Apple's iCloud attack is nothing in comparison with the kind of attacks every tech firm must prepare for, as they offer payment and connected solutions for home, health and car. Here's some ways for you to protect yourself and for Apple to improve its own security.
Brief version: Apple's statement and information from elsewhere suggests hackers targeted individuals using a combination of research (finding place and date of birth and other information used in Apple's password protection) and brute force attacks to hack the accounts of known individuals. These excellent reports illustrate this. Using these methods hackers got hold of complete iPhone backups.
There are steps everyone should immediately take to improve iCloud account security:
Use a strong account password: iCloud customers should change their Apple ID to a new, strong password at My Apple ID immediately, using extra characters and punctuation marks. Change the password regularly.
Enable two-step verification: Apple offers two-step verification as an option. Two-step verification requires you verify your identity using one of your devices before you can make changes to your account information or purchase digital goods using an unknown device. Enable it.
Change your security questions: Apple uses security questions to help you identify yourself online or when contacting Apple Support. These are personal questions, such as where you had your first kiss. If you are in the public eye, it makes sense to use memorable lies rather than give true answers, as iCloud hackers apparently researched such answers when hacking into the accounts. The answers just need to be memorable, not accurate.
Use iTunes backups: Many backup devices to iCloud. Given it's possible iCloud backups were used to access personal data, it makes sense to switch to using iTunes backups, pending new security protections being put in place. (Settings>iCloud>Storage & Backup and toggle the iCloud backup switch off.)
Replace credit cards regularly: Your credit card details travel with every purchase you make. Be paranoid.
How can Apple improve security?
A few suggestions Apple might follow to improve iCloud security:
Apple should make two-step verification defaultas soon as possible.
Given mobile devices and Macs know where they are (if permitted), it makes sense to use location as security: users could tell iCloud to only permit certain actions (such as downloading backups) if the device is situated in a defined country, city, region or street. Travelling iCloud customers should easily be able to let the service adapt to their plans.
The user should be alerted and the task prevented if attempts are made from devices outside this customer-defined geofence. This kind of geofencing will significantly impair hackers. Customers could be permitted to disallow account access using a computer or device that does not reveal, or appears to mask, its location.
Sign up for CIO Asia eNewsletters.