Lessons learned from the 2017’s biggest cyberthreats

null

Thanks to large-scale data breaches like WannaCry and Equifax, 2017 will go down as one of the worst years for cybersecurity, both in terms of the number of people affected by cybercrime and the amount of data stolen. While such attacks were impactful, their causes related to vulnerabilities that are resolved with well-established cybersecurity practices, such as efficient patching. 

For organizations behind the security curve, then, these breaches served as yet another wake-up call. But what can the majority of IT security teams that have the basics covered learn from 2017? Where is the cyberthreat going, and how can these teams prepare for future attacks? 

Everything that has happened since 2013 — including what will happen tomorrow — ties back to Edward Snowden. Snowden revealed that governments were pouring huge amounts of resources into hacking technologies, and many of those technologies have since been stolen, simplified, and sold on the black market. 

They’ve been used for monetary gain such as in the HBO attack, in which hackers homed in on a single high-dollar target by stealing sensitive intellectual property (the script to an episode of the popular series Game of Thrones, sensitive email communication, and more) and holding it hostage. They’ve also been used for more social aims, such as with the recent attacks on offshore tax havens, in which hackers who were more interested in stoking public sentiment than in economic gain stole data about the world’s wealthiest one percent in order to expose their potential misdeeds. 

Finally, and arguably most consequentially, these techniques have been deployed in the service of propaganda. Technically having occurred in 2016, the Democratic National Committee hacks have been more discussed throughout 2017. In this case, hackers, presumably from Russia, targeted Washington insiders to gain access to sensitive data and influence the political process, the comprehensive effects of which are still being revealed today. 

Ultimately, these three attacks illustrate one thing: Organizations need to start rethinking what constitutes “valuable,” because hackers already are. 

What should you learn from 2017? 

2017 produced some shocking figures. But a lot more concerning than the large-scale data breaches that periodically dominate the news cycle are the highly targeted attacks described above. 

While stealing a ton of data from a variety of entities all at once makes a public splash and causes a significant degree of measurable damage, hackers who focus their energies and resources on a single target and then either demand a high-dollar payout or expose valuable information may actually find bigger dividends in both money and purpose. 

Moreover, hackers have learned that cyberattacks are no longer about numbers. For a long time, Social Security numbers and credit card numbers were thought of as the only sources of “valuable information,” but this notion has expanded to encompass legal maneuverings (from Caribbean islands) and confidential correspondence (from the DNC) that allows hackers to expose and disrupt social and cultural operations. In sum, the result of these attacks is going to be based on the more fluid value of the assets stolen, whether that value is quantifiable like money or qualifiable and rather abstract like sensitive communications. 

Both of these trends will likely continue into 2018, and the implications from this should alarm everyone. 

What should you do in 2018? 

Ultimately, the lines between hacktivism and economically motivated attacks are being blurred. No longer is there a clear delineation between those who attack for personal gain and those who attack for “public good,” and this fusion means that organizations must broaden their thinking around what they protect and what they include in their protection strategies.    

1. Make good governance a priority.  

In every example mentioned above, a user permitted access to the hackers — most of it inadvertent. If users know what kinds of red flags to look for and how to follow best practices, then, this access can be prevented. End users at all levels are an organization's first line of defense, and they should be educated on the most known threats and suspicions as well as encouraged to exercise extreme caution. Finally, and most importantly, cybersecurity standards should be shared across an enterprise and among all vendors and suppliers to ensure the most uniform front possible when combating the ever-diverse cyber landscape.   

2. Move more assets to the cloud.   

The simple fact is that the cloud offers organizations an up-to-date and effective level of security that is tough to match on-site. Even fewer organizations have the in-house IT professionals necessary to keep up with evolving threats or the finances to pay what it might cost to hire such a team. The cloud is the most accessible way for organizations to both strengthen and simplify security while offering a convenient information port that can streamline daily operations.  

3. Focus more on unstructured assets.  

Customer financial information has already been recognized as valuable and is probably well-protected. But companies need to think outside the norm and consider the trove of valuable unstructured information sitting across their organizations’ networks and in the average employee’s email inbox. Whether it be intellectual property, confidential communications, or even board presentations, unstructured data can be a valuable target for hackers. Creating a comprehensive cybersecurity strategy that accounts for both unstructured and structured data is the only way to protect the most vulnerable entry points like the inbox. Moreover, implementing advanced tools and using insights from experts can help you consistently monitor and identify which unstructured data is likely most at risk. As all of these attacks reveal, the information that hackers target from one year to the next is highly unpredictable. 

Staying safe in 2018 means shoring up cybersecurity practices now, because there’s no such thing as a New Year’s resolution to “stop hacking.” While WannaCry and Equifax may have grabbed headlines in 2017 given their scope and scale and will perhaps continue to populate the news next year, there’s more that organizations can learn from the sophisticated and targeted cyberattacks. These sorts of attacks highlight that hackers are no longer satisfied with trawling for vast swaths of information. Future attacks will target very specific information, and only those organizations that begin preemptively implementing protections will avoid making this 2018 list.    

David Wagner, President and CEO of Zix 

Image Credit: GlebStock / Shutterstock