CYBERSECURITY

2019 in Cybersecurity: Data breaches dominate another scary year

By Jonathan Pendergrass / jonathan.pendergrass@archetypesc.com

With every passing year, society becomes more and more reliant on technology and we share an increasing amount of our personal data online. Of course, this means that now more than ever that you should be wary of how your data is being handled and that the need for secure networks and applications is at its peak.

As we are rapidly approach the end of the year — and the decade — we’d like to take a minute and look back at a few of the big stories that have dominated the conversation in the cybersecurity industry this year. From data breaches and new privacy laws to ransomware at the local government level and supply chain attacks here’s a look back at what made 2019 in cybersecurity such an interesting year.

1. Data breaches cause havoc

Again in 2019, a number of data breaches made news, both due to the high-profile companies they affected and the sheer number of accounts with leaked information.

According to the RiskBased Data Breach QuickView Report 2019 breaches as a whole were up 33 percent since last year, while the number of records involved in the breaches grew a staggering 112 percent to more than 7.9 billion records.

A few of the most newsworthy breaches involved companies like Doordash, First American Financial, Epic Games — creators of the popular Fortnite video game.

The Fortnite data breach, which occurred Jan 12, 2019, involved a flaw in the login system, and gave hackers the ability to impersonate real people and make purchases for in game currency on their own accounts using someone else’s credit card information that was stored on their accounts and even listen in on their in game chat conversations. Epic Games, has not stated how many people were affected by said breach, but with over 200 million registered users and around 80 million users logging in each month that’s a terrifying number of individuals that could be affected.

Also, in late February, two cybersecurity researchers happened upon one of the largest non-password protected email databases on the web.

If all that has you a bit concerned about how you may have been affected by these breaches, you can do a quick search on the Have I Been Pwned website, and you will get a list of how many times your personally identifiable information (PII) has been found online.

2. New data privacy regulations

Potentially the biggest news in security and data privacy this year was the California Consumer Privacy Act (CCPA). Though it is not set to take effect January 1, 2020, security professionals and those throughout the technology space spent plenty of time and effort preparing for a sweeping new set of laws that affords its residents information on what personal information has been collected on them.

Much like the General Data Protection Regulation(GDPR), which was implemented by the European Union in 2018, this act will reach well beyond the confines of California and effect businesses across the U.S.

Compliance with the CCPA forces businesses with at least $25 million in annual revenue that earn more than 50% of business revenue from selling personal data to be more transparent with data collected on consumers. It also allows consumers to hold businesses accountable for their treatment of consumer information.

Learn more about CCPA and what you should be doing to prepare for it, by clicking here.

3. Ransomware attacks on local governments

Malware attacks are nothing new, but as ransomware attacks continue to grow the risk of these attacks has extended to new niches and different industries.

In, 2019 the poster child for the growth of this type of attack was the rise in notable incidents of ransomware being used against local government entities.

In all, there were more than 70 state and local government ransomware attacks this year affecting groups including Philadelphia Courts First Judicial District, Cleveland Hopkins International Airport and several municipalities in Florida and Georgia.

According to security giant McAfee this type of attack saw an increase of 118% in the first quarter of 2019 alone.

One of the highest-profile ransomware attacks this year and possibly in history is the ransomware attack on the city of Baltimore. Effecting the entire city of Baltimore’s police surveillance cameras, utilities payment systems, phone and email outages until the found a paper-based workaround, this attack showed just how crippling a lack of cybersecurity preparation can be.

4. Supply Chain Attacks

A relatively new type of attack that has risen to the forefront of cybersecurity concerns in 2019 are supply chain attacks, which targets third-party software vendors.

To users these attacks look like legitimate software updates from a trustworthy provider, but they are actually compromised and push out malware to users.

One of the biggest supply chain attacks is the NotPetya attack that occurred in 2017, targeting the Ukrainian government and costing the world over 10 billion dollars in total damages.

This year, two of the world’s top technology providers fell victim to supply chain attacks this year, with Asus and Microsoft infecting millions of customers through attacks where hackers used legitimate updates as the means of distribution.

Since 2018 experts have seen a 78% in this type of attack, which is scary considering there is no “quick fix” way to prevent these attacks — the only way to protect yourself is thorough vetting of your supplier network and even then risks still exist.

5. Android Malware

This year had its fair share of attacks on our devices, including a growing number on mobile phones.

Over the past year, experts have seen a 50% increase in attacks on mobile devices — with Android users being particularly susceptible to malware and other hacks.

Due to the continued growth huge increase in 2019, more and more hackers are using malware to try and steal banking information, login credentials, and even take over your phone.

Take control of your security today!

Work with the cybersecurity experts at Archetype SC specialize in helping businesses understand and manage the risks associated with modern technology. Help lock down your most precious assets today with our Security Risk & Vulnerability Assessment (SRVA), which provides a detailed look at vulnerabilities in your system. Contact us today for a free consultation.

© Copyright 2019 Archetype SC, Inc.