It’s that time of year again. The time when we look back at the cybersecurity year in review to see what trends soared, what information got compromised, and, hopefully, how to better protect ourselves in the future.
We saw the evolution of ransomware, which, according to cybersecurity firm Bitdefender, totaled payments of $2 billion in 2017, a new record that doubles the $1 billion set in 2016. The average ransom has likewise increased, up to $1,000—even though less than half who pay even recover their data. Overall, states a Europol report, ransomware has become the “weapon of choice” for cyber criminals, affecting numerous industries around the world.
Two of the most severe cases included WannaCry and NotPetya, in May and June. Both strains targeted exploits in the Microsoft Windows operating system, locking hundreds of thousands of computers across the globe, and showed us the consequences of failing to patch software vulnerabilities. This is especially crucial when state actors are involved in such a massive cyber attack; indeed, the White House is just now claiming as fact what had long been suspected, that North Korea was directly responsible for WannaCry. Government culpability in such events, however, is hardly an isolated incident, and we can expect this trend to continue.
Other major hacks in 2017 made headlines for such giant firms as Yahoo, Equifax, and even Uber. For Equifax, an unpatched vulnerability—aka negligence—led to the compromise of the personal data of 143 million people, as well as scrutiny, hearings, and some shuffling around at the executive level. Yahoo’s breach was of even more gargantuan proportions, although the data involved was not as sensitive. Literally every single account Yahoo had at the time of the hack (3 billion) was compromised. “They are as big as it gets,” says Jeremiah Grossman, former Yahoo infosec officer and currently chief of security strategy at SentinelOne, adding that there’s not much further up for the next mega breach to scale.
The Internet of Things also evolved, with companies like Dell and Rolls Royce even creating their own IoT divisions. More and more devices are connected to the Internet every day, which increases opportunity both for businesses and hackers. Coupled with increased adoption of artificial intelligence and machine learning—which can help handle the enormous quantities of data involved and allow for advanced automation of countless connected devices—Gartner’s prediction for IoT in 2020 looks to be on schedule.
But let’s end with something lighter. What about the top passwords of the year, you ask? Unsurprisingly, “123456” and “password” were still the two most popular. In addition, such gems as “starwars,” “monkey,” “iloveyou,” “hello,” and “freedom” were on the list. My favorite has to be the resounding meh of “whatever.” Hopefully, though, people will have a slightly more invested attitude towards their passwords in 2018, as will companies toward the security of your personal data.