2017 Security Surprises (Part 1)
While the Equifax data breach and WannaCry malware were surprising, the most surprising is the lack of a considered approach to security by all organizations.
Join the DZone community and get the full member experience.Join For Free
Given how fast technology is changing, we thought it would be interesting to ask IT executives to share their thoughts on the biggest surprises in 2017 and their predictions for 2018.
Here's the first of two articles sharing what they told us about the biggest surprises about security. We'll cover predictions for 2018 in several other articles.
The biggest event of 2017 was the return of mass attacks on a global scale. While there have been large breaches in the past – Yahoo!, Target, Anthem – and this year – Equifax – we haven’t seen the kind of coordinated, global scale attacks as we’ve seen in 2017.
I think the biggest surprise was the Equifax data breach and the events that occurred following the cyber incident. With so many lessons learned over the years from poorly managed cyber incidents, you would think a company with the importance and impact that Equifax has would have learned from others. But no, they fell into a deep void and failed to show that big companies can handle cyber incidents. With so many U.S. citizens being impacted, the damage of this data breach will be seen for years to come as it will lead to so many other incidents from identity theft to financial fraud as well as impacting other online services as the data compromised is typically security controls for other online services. In addition, to the handling of the breach, we find that it gets blamed on a single employee which of course is unfortunate as many IT departments have a campaign cyber issue with a budget that is not even close.
The next surprise that follows is of course when Congress made it difficult for consumers to sue banks - giving Equifax a win-win situation for not protecting the U.S. Citizens sensitive data. This was hidden behind all the other headline news in recent weeks. In the wake of one of the worst cyber event in the history of the U.S. with Equifax being a target of cybercrime resulting in 143 million U.S. citizens having their personal details being exposed. In just a few weeks after this significant event, we have seen the U.K. FCA (Financial Conduct Authority) launch an investigation into the US credit checking company Equifax which could see Equifax lose its ability to operate in the U.K. This could have seen major lawsuits from consumers in the U.S. and could be one of the biggest in U.S. history due to the unknown impact that this could have in the future as it is unknown how many further cyber events this will cause as a result. This does not strengthen the U.S. position in cybersecurity against cyber attacks, but it significantly weakens it by leaving citizens exposed and financial companies not accountable for cyber incidents that result in the citizens being the victim.
Dana Farbo, Chief Operating Officer, Augmate
By far, the Chinese suspension on ICO's was unexpected and sent a message to the world that they would be more active in this space. This move also put the world on further notice that ICO's need to be handled with a forward-looking vision and not as a quick money-making scheme.
In 2017, more ransomware victims are choosing to not pay the ransom, despite demands being relatively low. Take WannaCry, for example — the hackers behind one of the largest attacks this year demanded $300 worth of bitcoin from each victim. It was reported that the hacking group only made away with $50,000, which is low considering 200,000 devices were compromised. This is surprising because, in 2016, we saw organizations throwing in the towel at ransom demands worth $1,000 in bitcoin. We will likely see less and fewer people paying ransoms in 2018.
This is a hard question to answer due to the large number of high profile incidents that occurred in 2017, including highly political Kaspersky Lab revelations and WannaCry and not-Petya causing extensive damage. However, the extent of the mishandling of the Equifax breach was quite staggering. Breaches are expected, in fact, the general public is desensitized to these at some level, but the subsequent missteps following the initial report were hard to believe. Even Yahoo's revision of the number of accounts impacted by the 2013 security incident, did not make as big a splash. The other surprise was the lack of widespread DDoS attacks that were expected for this year, especially after 2016 proved how susceptible our highly interconnected ecosystems really are.
WannaCry. This has been the first time in many years where we have seen such a malware outbreak. The fact that it was targeting enterprises and that it was encrypting all the information it had access to, means this has been the most damaging attack in the history, with losses that exceed a billion dollars.
I bet if you ask most people about the biggest IT security surprise in 2017, they would say it’s the Equifax breach. I think the biggest surprise is that, after the breaches where 50+ million accounts were compromised since 2006 (Anthem, eBay, JPM Chase, Home Depot, Adult Friend Finder, Target, Sony PS Network, Yahoo, Heartland Payment Systems, TJ Maxx, and, now, Equifax), a lot of companies still do not have a considered, monitored, integrated, board-reported approach to cybersecurity. Really, what is it going to take to make this a priority for organizations?
2017 was yet another year of massive breaches. Yahoo and Equifax topped the charts, but there were, unfortunately, plenty of other incidents that punctuate the fact that security isn't yet a top priority for many companies. There was also a significant amount of M&A activity in the sector as large vendors add more products to their war chest.
Linus Chang, Founder and CEO,
The pace at which ransomware got more sophisticated, including the WannaCry attack where it spread like wildfire by exploiting OS vulnerabilities. The fact that rapidly self-replicating ransomware in the form of a computer worm was disturbing; the ongoing possibility of the unexpected hijacking of computers in essential services like hospitals, electricity/utilities, water supplies, police and fire departments was/is truly alarming.
Cybercrime is no surprise, and this past year we’ve definitely seen an uptick in ransomware incidents. However, the hacking of the N.S.A. was a real wake-up call that sent shockwaves throughout the industry. When the N.S.A. gets hacked, it proves no one is immune from cyber hackers.
In the cybersecurity world, the biggest event of 2017 was undoubtedly the “WannaCry” global cyber attack in May. It is now widely believed that North Korea was behind the act of cyber-terrorism that has the dubious honor of being the first such incident in which a nation has used Ransomware. The irony of the event and the story within the story is that the attack was made possible because the NSA failed to report a vulnerability it had detected in the Windows OS, to Microsoft, and which became known to North Korea who allegedly used it in WannaCry.
The biggest event for 2017 was the lack of preparedness for the onslaught of WannaCry. WannaCry itself was not (should not have been) a surprise. The Mirai attack from the year before telegraphed such an event. The fact that WannaCry had such wide impact across many countries, with the healthcare industry taking the brunt of the impact, was a surprise. Aside from the PHIs being targeted, the attack paralyzed many healthcare providers from doing the primary thing they were designed to do, provide care. Cancellation and delays of critical procedures for weeks illustrate how unprepared many organizations found themselves. Although many publicized cases are from Europe and UK specifically since the attack hit Europe first, you’ll be hard-pressed to find any healthcare organizations in the U.S. that were not adversely affected by WannaCry.
2017 was the year when application security shifted to become a major player in both security and development within organizations. Application security plays a significant role in releasing secure applications to the market, however, the more significant shift this year is AppSec’s role in connecting the security industry to the DevOps and the general development community by empowering developers and DevOps teams to take things into their hands and deliver higher quality and more secure software, faster.
In 2017, the Equifax hack was the largest, leaving a trail of 143 million identities exposed, including names, addresses, phone numbers, license numbers and more to hackers. Considering that the population of the US is currently around 320 million, it’s likely that most adults had their records compromised. The biggest surprise this year was that the 23-year-old hero Marcus Hutchins who delivered the kill switch to the WannaCry virus that affected businesses around the world was arrested at Black Hat in Las Vegas for his alleged work in developing the Kronos Virus.
Opinions expressed by DZone contributors are their own.