Skip to main content

2016 was the year internet security died – so what can you do about it?

A user entering a password.
Image used with permission by copyright holder
2016 is the year that made hacking feel routine. Talk of state-supported hackers, stolen emails, and compromised passwords has become so commonplace that it’s easy to lose perspective on how unprecedented all this really is.

A single phishing email compromised a major presidential campaign, and one of the United States’ two main political parties suffered a security intrusion that compromised hundreds of thousands of emails. Many of the world’s largest webmail providers were compromised this year, as well. There’s a good chance your password and login is floating around the internet, up for grabs, unprotected.

Our privacy was another casualty of 2016. We’ve all learned the hard way that if you don’t take care of your own computer security, nobody will. Those big datacenters are only as secure as your personal online security habits.

That’s a scary thing to take away from 2016, but in some ways, it’s not really a surprise. We’ve all heard lectures from computer security experts on how unsafe certain online practices are — re-using passwords, not changing them on a regular basis, that kind of thing — but this was the year when we saw the consequences of those behaviors on a grand scale.

A series of unfortunate events

There’s no way to talk about security in 2016 without talking about the election. It can be argued that the DNC hack, and separate leak of John Podesta’s emails, may not have had a significant impact on the outcome, on real actual votes, and that’s fine. Yet the consequences of these events go beyond our political attitudes, and our personal political opinions.

Whether you’re liberal, conservative, or anywhere in between, such hacks should be troubling. Someone, somewhere, sent a presidential campaign manager an email with a link to change his password, and that was it. That’s all it took to seriously compromise a presidential campaign. Go look in your junk mail or spam box, and chances are you’ll find at least one email with a similarly potent payload.

There’s a good chance your password and login is floating around the internet, up for grabs, unprotected.

Strategy, personal communications, and an awful lot of personal information, were all compromised by that one email. While it’s easy to cast blame on the DNC for improper security, the online services it relied on are the same used by millions every day. Most politicians or political aides would be similarly damaged by such an intrusion. It’s a threat we should all take seriously on a personal level, because that’s the only way to protect yourself.

It’s easy to think of identity theft as some kind of impersonal threat. Your debit card gets stolen, maybe it’s used for a few suspicious transactions, and you’re out a couple hundred bucks while your bank gets it sorted out, right?

But would happen if your email was compromised? We all have emails and communications we’d rather other people not see. Imagine all those complaints about your boss, your job, your friends, intimate conversations between you and your family, all laid bare for a perfect stranger.

Breached

The DNC and Podesta email hacks were just the tip of the iceberg for 2016, and they’re just examples of what happens when your cybersecurity is lax. They aren’t the real reason we need to stop trusting other people to protect our privacy.

Let’s look at the numbers. Nearly one thousand major data breaches occurred in 2016, according to the Identity Theft Resource Center. Sounds like a lot, right? But wait – it gets worse. Those numbers don’t include the major data breaches suffered Google, Yahoo, Hotmail, and of course, Ashley Madison, because those breaches happened in years prior, though they were just recently publicized.

Chances are your information is out there, in one of those troves of data being traded in the dark corners of the web. A username and password, a medical record, maybe some emails. But we still don’t do very much to secure our online accounts. It’s still hard to feel threatened by data breaches without feeling paranoid.

Image used with permission by copyright holder

So let’s look at some different numbers. In 2017, about one in every thirty-six homes in the United States will be burglarized. That’s frighteningly common, so taking security precautions makes sense. Most people lock their doors and windows, and some buy an alarm system.

By comparison, about one in three people will have their personal data stolen next year. That’s even more common than burglary. Burglaries are more personal, more invasive, but do they cost more?

According to the FBI, an average burglary victim will lose about $2,000 worth of property in a home invasion, maybe a little more. That’s a lot, but it’s less than half of what you can expect to lose if your personal data is stolen. According to the U.S. Department of Justice, two-thirds of identity theft victims experience a direct financial loss totaling over $7,000 — and that figure is from 2014.

Identity theft is more insidious, harder to spot, harder to fix, and a much bigger threat to your livelihood than a home invasion. When someone breaks into your home, they’re often only inside for about eight to twelve minutes. If someone compromises your email, or social media accounts, you might not find out for months.

If you’re lucky, your data will be stolen as part of a big trove, something that will be reported, and you’ll find out quickly enough to change all your passwords. If you were individually targeted, like Hillary Clinton’s campaign chairman, John Podesta, you might only find out after an intruder has spent weeks rifling through your personal data.

Security, not paranoia

By now, you’re probably thinking about living in the woods somewhere like a bearded hermit. But before you do that, let’s take a step back. All of that scary stuff about how your personal information is probably out there right now, being pawed at by scary hacker-types? It’s a good thing.

Really. We should be thanking 2016 for all the identity theft, breaches, and celebrity social media hacks, because those events caught our attention. They put cybersecurity front and center and made us all wake up, and pay attention. Securing your personal accounts should be just as obvious as locking your doors at night, but before now, it’s been hard to make that case.

Now, all we have to do is look at John Podesta, the DNC, even Saturday Night Live star Leslie Jones, to find a reason to secure our accounts. Let these hacks be a lesson to all of us. If there’s one way we can all get back at 2016 for being truly awful, it’s by securing our digital lives.

Set a New Year’s date with a password manager.

Hit back at 2016 and those nameless, faceless hackers, for turning our election system inside out, for pitting us all against each other, and for airing everyone’s dirty laundry, by making yourself as hard to compromise as possible. Treat your passwords as seriously as you treat your house keys, treat your phone like you treat your car keys, and if you do nothing else: set up two-step verification for every account that you can.

You might pay for an alarm system, but you don’t expect someone else to protect your home and make sure your doors stay locked. We shouldn’t expect big tech companies to keep our data safe — in part, because they’ve already shown us that they can’t. Just like Smokey the Bear told us all those years ago: Only you can prevent Russian hackers from pilfering your emails and disrupting your presidential ambitions.

If 2016 was the year we lost our privacy, let’s make 2017 the year we take it back. Say goodbye to those simple passwords you’ve been using for years, and set a New Year’s date with a password manager. It’s time we take our online security into our own hands. Because 2016 has proved that nobody else will.

Jayce Wagner
Former Digital Trends Contributor
A staff writer for the Computing section, Jayce covers a little bit of everything -- hardware, gaming, and occasionally VR.
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more