Year-in-Review: Cybersecurity Trends of 2018

In less than 30 days, 2018 will end, and what an action-packed year it was in the sector of cybersecurity. But before we entertain any security predictions for 2019, we need to see the big picture of 2018’s cybersecurity atmosphere, globally speaking. What happened in 2018 in cybersecurity? How the world has reacted to the issues encountered?

Record breaking $1 trillion in damages caused by cybercrime in 2018 (global record).

It is the estimated aggregate damage caused by various virus types, phishing, ransomware ransom payment, cost of hiring professionals to rebuild the lost data, cost of the damaged brand and cyber extortion for 2018. There is no indication that this will shrink for next year, money is the motivation of cybercriminals today, a far cry from the 15 minutes of fame and digital vandalism they did decades ago.

Only 38% of multinational companies are confident that they are ready for cyber attacks.

It is unfortunate that 62% of the multinational companies are exposed to cyber attacks, and they are powerless to defend themselves, many of them also have no capability to bounce back. Funding is the main problem and the uncooperative leadership, especially from the top grass board-of-directors and the CEO/COO.

Human error is still the biggest source of security issues @95%.

Accidental damage to data and other security concerns are not caused by malware, phishing or external social engineering. They are done by human operators, who legally have access to the systems themselves, but end-up committing a mistake. Such mistakes can be minimized by improving their skills in using the systems the company uses for its day-to-day operations. Also, a better development strategy for internally programmed apps needs to be implemented, making it less of a choir to use.

There is a growing concern with the shortage of IT security professionals. More is needed to be employed to assure credible cyber defense strategy.

With the growth of networks comes with more demand for IT professionals to keep the machines running. Automation helps, but it is not all and be all with managing a network, which is a routine job of system administrators. It is for the fact that many excellent system administrators never learned their craft in school, but rather self-taught. Their drive is powered by their passion with technology, hence they invest their spare time to improving their craft by self-studying.

DDoS attacks in 2018 grew five times compared to 2017.

2018 was the year when home routers started to go rogue in droves. These millions of routers are mostly consumer-grade network gateways installed by ISPs during the sign-up of an internet connection in a residential area. Due to lack of know-how for updating the firmware, home routers end-up running the same old vulnerable firmware unpatched for years on end, most of the time until the equipment is retired due to old age. This is a very dangerous trend, as these home routers get infected by specialized malware targeting unpatched firmware, just like VPNFilter did this year 2018. The VPNFilter malware creates a fleet of zombie routers which can then used by its authors to issue more attacks against other entities, through their massive numbers, DDoS attacks originating from zombie writers are very effective.

44 data breaches happen every second.

As more devices join the Internet yearly, this number will keep getting bigger. There is no known indication that this will reverse this coming 2019.

Every 39 seconds, someone in the world is getting hacked.

Same as above, as more devices, unpatched devices join the Internet – the more vulnerable devices are online. This is a big deal for cybercriminals, as they build their botnets from zombie devices infected by their malware.