The cyberthreat landscape has evolved over time, and 2017 saw an increase in attacks over the 90 million intrusions recorded in 2016. While threats such as ransomware are not new, this year saw a major paradigm shift in which malicious actors aimed to disrupt services as much as they sought monetary gains. Similarly, attacks against critical infrastructure built upon similar incidents from previous years to reach new heights, while incident reporting gaps emerged between businesses located in different geographies.

To wrap up yet another year of headline-grabbing security breaches and disruptive cyber outages, let’s take a look at some of the key trends that emerged in 2017.

The Rise of Ransomware

Some attacks are stealthy, while others are more obvious. Historically, the theft of data benefited from being unobserved. Data was secretly siphoned from computer systems for months or even years while the information was collected and sold to malicious actors.

But the rise of ransomware has thrust cybercrime directly into the spotlight with a more direct approach to causing mayhem. Ransomware announces itself to victims with simple on-screen text explaining that their data has been encrypted but remains intact. A ransom is demanded in exchange for an encryption key to unlock the data. Consumers are generally offered a relatively affordable ransom amount with the thought they will simply comply with the demand and be able to recover their files quickly.

Ransomware attacks such as WannaCry took a different approach, going after public institutions on a global scale. The most widely affected entities were health care facilities in Europe, which were shut down for days. WannaCry demanded only $300, but the online wallet set up to receive payment proved to be unreachable, putting the intent in question: The attack seems to have been motivated by a desire to disrupt operations rather than to collect money. Even though the WannaCry attackers failed to monetize their exploit, estimated losses totaled more than $1 billion due to downtime.

The Shocking Vulnerability of Electrical Grids

As the focus of cyberattacks expands beyond financial gains, industrial control systems are being disrupted. In two separate attacks, the first in late 2015 and the second in late 2016, threat actors compromised the electrical grid in Kiev, Ukraine, shutting down power in the region and putting energy providers that deploy smart grid technologies on high alert.

Dozens of U.S. power companies were compromised in 2017, with some attacks causing shutdowns and disruption of distribution. Attackers took over systems that controlled valves, pipes and conveyor belts in what may have been experimental activities or mere displays of what they could accomplish with a full-scale attack.

Breaches Beyond Borders

Given the growing volume of sensitive data exposed in cyberbreaches perpetrated against U.S. companies, it’s easy to assume that these organizations are the main targets of attacks from around the globe. But organizations everywhere are affected, in some cases more than their U.S. counterparts.

A survey by the Pew Research Center looked at 38 countries and found that South Korea is most concerned about cyberattacks originating from other countries, followed by Japan and then the U.S. Clearly, there are plenty of potential sources of cybercrime to protect against, and threat actors’ chosen targets may depend on location as much as the value of data.

Reporting Delays and Dwell Time

Quickly announcing a breach may seem like an obvious responsibility when public data is exposed and critical infrastructure is threatened, but the truth is that various factors often lead to delays in the release of this information.

One report noted that “companies in the European Union take three times longer than the global average to detect a cyber intrusion.” The firm calculated the region’s dwell time, defined as “the time between compromise and detection,” as 469 days, compared to a global average of 146 days. The reasons for this gap range from simply not detecting data theft incidents to outright coverups.

New Year, New Cyberthreat Landscape

It is crucial for business leaders around the globe and across all industry sectors to understand that threats are real and far-reaching. Security professionals should be aware of threats around the world and monitor developing situations to proactively guard their organizations from the next big, headline-grabbing security breach.

Listen to the podcast: 5 security predictions that will take hold in 2018

More from Risk Management

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Roundup: The top ransomware stories of 2024

2 min read - The year 2024 saw a marked increase in the competence, aggression and unpredictability of ransomware attackers. Nearly all the key numbers are up — more ransomware gangs, bigger targets and higher payouts. Malicious ransomware groups also focus on critical infrastructure and supply chains, raising the stakes for victims and increasing the motivation to cooperate.Here are the biggest ransomware stories of 2024.Ransomware payments reach record highRansomware payments surged to record highs in 2024. In the first half of the year, victims…

83% of organizations reported insider attacks in 2024

4 min read - According to Cybersecurity Insiders' recent 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year. Even more surprising than this statistic is that organizations that experienced 11-20 insider attacks saw an increase of five times the amount of attacks they did in 2023 — moving from just 4% to 21% in the last 12 months.With insider threats on the rise, it’s critical for businesses to recognize the real dangers that originate from inside…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today