2018 was another crazy year for InfoSec news. While we made some fantastic strides as an industry, it’s still wrought with scary trends, huge breaches, and a lack of education. We’ve broken down all of these things — the good, the bad, and the breaches.

Take a look back at the stories that made an impact on the information security industry in the 2018 FRSecure InfoSec Recap. Share the stories that resonate with you the most to your Twitter followers and keep the security discussions rolling!

The Good

2018 @FRSecure #InfoSec Recap: All 50 U.S. states now have breach notification laws as Alabama enacts theirs in 2018. Click To Tweet 2018 @FRSecure #InfoSec Recap: Police take down the world's largest DDoS-for-hire service. Click To Tweet 2018 @FRSecure #InfoSec Recap: GDPR went into effect in May of this year. It's considered the world's strongest set of data protection rules. Click To Tweet 2018 @FRSecure #InfoSec Recap: PCI SSC worked on security for new payment options to release in 2019, focusing on mobile apps and IoT. Click To Tweet 2018 @FRSecure #InfoSec Recap: California became the first state to enact a law surrounding IoT security. Click To Tweet 2018 @FRSecure #InfoSec Recap: FDA reveals steps to bolster medical device cybersecurity. Click To Tweet 2018 @FRSecure #InfoSec Recap: The FTC released free cybersecurity resources for small businesses — a group that is heavily targeted. Click To Tweet 2018 @FRSecure #InfoSec Recap: The American Bankers Association announced an industry-developed cybersecurity profile and supporting documents to harmonize the industry's approach to risk assessments. Click To Tweet 2018 @FRSecure #InfoSec Recap: The Pentagon is working to bolster its information security demands for contractors in future contracts. Click To Tweet 2018 @FRSecure #InfoSec Recap: The people involved in the infamous SamSam ransomware attacks were charged. Click To Tweet 2018 @FRSecure #InfoSec Recap: Democratic senators introduced a data security legislation. The bill would create a federal breach notification requirement. Click To Tweet 2018 @FRSecure #InfoSec Recap: The Dept of Health & Human Services has started over, making a second attempt at launching a cyber coordination center that aims to help the healthcare sector improve its defenses and boost information sharing. Click To Tweet

The Bad

2018 @FRSecure #InfoSec Recap: 25% of your employees are using the same password for every account. Yes, it's 2019, and we still don't know proper password etiquette. Click To Tweet 2018 @FRSecure #InfoSec Recap: As a whole, we're pretty clueless: 64% of working adults do not know what ransomware is. Click To Tweet 2018 @FRSecure #InfoSec Recap: One-third of business decision-makers would pay hacker's ransom demands rather than invest in more security. Click To Tweet 2018 @FRSecure #InfoSec Recap: A bug in an Uber self-driving car lead to a death. This was a 2018 prediction we hoped would never come true. Click To Tweet 2018 @FRSecure #InfoSec Recap: The healthcare industry was in the news a lot for information security concerns this year. The industry saw a 278% increase in data breaches in Q2 of 2018, and 30% were caused by repeat offenders. Click To Tweet 2018 @FRSecure #InfoSec Recap: Not overly surprisingly, Amazon Echos can be used to spy on their owners. Click To Tweet 2018 @FRSecure #InfoSec Recap: Your iPhone might not be as secure as you thought. Within hours of Apple's release of the iOS 12.1 update, Spanish security researcher Jose Rodriguez figured out a way into a password-protected iPhone.  Click To Tweet 2018 @FRSecure #InfoSec Recap: Think your password is strong? A recent Wi-Fi attack may be able to crack it regardless. Click To Tweet 2018 @FRSecure #InfoSec Recap: With two-thirds of organizations already saying they have a shortage of cybersecurity professionals, the cybersecurity workforce gap is widening even more, to nearly three million across multiple countries. Click To Tweet 2018 @FRSecure #InfoSec Recap: Nation-states took cyber-espionage to a new level this year. Reports circulated that China and Russia were tapping into President Trump's iPhone. Click To Tweet 2018 @FRSecure #InfoSec Recap: Yikes! Online phishing attacks were up 297% in 2018 over the previous year! Click To Tweet 2018 @FRSecure #InfoSec Recap: A new study shows that ransomware attacks on Apple devices were up 500% in 2018. Click To Tweet

