BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    Use Cases and Industries
    See All Products
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

2014 - The year of the breach?

October 20, 2017

  • Blog
  • Archive

As 2014 draws to a close, many in the InfoSec community are looking back on what has been an eventful past 12 months.

In both scale and sophistication, 2014 has been a game changer. In the first nine months alone there were as many as 1,922 confirmed incidents with criminals managing to compromise 904 million records*. Household names, from Sony and Home Depot to JP Morgan and Kmart, have been compromised and new, ever more potent forms of malware have risen to the surface.

So what made 2014 different?

It essentially all boils down to money. 2014 has presented cyber criminals with many more opportunities to make money quickly and easily, without getting caught. Over the course of the year we've seen exploit kits evolve rapidly, making it much easier for cyber criminals with little technical knowledge to get started. Their success feeds the exploit kit developers and the cybercrime snowball grows and grows.

Undoubtedly one of the most common features of 2014 has been the prevalence of Point of Sale (POS) malware. Where previously this was only a small fraction of the malware market, 2014 has seen a notable spike with a string of high profile, retailers all seeing their POS systems compromised.

In September, US retail giant Home Depot revealed the details of a huge POS breach. The attack compromised the credit and debit card details of 70 million customers, as well as 53 million email addresses. The breach was the biggest in corporate history and to date has cost Home Depot in excess of $43 million, with the final bill only likely to rise.

A bigger playing field

Whilst cyber criminals have exploited POS vulnerabilities, they have also had one eye firmly on expanding their attack surface. The growing use of mobile devices, internet of things and social media have all acted as a vehicle for criminals to steal data or find a way onto the network.

In April, over 500,000 internet sites were exposed to the Heartbleed vulnerability. Residing at the very heart of the internet, Heartbleed may have been exposing users' personal information and passwords to hackers for the past two years.

Though it's clear 2014 has been an eye-opener, for many organizations the response has continued to be reactive by relying on antivirus technologies.

Keeping it simple in 2015

Looking back on the year, its apparent how many of these breaches and malware attacks could have been prevented by taking a more proactive security stance. Many organizations are still over-complicating their IT security by being over reliant on reactive measures such as Antivirus.

If organizations are to make one New Year's security resolution, it should be to create a more holistic and proactive security posture based on DiD (defense in depth) strategies. One which prioritizes simple, yet effective solutions such as privilege management, application allow listing and sandboxing to protect the endpoint.

To find out more about proactive security, and how Avecto’s Defendpoint technology can help, visit www.avecto.com/defendpoint.

* CSO Online - Nearly a billion records were compromised in 2014

Photograph of James Maude

James Maude,

James Maude is the Lead Cyber Security Researcher at BeyondTrust’s Manchester, U.K., office. James has broad experience in security research, conducting in-depth analysis of malware and cyber threats to identify attack vectors and trends in the evolving security landscape. His background in forensic computing and active involvement in the security research community makes him an expert voice on cybersecurity. He regularly presents at international events and hosts webinars to discuss threats and defense strategies.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Mapping BeyondTrust Solutions to the Identity, Credential, and Access Management (ICAM) Architecture

Whitepapers

Four Key Ways Governments Can Prepare for the Growing Ransomware Threat

Whitepapers

The Operational Technology (OT) Remote Access Challenge

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.