IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

2018: The Year Privacy Took Center Stage

As we look back at the top security stories of the past year, 2018 will be remembered as the year that privacy topics kept showing-up in headlines as never before. Here’s a year-end round-up of 2018’s top cyberstories.

As widely predicted, anticipated and even celebrated (by some), the biggest cybersecurity stories in 2018 were all about privacy.

But STOP. Before you click or jump to another article, this year-end cyber-round-up is NOT a rehash of GDPR and other new global regulations.

For the most part.

There is no doubt that new privacy laws in Europe dominated tech and security magazine headlines — especially in the first half of the year. Add in new California and New York privacy laws, and compliance seemed to make a big comeback — at least for the lawyers.

But privacy topics ranged from Facebook’s testimony before Congress to plans for a global DNA database. Many other topics also fed the privacy narrative, from more ransomware in hospitals and cities to arguments over uses for new artificial intelligence and big data capabilities.

In fact, I believe that new microchip implant actions and plans for companies is set to become the next huge privacy issue. The chip implant topic was a growing trend in 2018 and is set to explode in the 2020s.  

In the same year that the United Nations proudly proclaimed that more than half the world is now online, other headlines asked: Is NOTHING private anymore? This UK article describes the “shocking extent of how big firms harvest your data — from children's voice recordings, passport info and even pregnant mothers' due dates.…”

Nevertheless, this widespread (even dominating) focus on privacy in 2018 does not, necessarily, imply a societal trend toward more privacy for all. Indeed, the privacy regulations have received a backlash from others who claim (loudly) that government over-reach and regulations are simply old-fashioned. There is little doubt that some people (especially millennials) don’t care (very much) about their privacy anymore, especially when they can trade privacy for convenience.

At the same time that new privacy regulations dominated business discussions, some experts proclaim privacy is dead.  

But whether you lean “pro more privacy” or as an “I don’t really care” there is no doubt that this privacy topic needs to take the No. 1 prize for technology and cyber and IT infrastructure stories for 2018, assuming nothing catastrophic happens in the last few weeks of the year.

 From Where Have We Come?

But before we dig a bit deeper into more top cyber stories, trends and themes from 2018, let’s take a quick look back at the past four years and their year-end roundup summaries.

  • 2014: The Year Cyber Danger DoubledCybersecurity stories were more popular than ever in 2014, with the word "cyber" showing up in front of topics ranging from security to shopping scams to global online attacks. But no matter how we rename, reclassify or reanalyze the data in cyberspace, it is clear that the dollars spent, problems encountered and attention given cyber has virtually doubled in 2014.
  • 2015: The Year Data Breaches Became More Intimate — Something new, even unprecedented, happened this year in our cyberworld. The most noteworthy data breaches were not focused on financial data. Here’s a data breach recap from 2015 — along with my views on what these events tell us.
  • 2016: The Year Hackers Stole the Show — With A Cause — In 2016, hacktivists took center stage. Hacktivism disrupted many global causes — providing new online missions with anti-establishment goals that wounded public credibility and trust. Here’s a cyber-roundup highlighting major international activities online, and how they impacted news headlines in the past year.
  • 2017 Review: The Year Hurricanes Devastated Land, Data and Trust - As 2017 draws to a close, the record-breaking hurricane season tops the list of stories that we will ponder for decades. Nevertheless, the new cyberstorms in 2017 were just as potent, striking at the heart of our financial system with more unprecedented data breaches, cyberextortion, CEO fraud and fake news that undermined trust in virtually every area of life.
Some readers also like to “keep score,” and look back every December to review what predictions (and prognosticators said) at the beginning of the year. Here’s what was predicted by top companies and tech writers said at the end of 2017 about 2018 – with the overall level of accuracy rising in my view. This may be a byproduct of “safer” cyberpredictions that are more like trends than a result of better predictions.

Many people around the world predicted that privacy would be the top story along with more hacking and data breaches. (Side note: Your 2019 security industry top predictions are coming in two weeks.)    

On to the Top Ten Cyber Stories and Security Trends From 2018

1. Data Privacy, including GDPR and its impacts, the California Privacy Act of 2018, other state privacy laws and other privacy stories as listed above. Note this last reference offers these tips on privacy to organizations:

  • Auditing the personal data they collect, analyzing the nature or categories of personal data, and identifying which data is “critical” to the company.
  • Developing a process for receiving, reviewing and fulfilling customers’ requests in connection with their data and requests to opt out of data collection as well as how these requests will be operationalized.
  • Developing and maintaining written data protection policies and security procedures and training employees who handle personal data on policy changes, proper handling, and best practices.

2. Data Breaches — A flurry of late year data breaches (and several new announcements of data breaches that occurred in past years) once again ensures that some expert (or perhaps quite a few) will, like last year, once again proclaim 2018 as ‘the year of the data breach.’ As I have explained for many years now, that broad category doesn’t work, and leads to a repeat "Groundhog Day" (the movie) effect that will never end (at least in my lifetime) surrounding hacker activity.

