As 2017 draws to a close, I think it’s useful to look back on some of the major cybersecurity events of the year, and reflect how these incidents have shaped not just 2017, but the future as well. Here’s a look at the major data breaches and attacks, and corresponding trends of 2017. Hopefully by pausing to study the past, we will be better prepared for 2018 and beyond.
Top Five Significant Security Incidents of 2017
Equifax: September 7, 2017. Due to the massive amount of sensitive data stolen, which included social security and driver’s license numbers, this is being called one of the worst data breaches ever. With this sensitive data now exposed, many organizations, including banks, that rely on the data to prove the identity of online users may need to implement additional, expensive and cumbersome authentication procedures.
NSA/CIA: The series of intelligence agency leaks exposed thousands of documents that included advanced hacking tools and efforts. With this information now in the hands of cybercriminals, we are already seeing crimes committed by smaller organizations that used to be limited to well-funded, state sponsored attackers. The level of sophistication among attackers took a giant leap forward.
Yahoo!: Although the attack occurred, or at least started in 2013, the full extent wasn’t revealed until this year when parent company Verizon announced in October that every one of Yahoo's 3 billion accounts was hacked in 2013. That’s more than three times the initial assessment. In addition to the massive size of the attack, the fact that it remained largely hidden for so many years makes this extremely significant. How many other huge attacks have occurred that we still don’t know about?
Uber: In November, the ride-sharing company disclosed that in late 2016, it became aware of a data breach that potentially exposed the personal information of 57 million Uber users and drivers. Instead of disclosing the breach as the law requires, Uber paid $100,000 to the hackers to keep the data breach a secret. Significant for several reasons: 1) the enormous number of records compromised; 2) the fact that it was a ransomware attack; 3) that the company paid the attackers (and thus encouraged the illegal industry); and 4) that nobody at this huge company disclosed the breach.
WannaCry. WannaCry ransomware plagued thousands in massive global cyberattacks. Perhaps the biggest ransomware attack of its kind, the WannaCry ransomware was only successful thanks to the NSA losing control of its key hacking tools which enabled hackers to install backdoors that distributed the ransomware to millions of computers.
Of course, with dozens of other large-scale attacks during the year, one could argue that other incidents were as important or even more important than these five. The point is that 2017 was a very significant year in regards to cybersecurity.
2017 – New Trends in Cybersecurity
The year was not only shaped by the record breaking number of data breaches, but by new strategies and technologies to combat cybercrime. Organizations are also adopting new attitudes and thought processes as they craft and update their security policies.
Organizations shift investments to breach detection and response. Until recently, organizations poured almost all of their resources into stopping data breaches. In 2017 we’ve seen a change in attitude, with enterprises starting to accept the fact that they can’t stop every threat. We now see enterprises starting to invest a portion of their cyber resources on quickly detecting when a breach occurs, and rapidly responding to it in order to minimize damages.
Securing the cloud became a major initiative. As more and more organizations used cloud technologies to store and process sensitive data, cybercriminals upped their attacks on the cloud. Companies are responding to these threats as never before, implementing policies and tools specifically designed for private and public cloud use.
Security automation gained momentum. Fueled by endless amounts of data, an ever-increasing number of cyberattacks, and the dramatic shortage of skilled security professionals, organizations began looking to machine learning, artificial intelligence, and automation as never before.
Mobile device security started getting real attention. During 2017, Android surpassed Microsoft Windows and became the most popular operating system for getting on the network. Unfortunately, cybercriminals began attacking mobile phones in earnest. After years of essentially ignoring mobile phone security, in 2017 many organizations began implementing, or at least planning to implement real security for mobile phones.
Securing the IoT got on the agenda: During 2017, botnets targeted over 122,000 IP cameras with DDoS attacks, and IoT attacks on routers virtually shut down the internet for the better part of a day. Baby monitors, medical devices, and dozens of other gadgets were hacked. Although we are a long way from securing the IoT, these incidents served as a wake-up call, and many organizations have added IoT security to their agendas and are at least talking seriously about securing it moving forward.
Cyber Lessons Learned from 2017?
There’s no doubt that 2017 was a very difficult year as far as cybersecurity. While the adversary is certainly getting more sophisticated, it’s also clear that the security industry is not sitting still. A number of new technologies and advancements took place during the year that will dramatically help combat cybercrime.
By studying the past, security vendors learn new and better ways to develop products that effectively combat cybercrime. Businesses and organizations that research past cyber events may also be better prepared and motivated to implement adequate defenses.