WannaCry and Petya/NotPetya ransomware; Wikileans CIA Vault 7; the Equifax, Deloitte and Uber data breaches. 2017 was another year of continuous cyber attacks. Welcome to 2018. It’s sure to be more of the same.
But before we move forward, let’s reflect on the top cybersecurity stories of last year. Interest in cyber attacks – and methods for defeating them – drove a record amount of traffic to the Identity Week blog in 2017. Here are our top 5 blog posts in 2017, according to number of visitors.|
The cyber security incidents mentioned above – like WannaCry, Petya, and Equifax – are just a sampling of the many cyber attacks of 2017. Most of these attacks succeeded by following a series of similar steps. Our most popular post of 2017 examines the seven most common steps in a cyber attack, and what can be done to defend against them.
Clearly, most organizations face a very real danger from cyber attacks that originate outside their walls from nation-state attackers or professional criminal hackers. But what about the insider threat? Do the same organizations who diligently try to defend against external attacks also recognize the dangers from within? We take a look at those questions in this, the second most popular post from last year.
You’re probably familiar with pass the hash attacks. But what about its lesser known cousin, pass the ticket attacks? We dive into the pass the ticket attack in this post, describing how it executes, what it’s trying to do and how you can stop it. The topic was popular enough to become our third most read blog post in 2017.
Successful cyber attacks continue to mount, and it seems like conventional perimeter defense tools can no longer keep the bad guys out. IT professionals are turning to new cyber security solutions, like Privileged Identity Management – which can contain cyber attacks that breach the network perimeter. We lay out the facts about PIM in this post, the fourth most popular one of 2017.
The infamous US Office of Personnel Management (OPM) data breach of 2015 resulted in the theft of an estimated 21.5 million highly sensitive federal records. While unfortunate, what’s done is done. All we can do in the cyber security industry is examine what happened and learn from the mistakes. That’s what we did in this “lessons learned” post. The subject resonated enough to make this our fifth most popular blog post of 2017.
Thanks for reading. If you like these topics, please subscribe to our Cyber Defense Newsletter.