beebright - stock.adobe.com
When it comes to cyberattacks, it is no longer a question of if they will occur, but when.
As data breaches, ransomware attacks and other cybersecurity incidents continue to dominate headlines, organizations may be forced to make cybersecurity a top priority: Research outfit Gartner predicted spending on information security to reach $93 billion in 2018.
"Today's IT is so incredibly complex (and often messy) that guaranteeing that a breach will not happen is absolutely impossible," Gartner analyst Anton Chuvakin said in an email interview. "The smarter organizations have been moving away from a misplaced hope of complete breach prevention (that is impossible) to a combination of prevention security measures with smarter detection and rapid response."
The past year alone certainly had its fair share of cybersecurity incidents, ranging from 198 million U.S. voter database records being exposed to new strains of potent ransomware wreaking havoc for IT systems.
Below is SearchCIO's list of the five cybersecurity incidents that had the most impact in 2017, with analysis from industry observers and cybersecurity experts.
Blockbuster Equifax breach
The Equifax breach was discovered by the credit monitoring company in July and exposed personal information of as many as 143 million U.S. consumers.
"Equifax was one of the best examples that I can remember of how not to handle a major security breach," Bryce Austin, CEO at Minneapolis-based IT consulting company TCE Strategy, said in an email interview.
"From the initial failure to patch an ultra-critical website flaw to the bungled roll-out of the site to check if you were impacted by the breach, calling this breach a dumpster-fire is a disservice to dumpsters. Equifax needed a tested, rehearsed incident response plan. It's obvious they didn't have one."
The data exposed during the breach included 209,000 U.S. credit card numbers and personal information for 182,000 U.S. customers involved in credit report disputes. The breach occurred between mid-May and July.
"Another lesson is that more intelligence is needed to pick your battle -- which vulnerability absolutely must be fixed NOW and which ones can be left for later," Chuvakin said. "This will make the attacker work harder, hence increasing the chance of detection."
In November, ride-hailing giant Uber revealed a massive data breach that occurred over a year ago. The breach took place in October 2016 and resulted from malicious actors using a third-party cloud-based service to gain access to files containing personal information of 600,000 U.S. Uber drivers and 57 million Uber riders worldwide.
"Uber's disregard for the well-being of their customers seems to be superseded only by their disregard for the well-being of their drivers," Austin said. "The next time a company has a security breach and covers it up, I'm calling it Ubergate."
The company allegedly paid hackers to delete the data and keep the breach quiet.
"Believe it or not, Uber may be in more legal trouble than Equifax," Austin said. "If Uber is found guilty of knowingly violating the breach notification laws in 48 out of 50 states, we could be looking at an Al Capone situation here. He was only convicted on tax evasion, but they still put him away for life."
Verizon security lapse exposes customer info
In July, Verizon confirmed that 6 million customers had their personal data exposed because of a misconfigured Amazon Web Services Simple Storage Service bucket leak.
"First, we learned as consumers that we can't trust the custodians of our personal data (like name, passwords, email addresses) to protect and secure it properly," Gartner analyst Avivah Litan said in an email interview.
The breach was discovered by a researcher from software security firm UpGuard when he notified Verizon in late June.
"Second, we learned that very advanced threat actors are conducting crimes against companies like Verizon and others, not only for financial gain, but also to help adversarial nation states who use their platforms for their nefarious purposes," Litan said. "Third, we learned that companies are not employing strong enough security governance processes and technologies to keep the bad guys out."
Destructive NotPetya attacks
NotPetya started as a fake Ukrainian tax software update and was the most destructive ransomware of 2017.
The NotPetya malware infected hundreds of thousands of computers in more than 100 countries in just a few days.
"NotPetya was the most serious example of companies being caught in the crossfire of nation state attacks that I'm aware of," Austin said. "NotPetya wasn't ransomware. It was a powerful destructive virus disguised as ransomware. The makers of it didn't want money; they wanted those that do business in the Ukraine to suffer. They succeeded."
Given the injection of NotPetya into the MeDoc software update process, this was a very difficult hack to prevent, Austin said.
"Strong network segmentation was the only real defense to limit the damage," he said. "Maybe behavioral-based cybersecurity tools will be able to guard against this in the future, but they have a tough job ahead of them."
Ransomware that made you WannaCry
The WannaCry ransomware attack in May caused havoc across the globe, infecting more than 230,000 PCs in 150 countries. WannaCry took advantage of a leaked National Security Agency exploit to target Windows computers that failed to install the Windows MS17-010 patch.
"The main lesson we learned from this attack is that there is a very serious disconnect between IT operations (who didn't patch their endpoint systems against the vulnerability used by WannaCry) and IT security (who didn't argue strongly enough with IT operations to patch their systems)," Gartner's Litan said.
Companies like FedEx in the U.S., National Health Service hospitals in the U.K. and Telefonica in Spain were among those victimized: They and others that fell prey to the worm were ordered to pay $300 to $600 in Bitcoin to regain access to their encrypted files.
"We also learned that there is a serious lack of IT security governance processes at many organizations that would allow such a serious disconnect to remain between IT operations and IT security," Litan said. "It wasn't a technology issue -- it is mainly a process and governance issue."