A More Secure 2019: Assessing Cybersecurity Trends of 2018
The ball has dropped and we’ve hung up new calendars, signaling that 2019 has officially begun. While it’s exciting to look ahead at the possibilities the new year brings regarding technology innovations, it’s also important to take a moment to look back at the topics that dominated our headlines throughout last year.
1. Malware Breaches
Malware continued to wreak havoc throughout 2018. No industry seemed immune as numerous breaches took place in virtually every industry type and many government entities.
The Continued Popularity of Ransomware
Ransomware was one of the most prevalent and destructive types of malware, with SamSam ransomware payments estimated to be well over $6 million dollars as of July. Of course, this figure only tells part of the story, as the ransom itself is only part of the cost. A true estimate would also include the cost of time, effort, and reputational damage incurred when ransomware holds an organization’s data hostage.
This is perhaps best demonstrated by the city of Atlanta, which was hit by SamSam in March. Though ordered to pay around $50,000 in bitcoin, the attackers quickly removed their payment portal for reasons unknown, leaving Atlanta government operations crippled. The city ended up spending over $2.6 million in incident response, digital forensics, extra staffing, and other recovery related expenses. Other pieces of ransomware released this year, like XBash, don’t even have data restoration capabilities built in, meaning that even if a ransom was paid, the data would still be lost.
Malware Leaves the Healthcare Industry Feeling Sick
Healthcare remained the most popular target with a multitude of issues occurring throughout the year. Over 4.4 million patient records were compromised in just the third quarter of 2018. Major provider and payment processor name brands have paid out huge sums of money in fines and settlements related to confirmed breaches. For example, AccuDoc Solutions, which deals with patient billing, experienced a cyberattack that exposed the personal data of 2.65 million patients for a week.
2. GDPR Enactment and Violations
On May 25, the GDPR (General Data Protection Regulation) went into effect for the entire European Union, dominating headlines for the early part of the year. The law is intended to protect personal data and how organizations process, store, and ultimately destroy it when the data is no longer required. With this enactment came very strict rules governing what happens if access to personal data is breached and the consequences (fines) organizations will suffer.
The second half of the year focused on GDPR violations. For example, the first GDPR notice was issued to Canadian firm AggregateIQ in relation to the UK’s investigation into improper data use for political campaigns. Similarly, Facebook was fined by the UK for data collection and misuse for political purposes by Cambridge Analytica. These two instances were one of many. In fact, according to the International Association of Privacy Professionals, in only the first month of enforcement, the UK alone saw 1124 complaints.
3. Cloud Security
Cloud computing adoption rates continued to surge through 2018, with more organizations than ever utilizing cloud services in some way or another. Though the cloud is helping businesses as they grow at an accelerated pace, breaches in cloud security proved costlier than ever. According to the Ponemon Institute, a breach of fewer than 10,000 records cost an average of $2.2 million, and a breach with more than 50,000 records would cost around $6.9 million.
The root cause of many of these breaches came down to misconfiguration. For example, a Washington based internet service provider, PocketiNet, exposed 73 gigabytes of data due to a misconfigured AWS S3 storage bucket. The data included plain text passwords, secret keys for employees, internal network diagramming, and configuration details. Securing this exposed data took the company almost a week after cyber-resilience company Upguard informed them of the breach.
Resolutions for 2019
Though cybersecurity issues plagued many organizations throughout the year, there are silver linings to be found. Though the constant headlines can seem overwhelming, it also indicates in increase in awareness of these problems. As recognition of these issues grows, organizations can resolve to spend 2019 fighting back against cybersecurity threats. Staying vigilant, improving processes, and using the right cybersecurity solutions can help organizations spend next New Year’s Eve celebrating a safer year.
Count down the top cybersecurity trends of 2018 and hear predictions for what’s to come in 2019 in this webinar.