While looking forward to 2017, it is also time to take stock of last year. What follows is a list of the 15 biggest data breaches by record count for 2016. We compile this list every year, and just by sheer record count, 2016 blew previous years away (thank you Yahoo!), and is an eye watering compilation of sensitive information and credential theft.Not on the list but also worth mentioning are the incidences of difficult to quantify, low record count but high impact breaches of political organizations, government agencies, and high profile individuals. More than before, 2016 was the year politics was shaped by breaches and breaches were driven by politics.
As you’re reading through the list and thinking “wow” and “I forgot about that one”, there are a couple other thoughts we would like to stimulate. To help protect yourself and your business from data breaches like this in 2016, we suggest the following:
- Know exactly what you have, where, and understand the value of it. Then focus resources on protecting what is important and do not expend every effort trying to protect everything with the same level of care.
- Come to terms with the reality that some form of breach has already occurred or will in the future. Help limit the impact by applying additional controls around your valuables and make sure you have a measured and appropriate response ready.
- Inventory and re-assess existing security capabilities. The threat landscape constantly evolves, as do security solutions. Quick gains can often be made by enabling new or expanding existing capabilities.
- Automate your security whenever possible and measure success using metrics from sources other than the solution or process in question.
And on a tactical level, be consistent with your credential practices:
- Store passwords and secrets in a credential manager
- Make each password (or better yet, passphrase) complex and don’t re-use
- Enable multi-factor authentication wherever possible