From the Heartbleed bug to large-scale (and highly publicized) data breaches, Shellshock to mobile threats—2014 did not leave us wanting for more in the security sphere. I’ve already discussed my predictions for 2015, and now I’d like to reflect on some of the most important security events of 2014 and what we’ve learned along the way.
First things first: Heartbleed
It seems like a lifetime ago that we first heard the term ‘Heartbleed’ and realized what an impact it could (and would) have to personal data security on the Web. In fact, it was just eight months ago, though much has happened since.
The discovery of Heartbleed prompted Internet users around the globe to update their passwords, for fear of leaked information, while developers scrambled to update their OpenSSL as quickly as possible. Referred to as the most widespread and perhaps debilitating vulnerability discovered to date, Heartbleed set the stage for a crippling year of cyber security threats. Unfortunately, many sites remain vulnerable. To ensure that you’re using trusted websites—use our Heartbleed Checker tool or download the app now.
Point-of-sale breaches: en vogue
Target, Goodwill, Albertsons, and P.F. Chang’s. These are just a handful of the companies that suffered large-scale data breaches at their point-of-sale systems in 2014. As cybercriminals continue to evolve their methods, and companies weather their attacks in the public eye, the need for strong security is more apparent than ever. From a consumer standpoint, the need to keep transactions isolated to a single (or one-time-use) credit card is also more apparent than ever. As these companies work to secure their systems and data , we too can shrink our attack surface and lessen any potential damage that may be felt from a breach by being smart about how and where we spend.
In addition to using a one-time-use credit card, you should check your financial statements on a weekly basis (at least). If you notice any suspicious activity, notify your bank at once.
Shellshock makes waves
As if one Internet-wide threat wasn’t enough for the year, Shellshock emerged in September just as many companies were picking up the pieces from Heartbleed. Shellshock is a vulnerability found in Bash (software used by millions of computers) that enables hackers to directly attack servers, routers and computers that are storing your personal information. Though it was discovered this year, our team at McAfee Labs™ anticipates that its effects will be felt for years to come.
Because it’s a software vulnerability, there is unfortunately not much you can do to protect yourself from Shellshock. Rather, device manufacturers bear the burden of updating their products so that they’re no long vulnerable. What you can do to help protect your data is update your devices as soon as software updates are made available. This will help ensure that you have the latest patches for bugs—as soon as they’re discovered and remediated.
Mobile threats: all shapes and sizes
Attacks on mobile devices came in all shapes and sizes this year, and they’re only expected to increase in 2015. From the “celebgate” attack that leaked the nude photos of many popular celebrities, to mobile spyware and attacks on Internet of Things devices, it has become apparent that hackers have found their new target(s) of choice. To protect your mobile devices from threats to come, I encourage you all to install our free mobile product, McAfee Mobile Security, on your Android or iOS device. It will help protect against known threats, and ensure that your personal life remains personal.