Harvard’s cybersecurity course is certainly a demanding slice of your life. However, I gained valuable insights from Eric Rosenbach and cybersecurity leaders from National Security Agency, Akamai, and Google. In addition, this offered me an opportunity to connect with cybersecurity leaders across wide ranging business and geographic locations.
2018 proved a challenge, looking beyond repeated megabreaches that dominated news headlines. Did you suffer from breach fatigue? It was like the movie Groundhog Day.
At some point (probably sooner than we think) all the data impacting all the users connected to the global internet will all be available on the dark web. All for a price…
Flaws in Intel’s own CPUs revealed new attack surfaces in January. In contrast, credit card breaches like the Marriott Starwood announced in late November are simply a continuation of attacks on Exactis, Equifax and Facebook. Above all, don’t forget Quora‘s 100 million user breach. Or the San Diego K12 school system suffered 500 million student accounts including ePHI is also eye opening. Healthcare ransomware re-emerged midyear. Global WannaCry and NotPetya ransomware attacks impacted healthcare in summer 2017. Just as hospitals patched legacy SMB1 services, cybercriminals quickly shifted to crypto mining attacks against hospitals.
Monitoring can often seem like cat and mouse game. Perhaps more like whack a mole. Cybercriminals moved back to SamSam ransomware strains as the City of Atlanta discovered over this summer.
Lessons for business are certainly clear. Cybersecurity must clearly move deeper into the boardroom in 2019. This is a top risk management issue now. To be fair every corporate board needs members who understand information security. In addition, the lack of senior leadership was clear at Equifax. New tools are needed to detect attacks that have moved unnoticed by legacy solutions. New mergers and acquisitions of cyber startups will prove valuable assets to companies and healthcare systems next year.
Why? Attacks have certainly moved beyond government infrastructures. There are a wide range of industries under attack by nation states. The new year should launch an approach to social media, big data and IoT vulnerabilities. Each expose new threat surfaces that will result in more megabreaches.