“Have you been good this year?” every bright-eyed child is recalling 2019 to answer that question this time of the year. Everyone wants the reward of being on the nice list and avoid the repercussion of being on the naughty list. In the cybersecurity space, there have been plenty of organizations that have made advancements in security to qualify for a stuffed stocking. However, there are also plenty of organizations that have let their guard down, allowed a data breach, and are finishing the year with a big lump of coal. We decided to compile a list of our own, we’ve checked it twice, and we’re highlighting the “nice” and “naughty” from 2019.
The Naughty List
Adobe – Close to 7.5 million Adobe Creative Cloud user records were exposed on public browsers without the protection of a password or other forms of authentication. No one know for sure, but it’s believed that the data was exposed for about a week. None of the information was sensitive enough to cause immediate damage, but the data could be used to create phishing campaigns that could have more devastating results. Hackers could pose as Adobe to gain access to financial records, passwords, or other valuable information.
Capital One – Deemed one of the largest breaches of the year, Capital One’s data breach exposed the information of 100 million people in the United States and 6 million in Canada. The data obtained was information from credit card applications, as well as credit scores, credit limits, balances and transaction data. Thankfully no bank account numbers or Social Security numbers were compromised. However, the impact of the breach could cost anywhere between $100 million to $150 million.
Facebook – The massive social media platform revealed that they had been storing passwords of as many as 600 million users in plain text inside its internal system. No evidence has been revealed that the records have been improperly accessed internally. This can be traced back as far as 2012. Users who haven’t had their password securely stored should be receiving a notice from Facebook. All users of Facebook should change their password.
The Nice List
UAB – The University of Alabama at Birmingham is taking the initiative to make sure their faculty and students secure their information. UAB has implemented a mandatory 2 factor authentication called Duo Security for all logins onto the university portal. This not only secures the information of all individuals associated with the university, but it also teaches students the importance of multistep authentication. Making 2 factor normal is essential in changing the cybersecurity culture.
Mozilla – New testing in 2019 determined that Mozilla Firefox is the most secure browser. Firefox was tested alongside some of the most popular browsers by The German Federal Office of Information Security (BSI). The results showed that Firefox met all of BSI’s browser requirements. Some of the requirements included having a list of trusted certificates, supporting HTTP Strict Transport Security, allowing the deletion of passwords from the browser’s password manager, and letting organizations run locally-stored URL blacklists. It may not be the most popular browser, but in privacy and cybersecurity, Firefox is top notch!
Synthesia – The AI company Synthesia puts ethics at the front and center of what they are doing. They do not disregard the responsibility they have as a company developing new technologies. Synthesia lays out these ethics plainly on their website. These include keeping people first, never offering software for public use, never re-enacting someone without their consent, and promising to continue researching and developing new technologies for the future of synthetic media.
The naughty and nice lists are set for 2019. For those who made the naughty list, stay diligent. 2020 arrives with fresh starts and new opportunities to close up those security gaps. Those who made the nice list in 2019 should already be looking at how to carry their momentum into 2020. It’s important to always be moving forward in cybersecurity and never allow complacency to creep in.
We hope you have a wonderful holiday season and from all of us at NXTsoft, Merry Christmas!