Last year was a stellar one for e-commerce, setting a new single-day Cyber Monday record of $6.59 billion in sales, but it was also a record haul for hackers, and 2018 will likely be worse.
Personal information isn’t safe, and with over 1,500 breaches a year—and counting—and predictions that data breaches will cost the global economy $6 trillion by 2021.
As estimated 2 billion files containing the personal data of US citizens were leaked last year. And that’s the best-case scenario because it doesn’t include figures from companies who did not disclose data breaches.
The biggest hacking target has been healthcare, which accounting for 60 percent of all leaks last year and led to some $1.2 billion in damages. The technology sector fell victim to hackers to the tune of $1.2 billion as well, while financial record hacks cost $144.8 million and resulted in data breaches of 146 million records.
The retail sector saw 4.7 million records breached, but the damage is said to be in the tens of thousands, rather than millions.
But with the soaring growth of online shopping, retail should invite more—and savvier—data attacks.
Consumers remain dreadfully exposed, and still oddly undaunted.
Make no mistake: This is a war, and cybercrime has reached epic proportions, with 2017 a banner year for mass targeted attacks ranging from full-on campaign hacking and viral state-sponsored ransomware to DDoS (distributed denial-of-service) attacks and corporate espionage.
It's now easier than ever before for hackers to launch their attacks especially thanks to NSA hacking tools leaked online.
The giant Equifax hack, intrusion into the Securities and Exchange Commission (SEC), and an attack at major accounting firm Deloitte are simply preliminary battles.
The scale of the economic costs of these attacks is mind-boggling. Cybersecurity Ventures, a California infosec company, predicts that by 2021, cybercrime will cost the global economy a staggering $6 trillion. Related: The Mysterious Chinese Company Looking To Buy Russia's Energy Giant
On the brighter side, this $6-trillion problem is a boon for the cybersecurity sector, which has been outperforming technology, healthcare and retail.
PureFunds ISE Cyber Security ETF(HACK) vs. Technology Select Sector ETF (XLK) YTD Returns
(Click to enlarge)
Source: CNN Money
A look at the top 5 data breaches of 2017 demonstrates why we should be more fearful than we are, but 2018 will only be worse:
#1 The Big Asian Leak
The Big Asian Leak was the most vicious attack of 2017, with a staggering 1.85 billion customers affected.
In January 2017, a spurious character by the name DoubleFlag started offering hacked information on the dark web from popular Chinese sites including Sina.com/Sina.com.cn, NetEase, Sohu.com, Tom.com and other sites. The hacks themselves were believed to have been conducted from October 2015 to December 2016, while the hackers hung on to their data before capitalizing on it. Stolen data included usernames, passcodes, addresses and financial information.
#2 WannaCry Ransomware
While not technically a data breach, WannaCry was a particularly egregious ransomware that infected millions of servers and PCs across 74 countries and crippled IT systems for hospitals, universities, rail stations, FedEx, national telcos and hundreds of corporations.
WannaCrypt, as the ransomware worm was called, targeted vulnerable Windows operating systems and spread quickly through Microsoft's ubiquitous file-sharing services. Thankfully, Microsoft released emergency security patches that were able to fix the problem.
#3 Misconfigured Spambot
More than 700 million emails and passwords were leaked to the public domain thanks to a misconfigured spambot. That's almost all the addresses for the entire population of Europe.
The data was made public after the spammers failed to secure some of their servers, thus allowing anybody to download the stolen data without any credentials. To date, it's not clear how many people were able to access the stolen records.
The Equifax breach ranks as the fourth-largest customer data theft of the 21st century. Personal information that included tax IDs and driver's license information from 145.5 million customers was lifted from the credit agency's servers over a period of several weeks.
The breach is likely to cost the company hundreds of millions of dollars in remedies, not to mention the billions it has already nicked off its valuation.
But some view it as the ‘mother of all breaches’, and it’s fourth-place status is based on the number of customers affected, not the costs to the company.
Equifax is now saying that it expects costs from the data breach to increase by $275 million this year. At the end of 2017, the cost from the data breach was $439 million. Coming in at over $600 million total, the Equifax breach would be the most expensive hack in history, according to Reuters.
#5 Uber Technologies
In October 2016, hackers used escalated access privileges to gain access to personal data from more than 57 million drivers and customers of popular ride-sharing company, Uber. However, it was not until October 2017 that it emerged that the company had paid $100,000 to the hackers to cover up the heist in what turned out to be another PR quagmire for Uber.
Consumers are left in the dark—an issue that became more serious with the Equifax breach. While the company announced the breach in September last year, it had been aware of it for more than a month prior.
This year could also be worse for consumers with a draft bill aimed at creating a national standard for breach notifications that would exempt banks, financial institutions and retailers from notifying their customers of risk unless it’s high level.
By then, it may be too late.
By Fred Dunkley for Safehave.com
More Top Reads From Safehaven.com: