In terms of cybersecurity, 2018 does not appear to be off to a great start and looking back over the past year, it’s easy to see why cyber attacks have been such a big topic in the news. At only a few days into the new year, many leaders in the industry from around the world continue scrambling to mitigate the dual-threat represented by Meltdown and Spectre. In fact, the discovery of those two vulnerabilities may, by themselves, be enough to put the technology industry on notice for the next 365 days. Cyber attacks of a wide variety also seemed to loom large over much of 2017, driving home the fact that no technology is ever truly secure or unbreakable. It may even be arguably true to say that 2018 is not, so far, breaking from the norm. Moreover, it’s important to point out that measuring the attacks from year-to-year doesn’t necessarily provide a total picture of the state of security. Having said that, the potential is there for malicious entities and software to have a profound impact on the technology industries and beyond over the course of the next year.
To understand the threats moving forward, it’s also important to understand what has happened over 2017. Throughout the year, the world witnessed a massive attack on Equifax and the subsequent theft of data, as well as instances of ransomware exploiting vulnerabilities such as the aptly dubbed WannaCry and others. On the other hand, mobile vulnerabilities and malware such as Blueborne or LightsOut were also discovered and the news was all but filled with cyber attacks that ranged in result from the theft of digital currency to personal data being compromised. Looking beyond that, there were even a few instances of alleged political tampering and cybersecurity circumvention resulting in the shutdown or causing other harm to infrastructure. The importance of understanding what those threats were, comes down to the fact that the kinds of threats noticed throughout 2017 are not likely to be going to go away. While it's true enough that individual instances were ultimately avoided or the underlying problem solved, the kinds of cyber attacks used have not necessarily changed that much over the past decade. Instead, they have become more sophisticated and, in some cases, the tools used to enable the use of them have become more readily available.
There's no good reason to think any of that would change now, although there may good reasons to suspect that cybersecurity threats are becoming much more targeted and perhaps more dangerous. That's likely tied into the above-mentioned ramped up sophistication, which allows for more precise direct targeting. That's a part of the threat which could actually be growing. A.I. and machine learning have advanced rapidly, which could lead to further improvements to attack speed, targeting, and cybersecurity circumvention. Furthermore, society is very dependent on technology, widening the array of places where a security failure is possible and the probable size of the overall impact of a given attack. Attacks on the networks supporting self-driving vehicles would be one of the more obvious examples of that, albeit one that is likely further away with regard to when such an attack might occur. If such an attack ever occurs, the results could be catastrophic and deadly. Meanwhile, a more likely example for 2018 stems from the growing use of digital assistants, both cloud-based and device-based. For digital assistants, a veritable wealth of user data is stored for everything from basic functionality and new features to advertising. What's more, the devices are technically always listening and it's not hard to imagine the privacy concerns that would arise if a hack happened.
As alluded to above, that doesn't mean 2018 will necessarily be any worse than last year. Increased public awareness of technological issues, coupled with improvements to security will help matters. Best of all, things are not always as bad as they may seem. For example, Meltdown and Spectre are obviously a big threat to the technology industry. The ways in which they could be exploited vary but represent a substantial risk to large businesses and individuals alike. However, these are also vulnerabilities that were technically discovered before they could cause any major damage. That doesn't always happen to be the case, but a sizeable portion of the news about cybersecurity over the past year has involved similar circumstances. Once found, companies were able to quickly begin implementing fixes and workarounds to mitigate the threats. In most cases, reports about threats have also allowed end users to take steps of their own in order to mitigate possible problems. That's almost certainly going to continue into the foreseeable future.