Top Security & Privacy Stories of 2018

It’s safe to say that 2018 has been one heck of a roller coaster ride for the cyberspace. After all, security and privacy found new ways to make headlines around the world. In the coming paragraphs, we’re going to take a look at some of 2018’s biggest cyber stories, not to increase fear but to motivate and drive you to do a better job at protecting yourself. Without further ado, let’s get started:

1. Email is still a popular attack vector

The greatest threat to any organization sits in their employees’ inboxes. Email is one of the most popular threat vectors, and it’s increasingly being used by cybercriminals as a medium to deliver phishing attempts, malware, and business email compromise (BEC) scams. According to the Email Security Trends 2018 report, 93% of all breaches include a phishing (or spear phishing) element.

Diminishing the risk requires combining the technical aspect of cybersecurity – including adopting AI-powered tools to better detect threats – with the human aspect. However, it’s the latter where organizations often still fall behind. To fight back, they need to equip employees with relevant technology to spot suspicious emails, and blend that with a more progressive approach to cybersecurity training.

2. Data breaches took center stage

There have been up to 1,100+ data breaches so far in 2018 which totals to 561,700,000+ exposed records, as per the Identity Theft Resource Center (ITRC). The 2018 Cost of a Data Breach Study, conducted by the Ponemon Institute and sponsored by IBM security found that the global average cost of a data breach is now at $3.9 million, a 6% increase from 2017.

The following are ten of the biggest data breaches of 2018:

1. Aadhaar (1 billion records exposed)
2. Marriot Starwood (500 million records exposed)
3. Exactis (340 million records exposed)
4. MyFitnessPal (150 million records exposed)
5. Quora (100 million records exposed)
6. MyHeritage (92 million records exposed)
7. Facebook-Cambridge Analytica (87 million records exposed)
8. Google+ (52.5 million records exposed)
9. Facebook (50 million records exposed)
10. Chegg (40 million records exposed)

3. Ransomware hasn’t gone away

While ransomware dominated the cyber sphere in 2017, with WannaCry and NotPetya as a few high profile examples, there have been less attacks in 2018.  According to Kaspersky’s Ransomware and Malicious Cryptominers 2016-2018 report, ransomware infections fell by almost 30% over the past 12 months while cryptocurrency mining increased by 44.5% over the same period of time.

Though ransomware is decreasing in volume, it’s also increasing in sophistication as cybercriminals are upping their game. The number of new ransomware variants grew by 46% over the last year, which means ransomware is still a threat to many businesses, especially when it comes to those in healthcare and finance – the two hottest targets for ransomware attacks!

Nonetheless, sometimes things can go wrong even if you’re doing everything right in your approach to cybersecurity. To reduce the risk of data loss from ransomware attacks, organizations should focus on implementing a data protection strategy that not only includes automated backups but also easy recovery.

4. Cryptomining malware on the rise

As per Check Point’s Cyber Attack Trends: 2018 Mid-Year Report, 42% of organizations were impacted by cryptomining malware in the first half of 2018, as opposed to 20.5% in the second half of 2017. As mentioned, it has even overtaken ransomware as 2018’s top cybersecurity threat. In fact, the top three most common malware variants spotted in H1 2018 were all cryptocurrency miners.

Cryptomining malware allows cybercriminals to take over the computing resources of an unsuspecting victim and use them to mine cryptocurrency like Bitcoin and Ethereum. A variety of factors have contributed to cryptomining malware’s upward spiral, including the rise of crypto prices and increased availability of easy-to-use tools to unleash crypto mining scripts on devices, networks, and websites.

The immediate impact of cryptomining malware is more often than not performance-related. It slows down devices, overheats batteries, and sometimes, renders devices useless. There are, however, broader implications for organizations – their networks are at risk of being shut down as cryptomining malware can spread aggressively across their environment.

5. New legislation for data security

There’s no doubt that the new privacy laws in the U.S. and Europe – such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) – have been dominating the headlines to date, and for good reason. Though they aren’t exactly similar, both are focused on protecting consumers’ desire for privacy as well as control over their personal information.

Other states in the U.S. have also introduced data protection laws to provide consumers with greater transparency and control over their data. For example, Vermont’s new data privacy law which, besides expanding breach notification rules, requires organizations to make considerable changes in the way they handle, record, and store personal data.

6. Gap in cybersecurity talent widens

Are you finding the job market a little too tight these days? Well, it’s very likely that you’re not in the field of cybersecurity. As cybercriminals step up attacks with increasingly complex tools and methods that are readily available on the notorious dark web, white hat professionals need all the help possible to prepare for and respond to cyber security incidents.

There will be up to 3.5 million vacant positions in the cyber security industry by 2021, as per recent estimates. The severe shortage of talent puts many organizations in a tight situation because it’s difficult to find great security engineers and they demand six-figure salaries when and if available. The bad guys, of course, are taking full advantage of short-staffed organizations that aren’t capable of preventing, detecting, and responding to cyberattacks.

7. Smart doesn’t necessarily mean secure

The present state of IoT cybersecurity is terrible at best, and nonexistent at worst. There have been a few scary hacks in the past, and consumers are slowly but gradually becoming aware of the unique challenges to secure IoT systems. However, IoT hardware vendors are slow when it comes to enacting meaningful change.

IoT devices are susceptible to numerous threats these days. For starters, they’re aren’t patched timely and companies behind IoT devices sometimes ignore the security aspect as a whole – and this is where a VPN can come into play. Then, we also have what are known as network attacks. They consists of manipulating IoT systems to carry out, let’s suppose, distributed denial-of-service (DDoS) attacks.

Furthermore, RFID spoofing can also be used to compromise IoT devices. They enable cybercriminals to read and record the transmission of data by creating fake RFID signals. The biggest security challenge for IoT experts, though, is overcoming software threats as cyber attackers rely on malware, Trojan viruses, and malicious scripts to disable IoT systems.

Wrapping Things Up

Have anything else to add? Voice what you think is missing via the comments section below, and don’t forget to share the blog with your friends!