The cyberthreat landscape has evolved over time, and 2017 saw an increase in attacks over the 90 million intrusions recorded in 2016. While threats such as ransomware are not new, this year saw a major paradigm shift in which malicious actors aimed to disrupt services as much as they sought monetary gains. Similarly, attacks against critical infrastructure built upon similar incidents from previous years to reach new heights, while incident reporting gaps emerged between businesses located in different geographies.

To wrap up yet another year of headline-grabbing security breaches and disruptive cyber outages, let’s take a look at some of the key trends that emerged in 2017.

The Rise of Ransomware

Some attacks are stealthy, while others are more obvious. Historically, the theft of data benefited from being unobserved. Data was secretly siphoned from computer systems for months or even years while the information was collected and sold to malicious actors.

But the rise of ransomware has thrust cybercrime directly into the spotlight with a more direct approach to causing mayhem. Ransomware announces itself to victims with simple on-screen text explaining that their data has been encrypted but remains intact. A ransom is demanded in exchange for an encryption key to unlock the data. Consumers are generally offered a relatively affordable ransom amount with the thought they will simply comply with the demand and be able to recover their files quickly.

Ransomware attacks such as WannaCry took a different approach, going after public institutions on a global scale. The most widely affected entities were health care facilities in Europe, which were shut down for days. WannaCry demanded only $300, but the online wallet set up to receive payment proved to be unreachable, putting the intent in question: The attack seems to have been motivated by a desire to disrupt operations rather than to collect money. Even though the WannaCry attackers failed to monetize their exploit, estimated losses totaled more than $1 billion due to downtime.

The Shocking Vulnerability of Electrical Grids

As the focus of cyberattacks expands beyond financial gains, industrial control systems are being disrupted. In two separate attacks, the first in late 2015 and the second in late 2016, threat actors compromised the electrical grid in Kiev, Ukraine, shutting down power in the region and putting energy providers that deploy smart grid technologies on high alert.

Dozens of U.S. power companies were compromised in 2017, with some attacks causing shutdowns and disruption of distribution. Attackers took over systems that controlled valves, pipes and conveyor belts in what may have been experimental activities or mere displays of what they could accomplish with a full-scale attack.

Breaches Beyond Borders

Given the growing volume of sensitive data exposed in cyberbreaches perpetrated against U.S. companies, it’s easy to assume that these organizations are the main targets of attacks from around the globe. But organizations everywhere are affected, in some cases more than their U.S. counterparts.

A survey by the Pew Research Center looked at 38 countries and found that South Korea is most concerned about cyberattacks originating from other countries, followed by Japan and then the U.S. Clearly, there are plenty of potential sources of cybercrime to protect against, and threat actors’ chosen targets may depend on location as much as the value of data.

Reporting Delays and Dwell Time

Quickly announcing a breach may seem like an obvious responsibility when public data is exposed and critical infrastructure is threatened, but the truth is that various factors often lead to delays in the release of this information.

One report noted that “companies in the European Union take three times longer than the global average to detect a cyber intrusion.” The firm calculated the region’s dwell time, defined as “the time between compromise and detection,” as 469 days, compared to a global average of 146 days. The reasons for this gap range from simply not detecting data theft incidents to outright coverups.

New Year, New Cyberthreat Landscape

It is crucial for business leaders around the globe and across all industry sectors to understand that threats are real and far-reaching. Security professionals should be aware of threats around the world and monitor developing situations to proactively guard their organizations from the next big, headline-grabbing security breach.

Listen to the podcast: 5 security predictions that will take hold in 2018

More from Risk Management

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today