” will be one of the most watched movies of all time. It will certainly be one of the most discussed movie launches ever, largely because it was the focus of the massive data hack on Sony Pictures.
Coming towards the end of the year, this cyber attack quickly became the cyber security incident of 2014.
It involved a wide, sweeping attack on the film-making giant’s computer systems, resulting in the loss of personal information for celebrities and Sony employees alike, not to mention the exposure of sensitive corporate data.
The breach dominated the media’s attention well after the attackers forced Sony to pull the theater release of “The Interview,” a decision which the company eventually reversed with the help of a little presidential involvement.
According to an investigation launched by the FBI, it was concluded that North Korea was behind the attack.
2. iCloud hack
Though the theft and wide scale dissemination of private pictures from iCloud members was horrendous, the aftermath was nowhere near the scale of Sony.
That being said, what it did show was that everyone is vulnerable to some degree. Celebrities were most affected by the incident, but thousands of non-famous people saw credentials stolen, private pictures made publicly available, and activity histories illegally collected.
3. eBay
One of the internet’s ecommerce giants, eBay was dogged by issues through 2014. Back in February and March, some employees had their login data compromised, which in turn jeopardized the data of nearly all of eBay’s 145 million customers.
The second large scale incident came in September and saw a scripting attack directing some users to a malware site to steal personal details. The slow response by eBay was criticised in the media.
4. Heartbleed
A bug in OpenSSL, which is used by around 90% of websites, Heartbleed enabled anyone to access memory systems in vulnerable versions of OpenSSL code.
Despite being found in April, at least 300,000 infected systems were still affected in June. It was also revealed that the NSA had been exploiting the bug for some time.
Today, cyber security specialists need to be aware of threats from a number of areas – from other states, individual criminals, groups and hacktivists. It seems almost inevitable that 2015 will see some high-profile attacks, which is why companies need to ramp up their IT security recruitment drives with an emphasis on increasing the number of risk and compliance jobs in their organisations.
About Acumin
Acumin is an international Information Security and Information Risk Management recruitment specialist. The company works with a variety of markets comprising of End Users, IT Security Vendors, Systems Integrators and Consultancies.
Acumin provides a range of specialist services which include contingency Permanent Recruitment, Contract Recruitment and retained Executive Search. For SMB and Enterprise End User clients, Acumin facilitates the development of internal Information Security and Risk Management teams across the UK, Europe and United States.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.