2018 Cybersecurity Year in Review

It’s hard to believe we are closing in on the end of 2018. We want to take this time to reflect with a look back at the 2018 cybersecurity year in review, and a look ahead to what next year may hold.

Key Themes

Continued Improvement, But Still Not Enough

While firms are starting to finally dedicate resources, including both dollars and people, to improving their security posture, many functions are still understaffed and have small budgets. We work with many small businesses where the people that are responsible for the security of the company are also the folks helping Sally from Accounting troubleshoot her computer issue. This is not sustainable, and having a dedicated team to focus on security or outsourcing elements of your security program are becoming vital to business growth.

GDPR, What Next?

With the global roll out of GDPR, there was a lot of uncertainty on the impacts to the business world. We have still yet to see any large fines levied under the act, however, time will tell if companies around the globe take GDPR seriously. We will also be monitoring to see if any large nations or organizations look to roll out similar acts or legislation.


Exchanges holding Bitcoin and other types of cryptocurrencies were constantly under attack. There was ~$2.3 billion dollars worth of cryptocurrency stolen through the first half of 2018. Cryptocurrency was also seen as the preferred method of payment for ransomware attacks. As attackers locked up networks, this proved to be the most efficient way to be paid and least risky with regard to being traced.

Interesting Statistics from 2018

The statistics never lie and are often times pretty eye-popping. Below are a few interesting statistics that came from Cisco’s 2018 Annual Cybersecurity Report and the Cisco 2018 Small and Mid Market Business Report.

  • 53% of mid market companies have experienced a breach 
  • 29% of mid market companies say breaches cost them less than $100K. 20% say it costs$1,000,000-$2,499,999 
  • 101,934 – the number of phishing URL’s identified in just March of 2018 

Largest Breaches

1)   Marriott – November 2018 – 500 million customers data stolen

2)  Under Armour – March 2018 – 150 million records

3)  Quora – November 2018 – 100 million users information stolen

4) Facebook – September 2018 – 50 million users

Looking Ahead to 2019

While the 2018 cybersecurity year in review might go down as one of the worst years for data breaches in terms of customer records stolen and the sheer number of organizations breached, we are optimistic about the future. With more and more organizations relying on networked systems and an overall increase in the number of connected devices, the attack surface for organizations continues to rise. However, as firms continue to bolster their security posture and understand that they can’t ignore cyber-risk any more, our hope is that these numbers will begin to decline in the future.