The Top Cybersecurity News Stories of 2021: From Apple to WFH (and Everything in Between)
Far beyond affecting just the technology industry, cyberattacks in 2021 were a mushroom-cloud explosion, reaching their crafty, digital tentacles into every facet of modern life.
According to the Identity Theft Resource Center, the number of data breaches this year surpassed the total number of 2020 breaches in just the first three quarters of 2021. So, what happened? And how do we fix it? Here’s a recap of some of the biggest data breach and other cybersecurity news stories of the year, a month-by-month recap of some of the biggest hacks, attacks, and other activity from the last 12 months.
January: Federal Data Breach Sets the Tone for 2021
The year kicked off with a public reporting of the U.S. Federal Government data breach. The severity of the attack was initially downplayed, but by January 2021, the public was starting to understand the full scope. In the spring of 2020, hackers added malicious code into the software of SolarWinds, Microsoft and VMWare. When SolarWinds sent software updates, the hacked code created a back door to the customers’ information and private data. Even worse is that the breach went unnoticed for many months, potentially exposing sensitive data from 300,000 of SolarWinds’ customers, which include some Fortune 500 corporations and U.S. government agencies, among others.
February: Investigations Find Poor Communication, Lack of Standards
Seeing how vulnerable and long-reaching a simple software update could be, the government and watchdog agencies worked to figure out a solution before the next cyberattack could happen. In late February, the House Oversight and Homeland Securities committees held a hearing to help figure out what happened in the massive SolarWinds hack, and who they can blame. Cybersecurity experts are pointing their fingers at Russia’s Foreign Intelligence Service (SVR), but experts also testified that a general lack of trained cybersecurity personnel, poor communication between companies and government agencies, and absence of smart practices and global standards helped create the cybersecurity gaps. The opportunity for a breach was basically a pie cooling on the windowsill, just waiting to be eaten.
March: $40M Paid in Insurance Ransomware Incident
At first, the ransomware attacks seemed to be operating quietly, with the hackers locking down an entire network and only giving back the encryption key if the target paid up. In March, CNA Financial, a major insurance company, paid the $40 million in ransom to get their huge volume of data back. While payments aren’t usually disclosed, this ransom payment is bigger than any previously disclosed payments to hackers, according to people familiar with ransomware negotiations, and by it being made public, potentially inspires other cybercriminals to ratchet up their extortion rates.