The Breaches

2018 @FRSecure #InfoSec Recap: Hackers used a vulnerability in the fitness app Strava to detect military movement. Click To Tweet 2018 @FRSecure #InfoSec Recap: Technological issues at the Winter Olympics were actually caused by a cyber attack. It took down broadcasts, internet, and drones, but it appeared that hackers planned to take out power to the stadium. Click To Tweet 2018 @FRSecure #InfoSec Recap: Russia was accused of orchestrating a campaign of cyber attacks targeted at the U.S. power grid. They never went that far, but Russian actors gained the ability to disrupt/completely shut down critical… Click To Tweet 2018 @FRSecure #InfoSec Recap: Not one, but two cities were halted this year by ransomware attacks. The cities of Baltimore and Atlanta were both shut down in different ways from the two attacks. Click To Tweet 2018 @FRSecure #InfoSec Recap: In one of the biggest breaches of the year, Under Armour's MyFitnessPal was compromised, exposing information from 150 million users. Click To Tweet 2018 @FRSecure #InfoSec Recap: Delta Airlines was rocked by a breach in late 2017 that they found out about in April of 2018. Payment information of hundreds of thousands of customers may have been impacted. Click To Tweet 2018 @FRSecure #InfoSec Recap: 200,000 Cisco router switches were hacked in April. The attack affected large internet service providers and data centers across the world and appears to have been politically motivated. Click To Tweet 2018 @FRSecure #InfoSec Recap: A security researcher used his previous findings to take things to a whole new level. Ruben Santamarta was able to hack in-plane Wi-Fi … from the ground. Click To Tweet 2018 @FRSecure #InfoSec Recap: Banco De Chile experienced a breach: 9000 workstations and 500 servers were affected. But, it was a ruse — the pandemonium was used as a smokescreen for attackers to wire $10M to Hong Kong. Click To Tweet 2018 @FRSecure #InfoSec Recap: A cancer treatment center was fined $4.3 million in civil monetary penalties from the Dept of Health and Human Services for a lack of device encryption. It was a rare ruling— only the second of its kind for the OCR. Click To Tweet 2018 @FRSecure #InfoSec Recap: Millions (yes, millions) of voter records were exposed online in August. The data — a single file containing an estimated 14.8 million records — was left on an unsecured server without a password. Click To Tweet 2018 @FRSecure #InfoSec Recap: The British Airways site and app were compromised for two weeks in July of this year. Names, email addresses, and credit card information of nearly 380,000 transactions were compromised. Click To Tweet 2018 @FRSecure #InfoSec Recap: Facebook was all over the news this year. Between the Cambridge Analytica snafu and a vulnerability that forced them to log 90 million users out of their accounts, they will certainly be under close watch in 2019. Click To Tweet 2018 @FRSecure #InfoSec Recap: In the biggest OCR settlement ever, Anthem, Inc. agreed to pay $16M in fines for a breach that left 79 million people's healthcare records exposed. Click To Tweet 2018 @FRSecure #InfoSec Recap: The U.S. Postal Service released a service to show customers what is coming in their mail before it gets there. Hackers took advantage, breaking into the system to steal personally identifiable information. Click To Tweet 2018 @FRSecure #InfoSec Recap: Uber got hit hard for their late breach disclosure. The EU fined them $1.2M for Uber's response to their 2016 breach. Click To Tweet 2018 @FRSecure #InfoSec Recap: In not-so-comforting news, Chinese hackers were able to gain secret U.S. Navy information like missile plans and maintenance data. Click To Tweet 2018 @FRSecure #InfoSec Recap: Thousands of NRCC emails may have been spied on this year. Click To Tweet 2018 @FRSecure #InfoSec Recap: The dangers of using the same password were made evident once again. Hackers gained passwords from a third party, then used those passwords to gain access to numerous DD Perks (Dunkin' Donuts) accounts. Click To Tweet 2018 @FRSecure #InfoSec Recap: In one of the biggest breaches we've seen, an attack on the Starwood hotel organization eventually hit Marriott, who acquired them. Over 500 million guest records were compromised. Click To Tweet 2018 @FRSecure #InfoSec Recap: Google is in hot water for hiding a breach disclosure in a bigger announcement that they'd be sunsetting Google Plus. The breach compromised 500,000 users' accounts. Click To Tweet

Thank you for following along with our InfoSec news recaps this year. Understanding information security trends is important. It gives you an idea of what’s going on in the industry so you can continue to protect yourself and your business. Follow FRSecure on Twitter and LinkedIn for consistent updates on information security news like this, and visit our site to learn how your organization can continue to make improvements to its security measures.

vulnerability scan

FRSecure on FacebookFRSecure on LinkedinFRSecure on TwitterFRSecure on Youtube
FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *