The cyberthreat landscape has evolved over time, and 2017 saw an increase in attacks over the 90 million intrusions recorded in 2016. While threats such as ransomware are not new, this year saw a major paradigm shift in which malicious actors aimed to disrupt services as much as they sought monetary gains. Similarly, attacks against critical infrastructure built upon similar incidents from previous years to reach new heights, while incident reporting gaps emerged between businesses located in different geographies.

To wrap up yet another year of headline-grabbing security breaches and disruptive cyber outages, let’s take a look at some of the key trends that emerged in 2017.

The Rise of Ransomware

Some attacks are stealthy, while others are more obvious. Historically, the theft of data benefited from being unobserved. Data was secretly siphoned from computer systems for months or even years while the information was collected and sold to malicious actors.

But the rise of ransomware has thrust cybercrime directly into the spotlight with a more direct approach to causing mayhem. Ransomware announces itself to victims with simple on-screen text explaining that their data has been encrypted but remains intact. A ransom is demanded in exchange for an encryption key to unlock the data. Consumers are generally offered a relatively affordable ransom amount with the thought they will simply comply with the demand and be able to recover their files quickly.

Ransomware attacks such as WannaCry took a different approach, going after public institutions on a global scale. The most widely affected entities were health care facilities in Europe, which were shut down for days. WannaCry demanded only $300, but the online wallet set up to receive payment proved to be unreachable, putting the intent in question: The attack seems to have been motivated by a desire to disrupt operations rather than to collect money. Even though the WannaCry attackers failed to monetize their exploit, estimated losses totaled more than $1 billion due to downtime.

The Shocking Vulnerability of Electrical Grids

As the focus of cyberattacks expands beyond financial gains, industrial control systems are being disrupted. In two separate attacks, the first in late 2015 and the second in late 2016, threat actors compromised the electrical grid in Kiev, Ukraine, shutting down power in the region and putting energy providers that deploy smart grid technologies on high alert.

Dozens of U.S. power companies were compromised in 2017, with some attacks causing shutdowns and disruption of distribution. Attackers took over systems that controlled valves, pipes and conveyor belts in what may have been experimental activities or mere displays of what they could accomplish with a full-scale attack.

Breaches Beyond Borders

Given the growing volume of sensitive data exposed in cyberbreaches perpetrated against U.S. companies, it’s easy to assume that these organizations are the main targets of attacks from around the globe. But organizations everywhere are affected, in some cases more than their U.S. counterparts.

A survey by the Pew Research Center looked at 38 countries and found that South Korea is most concerned about cyberattacks originating from other countries, followed by Japan and then the U.S. Clearly, there are plenty of potential sources of cybercrime to protect against, and threat actors’ chosen targets may depend on location as much as the value of data.

Reporting Delays and Dwell Time

Quickly announcing a breach may seem like an obvious responsibility when public data is exposed and critical infrastructure is threatened, but the truth is that various factors often lead to delays in the release of this information.

One report noted that “companies in the European Union take three times longer than the global average to detect a cyber intrusion.” The firm calculated the region’s dwell time, defined as “the time between compromise and detection,” as 469 days, compared to a global average of 146 days. The reasons for this gap range from simply not detecting data theft incidents to outright coverups.

New Year, New Cyberthreat Landscape

It is crucial for business leaders around the globe and across all industry sectors to understand that threats are real and far-reaching. Security professionals should be aware of threats around the world and monitor developing situations to proactively guard their organizations from the next big, headline-grabbing security breach.

Listen to the podcast: 5 security predictions that will take hold in 2018

More from CISO

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read