2018—The Year the “Megabreach” Got Real
There was the hotel chain, the genealogy site, and the social media platform used by billions. These are just a few of the companies that in 2018 experienced a megabreach, which is the theft of 10 million records or more.
With more individual records exposed in the first six months of 2018 than in all of 2017, one could call 2018 “The Year of the Megabreach.” The facts show that there were actually fewer data breaches in the first half of 2018 than 2017, but far more records were stolen.
2018 represents more than a surge in the breach statistics. It is the year of GDPR, when organizations scrambled to understand and implement its required privacy regulations. It is also the year when the public gained a better understanding (along with a dimmer view) on the vulnerability of their personal data. Once we have lost control of our personal data, we also lose control of how our data is being used. With the hotel breach, investigators believe hackers working on behalf of China’s main intelligence agency are responsible.
Will the data breaches of the coming New Year inflict more damage to corporate and governmental processes, brands, and bottom lines? Will individuals endure greater loss of privacy, or will they benefit from greater protections?
One thing we do know is that cybercrime continues to be a profitable business that is growing and evolving.
The following cybersecurity social influencers share their predictions for 2019.
@cybersecuritystu, security influencer
Director of Cyber Security Strategy
With an extensive background in threat intelligence, social engineering, and incident response, Stuart Peck heads cybersecurity strategy for ZeroDayLab. Stuart regularly delivers threat briefings to FTSE-level executives and directors throughout the world.
Open source and third-party integrations – Attack vectors of choice
“Organizations will focus on protecting their own critical assets, with significant investments in resources and technologies, but then either give access or share critical data with third parties who are not as mature. In 2018 we’ve seen some examples of where open source or third-party integrations have been abused by attackers. In 2019 I predict this will be vector of choice for many reasons:
Many organizations don’t conduct regular security reviews on their supply chain, let alone review the impact of using third-party code libraries and integrations.
These attacks are easy to scale and therefore cost effective for threat actors.
The yields and likelihood of selling off the techniques to other groups is also very high, again making this a profitable exercise.”
@blackroomsec, security influencer
Tara describes herself as a white hat hacker and pen tester who has performed a number of simulated attacks on computer systems to evaluate their security profile. She says that hacking is not a hobby, but a way of life. Tara is the Intergalactic Minesweeper Champion of 1990.
Companies will continue to ignore their patch management procedures
“Sunny with a chance of remote code execution. Or in other words, as companies across the board continue to ignore well-documented procedures on how to properly handle patch management, more breaches will occur—thus further angering the public who lack the teaching and knowledge to understand how 90 percent of the breaches (which have already transpired) could have easily been prevented.”
CISO + CIO influencer
Will LaSalle is a global information technology and cybersecurity executive who is adept at identifying, communicating, and mitigating enterprise risk. He has led global teams in budgeting, deploying, securing, and managing multi-million dollar IT assets for a number of global enterprises. As a B2B tech influencer and opinion leader, he has 20K Twitter, 5K LinkedIn, and 10K Google+ followers.
Artificial intelligence (AI) filling the gap in cybersecurity talent
“My prediction for 2019 is specific to the three million-employee shortfalls in cybersecurity, where the opportunity exists for artificial intelligence to help automate threat detection and response. This can ease the burden on employees, and potentially help identify threats more efficiently than other software-driven approaches—shrinking the attack surface instead of constantly chasing after malicious activity.”
@rayredacted, security influencer
Ray is a researcher and technologist who helps companies and individuals protect their data.
“Cyberattacks will continue to dominate headlines and headaches, as the attack surface expands and the threat actors continue to evolve.”