11 January 2018

Looking Back at Our 2017 Privacy and Cybersecurity Predictions

We ended 2017 by making predictions about what 2018 will bring to the privacy and cybersecurity world.  We’ll start 2018 by looking at how we fared in our 2017 predictions.  Spoiler alert, we nailed it.

Expansion of Breach Notification Requirements

We’ll give ourselves half credit for this one. While some states took action, Michigan did not pass any new breach notification bills this year and no major bills were passed by Congress.  However, Congress is currently considering breach notification legislation. The Data Security and Breach Notification Act was introduced in the Senate on November 30, 2017.  If it becomes law, among other things, the bill will require certain businesses to implement security measures to protect electronic information and require companies to notify U.S. residents if they experience a breach and notify the FTC, the FBI and consumer reporting agencies if the breach impacts more than 10,000 people.

Will Healthcare Organization Continue to Be Popular Targets

We nailed this one. Healthcare organizations continue to be popular targets for malware, ransomware and hackers.  The WannaCry and Wanna Decryptor ransomware virus shut down several dozen regional health authorities in the United Kingdom and a healthy system in North Carolina was shut down by a variant of WannaCry as recently as October.  Other hospitals and health system were forced to pay ransoms after suffering ransomware attacks.

International Data Breaches

We got this one right, too. The WannaCry attack in May impacted 300,000 users from 150 countries and impacted businesses ranging from hospitals, to law firms to automotive plants and national telephone services. WannaCry was quickly followed by the Petya ransomware cyberattacks that cost companies around the world hundreds of millions of dollars in revenue and ransoms.  Both the WannaCry and Petya attacks started in countries outside the US, but ended up impacting companies around the world.

Class Actions After Breaches

We think the 240 class action lawsuits against Equifax mean we got this one right, too. As we have written before, Federal courts are split on whether data breach victims have standing to sue.  Several cases have been appealed to the Supreme Court of the United States and attorneys and consumers across the country are waiting to see if the Supreme Court will resolve the split in the lower courts.

Vulnerability of Mobile Devices

This is the third prediction that was proven right thanks in part to WannaCry.  Wannacry reportedly infected medical devices in the United States and the Food and Drug Administration issued a fact sheet in November addressing the vulnerability of medical devices to security breaches.  But medical devices are far from the only mobile devices which are vulnerable to cybersecurity threats.  As the Internet of Things continues to grow, we expect to see more cyberattacks on mobile devices.

Will Ransomware Attacks Continue to Grow

Ransomware has definitely grown.  As we have already mentioned, WannaCry and Petya impacted hundreds of companies and hundreds of thousands of users around the world.  According to studies, roughly 60% of malware payloads were ransomware in 2017.  In addition to being more common, the number of ransomware variants has increased significantly as well.  While consumers were still the primary targets of ransomware, it has become more common for cybercriminals to target businesses.

In summary, we scored a 5.5 out of 6 on our 2017 predictions!  Be sure to look at our last post where we predict what the hottest cybersecurity issues for 2018.