Still, the top data breaches were cracking the record books. This Barkley blog lays out details on the top data breaches from the first half of 2018, including:

  • Aadhaar — 1.1 billion records breached
  • Exactis — 340 million records breached
  • Under Armour — 150 million records breached
  • MyHeritage — 92 million records breached
  • Facebook — 87 million records breached (perhaps many more)
And more recently, we have learned about huge data breaches at Marriott and Quora and other brands — along with new lawsuits. Expect more data breach announcements to strike before the ball drops on New Year’s Eve — with companies often trying to hide announcements on days when the public’s attention is focused elsewhere.

3. Cryptomining malware explodes — In a somewhat surprising development in July (before bitcoin crashed), many experts believed that cryptomining had overtaken ransomware as the leading malware headache for enterprises. “Current crypto value is said to reach one trillion dollars this year. With an estimated five-to-ten million active wallets. …”

However, others proclaimed that ransomware was still ahead of cryptojacking as the favorite weapon of cybercriminals. Regardless, illicit cryptomining was a top security story in 2018. 

4. Cyber Talent Shortage — Wherever you go on the planet, if you talk to a lot of CISOs, most of them are very concerned about the inability to attract and retain cybertalent. I have written about how Stock Options, IPOs and Acquisitions Accelerate Cybertalent Divide and 3 Ways to Fight the Cybertalent War and the Georgia Cyber Center as offering some of the answers.

This Forbes article outlines the ongoing security industry crisis.

5. Ransomware — After ransomware dominated the hacking show in 2017, there have been less high-profile cases in 2018. Nevertheless, ransomware has not gone away – by a long shot. Far from it, recent cases, like this PC-case earlier this month in China, keep popping-up. Indeed, this story from The Economic Times in India reports that targeted ransomware is surging.

One slight bit of good news on this ransomware front, the Department of Justice indicted two Iranians on the ransomware attacks that devastated Atlanta in March of this year and also hit several large hospitals with the SamSam ransomware.   

6. AI-powered cyberattacks and AI used for cyberdefense tools for security – Artificial intelligence (AI) showed up in thousands of stories this year in two main respects. Numerous companies are touting the benefits of cyberdefenses based on AI, while attackers also used AI. This UK article from Information Age lays out both sides of the AI discussion. (Quote in UK spelling): Arguably, AI has the potential to provide an extremely large benefit to the overall framework of an organisation’s cyber security defence. However, the reality is that it also has the potential to be a real danger under certain conditions as hackers are fast gaining the ability to foil security algorithms by targeting the data AI technology is training on and the issues it is able to flag. …”  

7. Cloud Security Importance — This topic has been hot, but has become even hotter in 2018, as cloud enterprises unpack what it really means to move more data to the cloud.

Looking at the top priorities for CIOs at the end of 2018 and moving into 2019, while security and risk management remain the top items, cloud services has moved to #2.

Trends in this space include security by default and design. The rise in FedRamp importance for the federal (and soon state and some local) governments, and a rapid growth in cloud access security brokers (CASB).

8. Implications of Nation-state hacking and cyberwar — The Russian attacks on U.S. elections were just the tip of a much bigger cybericeberg. Numerous stories about critical infrastructure attacks, increasing cyber-risk from advanced malware, and more threats and vulnerabilities uncovered and exploited by terrorists, were all huge challenges in 2018.

For more on this see this SC magazine piece: Nation-states, terrorists place critical infrastructure in their cross-hairs.

9. IoT Security — Securing the Internet of Things has become a catch-all phrase that is starting to get split into smaller chunks. Smart everything, from smart cities to smart homes is an increasing problem. Here are a few examples to consider from this year:

There is also a mobile security story that is related to IoT, and smartphones continue to be used as the “universal remote” for managing IoT and so many other apps. (Yes, this could be its own category, but I’m lumping them together in this piece.)

10. Digital Transformation, Even Disruption, Affects Cyber - While all these scary cybertrends have evolved in 2018, more and more enterprises are undergoing major digital transformations — for the good. We may even head closer to that “paperless office” that was promised 25 years ago. But with more online actions by people, affecting processes and technology and data, security problems abound. Betanews proclaimed that Poor security habits [are] made worse by the speed of digital transformation.

Closing Thoughts

There is so much more to say about 2018, but I have been (legitimately) accused of trying to say too much in each blog. This is a “year-end summary,” and these are my top stories/trends from 2018 cybersecurity. As a quick update to help (two days after this blog initially went live), this Business Insider piece lists the biggest data breaches in 2018

What are your thoughts? Please share this piece with what’s missing via social media, or engage with me on LinkedIn.

What do I know is missing? Lots — from drones to robots and from quantum computers to ongoing fears that we are being outgunned and business and governments are losing the cyber arms race.

But we’ll save those topics for next year — perhaps.

For now, I leave you with this quote from Søren Kierkegaard:

“Life can only be understood backwards; but it must be lived forwards.”

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.