Big numbers can be intimidating, especially when they are referring to sensitive data under attack as we tot up the year in data breaches, cybercrime and surveillance scandals.
Everything, everyone: online
In just one day in March 2014, a record 64bn messages were sent using WhatsApp. The Cisco Visual Networking Index expected the final match of the 2014 World Cup to generate 4.3 exabytes of IP traffic – three times that generated by Brazil’s entire population of 201m in an average month. In October, analytics from GSMA Intelligence showed that, at over 7.2bn, there are more SIMs on Earth than there are people, while the world’s online population surpassed 3bn in November.
What this all adds up to is a world that is increasingly connected to the internet, and growing more so. The United Nations Broadband Commission believes that, by 2017, half the world will have access to the internet and, by 2020, Ericsson predicts that some 90pc of people over the age of six will have a mobile phone.
Our world is hyper-connected. Our data is easily shared – and, thus, it is increasingly at risk of being compromised.
Please share data responsibly
Information security risks have a lot to do with criminals and hackers up to no good – and we’ll get to those numbers in a moment – but users themselves need to take heed of these figures and examine their own role in securing their data online.
Yes, users became more aware of data security in 2014 following a string of high-profile hacks – yet ‘123456’ is the world’s No 1 password.
Education certainly plays a role, as it can be tricky to explain SSL vulnerabilities to the 11pc of Americans who think that HTML is an STD. Then there’s the six people who agreed to Ts&Cs that required them to give up their children for free Wi-Fi.
The world’s No 1 password in 2014. Photo by Africa Studio/Shutterstock
Big Brother is watching you
And, in 2014, users became painfully aware that it wasn’t just hackers after their data; governments wanted to tap into these online mines of information too.
Verizon Communications estimated that governments were responsible for 87pc of all online spying in 2013 and, last summer, NSA documents appeared to show that the US authorised surveillance of all but four foreign countries.
In its ninth transparency report, Google noted a 120pc rise in user information requests since 2010, while Facebook’s own report charted a 24pc increase in data requests from world governments compared to the previous year.
And where governments weren’t snooping into the affairs of citizens, they were creating sophisticated spyware to infiltrate other governments, as is suspected to be the origin of the mysterious Regin spy bug uncovered by Symantec in November.
A sign pictured during a rally against mass surveillance in Washington, October 2013. Photo by Rena Schild/Shutterstock
The year’s biggest hacks and attacks
In 2013, overall IT security vulnerabilities reached their highest level in 14 years while Android malware saw explosive growth of 600pc in just 12 months. As hacker attacks grew, FireEye calculated an average of 70 new infections in enterprises per day
A record number of DDoS attacks were recorded by Arbor Networks in the first half of 2014, while phishing attacks jumped 43pc in June, according to RSA.
Irish firm Trustev estimates that there are more than 250m compromised identities and credit cards available for sale online and gangs of cyber-criminals are said to be able to sell access to compromised computers for as little as US$0.10 per computer.
Here’s a run-down of some of the year’s biggest cyber-attacks, data breaches and snooping scandals:
January:
- 4.6m Snapchat users’ mobile numbers and usernames published by hackers
- 750,000 spam emails sent from a smart fridge infiltrated by hackers
February:
- The largest DDoS attack recorded in Europe clocks in at 400Gbps
- 750,000 bitcoins (estimated value of €273m) lost when MtGox, one of the largest bitcoin exchanges goes offline
- 1.8m Yahoo users’ webcams accessed and used by UK spy agency GCHQ
April:
- 22,000 unsuspecting users’ computers were turned into ‘zombie’ hosts to facilitate a DDoS attack
- 17pc of the internet estimated to be compromised by the Heartbleed OpenSSL vulnerability, which was said to have existed for two years before its discovery
- 900 tax ID numbers stolen from the Canada Revenue Agency by exploiting Heartbleed
- Three bank clerks from Lloyds TSB in the UK were alleged to have attempted to steal stg£2m from the bank’s computer system by plugging a hardware device into a colleague’s computer
May:
- Exactly one month after the Heartbleed security vulnerability was discovered, a security expert claimed 300,000 servers worldwide were still under threat from the bug
Security company Codenomicon gave Heartbleed both a name and a logo, contributing to public awareness of the issue. Image by Leena Snidate/Codenomicon
August:
- Russian gang is alleged to have amassed 1.2bn username and password combinations from vulnerable websites in what was dubbed the ‘hack of the century’
September:
- A collection of over 500 private photos stolen from iCloud accounts of various celebrities was published on 4chan
- After more than 40 hours of investigation, Apple denied that the theft of these photos was a result of any loopholes or vulnerabilities in its services
October:
- JP Morgan Chase found itself at the end of a leak of 76m account-holders’ data in one of the largest data breaches yet
- Hackers claimed to have gained possession of 200,000 images sent via Snapchat
- Hackers claimed to have stolen the credentials of almost 7m Dropbox users
November:
- Home Depot revealed that the online breach of 53m customers’ data resulted from a flaw in its system that grew after hackers obtained a vendor’s username and password
- More than 300 unsecured webcams in Ireland were among over 73,000 used to stream live feeds to a website
- Hackers going by the name of Guardians of Peace throw Sony Entertainment’s entire computer system offline and release a gigabyte of stolen material online
This is what reportedly appeared on the screens of computers in Sony Pictures’ network following a hack by Guardians of Peace. Photo via Reddit
Main data security image by Nomad_Soul via Shutterstock