Another year of security warnings, alerts and announcements is now behind us.
Over the 12 months of 2018, enterprise security has taken several twists and turns, particularly when it comes to the response to cybercrime. While 2017 was dominated by the rise of ransomware, especially in the form of WannaCry and NotPetya, this last year was defined by an array of cybersecurity concerns that varied from one to the next.
Yes, ransomware still played a major role in 2018, but this was tempered by a rise in other criminal activity, most notably cryptomining or cryptojacking, especially as the price of cryptocurrency, including Bitcoin and Ethereum, fluctuated over the course of the last three months of the year. (See Cryptomining Malware Continues to Surge as Cybercriminals Cash In.)
Researchers also took note that the scams such as phishing and spearphishing remained strong, but they also noted in numerous reports and studies that cybercriminals have started experimenting with several other techniques and schemes: "sextortion," business email compromise, ransomware-as-a-service, as well as "living-off-the-land." (See Phishing Emails, Trojans Continued to Proliferate in Q3 – Report.)
And let's not forget about all those data leaks. (See Marriott's Due Diligence Failure Led to Massive Data Breach.)
At the same time, the security industry, and the enterprises that they represent, started to come to grips over the last year with several new compliance and regulatory statutes that began to appear. The most visible of these -- the European Union's General Data Protection Regulation (GDPR) -- went into effect in May, and other regions, such as China, are looking to follow suit. In the US, California moved to offer some basic privacy protection for its residents. (See California Looks to Pass Rudimentary IoT Security Legislation.)
The issues surrounding data protection and compliance coincided with a growing concern from consumers and users about how their data was being used by companies, especially in the wake of revelations that Facebook allowed third parties access to a treasure-trove of data during the 2016 US Presidential election.
When Gartner analysts talked to CIOs this year, they urged the audience to consider privacy as part of their enterprise business plans. (See Gartner: Cybersecurity & AI Are Top Spending Priorities for CIOs.)
With all these security issues, and many more, Security Now wanted to look back at the year that was 2018 to see what stories affected our readers the most, and how these trends can give us insight into the year ahead.
Here then are the Top 10 security stories of 2018.