2017 Saw Record-Breaking Breaches — And There’s More Where That Came From In 2018
In late 2016, the security and risk team at Forrester made its annual predictions for 2017. Let’s take a quick look at how we did.
Prediction No. 1: The incoming Trump administration would face a cybersecurity crisis in its first 100 days.
- What happened. Although in 2017 the US didn’t suffer another breach on the scale of the 2015 Office of Personnel Management (OPM) breach, the Trump administration has faced continuous questioning about Russian interference in the US presidential election, and the Office of the Director of National Intelligence (ODNI) has confirmed that Russian operatives waged a covert campaign over social media to influence election results.
Prediction No. 2: Healthcare breaches would become as large and as common as retail breaches.
- What happened: The WannaCry global ransomware attack shut down a significant number of hospitals in the UK’s National Health Service, illustrating just how vulnerable healthcare systems around the world are to these types of attacks.
Prediction No. 3: More than 500,000 IoT devices would suffer a cyberattack in 2017.
- What happened: Botnets have continued to plague IoT devices and businesses — 500,000 compromised IoT devices seems like a quaint number.
Prediction No. 4: Security pros would satisfy the talent gap by spending on both security services and automation technologies.
- What happened: Security services grew alongside automation technologies. In fact, our research shows that spending on services has almost reached parity with spending on on-premises technology.
Although many of our predictions did come true, or close to it, 2017 was still a more remarkable year than even we could have predicted:
- The WannaCry ransomware that shut down functions of the National Health service in the UK also infected as many as 300,000 computers globally in a single weekend. The estimated economic loss to businesses due to WannaCry is close to $4 billion — and this doesn’t even account for the personal impact to patients.[1]
- The CIA lost a treasure trove of covert hacking techniques.
- The Equifax breach exposed nearly 143 million Americans’ names and social security numbers, putting the identities and credit information of those people at risk and calling into question the effectiveness of knowledge-based authentication.[2]
We don’t expect much respite in 2018, unfortunately, as consumers, businesses, healthcare providers, and governments will face challenges brought on by four primary forces: 1) rising tensions in international relations; 2) ubiquitous connectivity; 3) digital transformation initiatives; and 4) increasing importance of the data economy.
Our latest report guides security and risk professionals through six predictions for 2018 that forecast what will happen as these forces collide. It also shows how security and risk pros can mitigate the risks from the resulting economic, political, and societal changes.
[1] “‘WannaCry’ ransomware attack losses could reach $4 billion,” CBS Interactive, Moneywatch, May 16, 2017 (https://www.cbsnews.com/news/wannacry-ransomware-attacks-wannacry-virus-losses/).
[2] “Equifax Says Cyberattack May Have Affected 143 Million in the U.S.,” The New York Times, Sept. 7, 2017 (https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html).