The cyberthreat landscape has evolved over time, and 2017 saw an increase in attacks over the 90 million intrusions recorded in 2016. While threats such as ransomware are not new, this year saw a major paradigm shift in which malicious actors aimed to disrupt services as much as they sought monetary gains. Similarly, attacks against critical infrastructure built upon similar incidents from previous years to reach new heights, while incident reporting gaps emerged between businesses located in different geographies.

To wrap up yet another year of headline-grabbing security breaches and disruptive cyber outages, let’s take a look at some of the key trends that emerged in 2017.

The Rise of Ransomware

Some attacks are stealthy, while others are more obvious. Historically, the theft of data benefited from being unobserved. Data was secretly siphoned from computer systems for months or even years while the information was collected and sold to malicious actors.

But the rise of ransomware has thrust cybercrime directly into the spotlight with a more direct approach to causing mayhem. Ransomware announces itself to victims with simple on-screen text explaining that their data has been encrypted but remains intact. A ransom is demanded in exchange for an encryption key to unlock the data. Consumers are generally offered a relatively affordable ransom amount with the thought they will simply comply with the demand and be able to recover their files quickly.

Ransomware attacks such as WannaCry took a different approach, going after public institutions on a global scale. The most widely affected entities were health care facilities in Europe, which were shut down for days. WannaCry demanded only $300, but the online wallet set up to receive payment proved to be unreachable, putting the intent in question: The attack seems to have been motivated by a desire to disrupt operations rather than to collect money. Even though the WannaCry attackers failed to monetize their exploit, estimated losses totaled more than $1 billion due to downtime.

The Shocking Vulnerability of Electrical Grids

As the focus of cyberattacks expands beyond financial gains, industrial control systems are being disrupted. In two separate attacks, the first in late 2015 and the second in late 2016, threat actors compromised the electrical grid in Kiev, Ukraine, shutting down power in the region and putting energy providers that deploy smart grid technologies on high alert.

Dozens of U.S. power companies were compromised in 2017, with some attacks causing shutdowns and disruption of distribution. Attackers took over systems that controlled valves, pipes and conveyor belts in what may have been experimental activities or mere displays of what they could accomplish with a full-scale attack.

Breaches Beyond Borders

Given the growing volume of sensitive data exposed in cyberbreaches perpetrated against U.S. companies, it’s easy to assume that these organizations are the main targets of attacks from around the globe. But organizations everywhere are affected, in some cases more than their U.S. counterparts.

A survey by the Pew Research Center looked at 38 countries and found that South Korea is most concerned about cyberattacks originating from other countries, followed by Japan and then the U.S. Clearly, there are plenty of potential sources of cybercrime to protect against, and threat actors’ chosen targets may depend on location as much as the value of data.

Reporting Delays and Dwell Time

Quickly announcing a breach may seem like an obvious responsibility when public data is exposed and critical infrastructure is threatened, but the truth is that various factors often lead to delays in the release of this information.

One report noted that “companies in the European Union take three times longer than the global average to detect a cyber intrusion.” The firm calculated the region’s dwell time, defined as “the time between compromise and detection,” as 469 days, compared to a global average of 146 days. The reasons for this gap range from simply not detecting data theft incidents to outright coverups.

New Year, New Cyberthreat Landscape

It is crucial for business leaders around the globe and across all industry sectors to understand that threats are real and far-reaching. Security professionals should be aware of threats around the world and monitor developing situations to proactively guard their organizations from the next big, headline-grabbing security breach.

Listen to the podcast: 5 security predictions that will take hold in 2018

More from Risk Management

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today