Select Page

10 of the most important cyber security articles of 2017

CYBSAFE-SebDB Webinar-preblog-221011MS-36

20 December 2017

With new laws, new threats and data breach cover-ups, 2017 was another big year for cyber security. Here are the stories everyone was talking about.

1. New Bill Forces Cybersecurity Responsibility Into the Boardroom

In March, a new bill introduced to the US senate highlighted the fact boards must take responsibility for cyber security. There’s no doubt the topic of cyber security came up in more boardroom meetings this year than ever before. But there’s also no doubt some continue to swerve the topic completely.

2. The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack

In a Microsoft’s statement following WannaCry, President and Chief Legal Officer Brad Smith accepted his employer’s role in the attack before highlighting ‘the degree to which cybersecurity has become a shared responsibility’ – and understandably so. The attack may have exploited a Microsoft vulnerability. But software patches existed. Long before the attack, people had the power to safeguard vulnerable devices.

3. My job is to constantly think about cyber attacks — this is the first time I’ve been truly alarmed

Also on the subject of WannaCry, malware researcher Amanda Rousseau spoke of her shock on seeing how cyber attacks can determine whether someone lives or dies. She ultimately reached the same conclusion as Microsoft’s Brad Smith: cyber security must now be a responsibility shared by technology companies, employers and the people running organisations.

4. The Behavioral Economics of Why Executives Underinvest in Cybersecurity

In a well-researched post, HBR’s Alex Blau revealed why executives underinvest in cyber security and what we can all do to help rectify the situation.

5. Warning to SMEs as firm hit by cyber attack fined £60,000

Far too often, we think of cyber security as an important issue for large organisations only – but the £60,000 fine the ICO handed out to Boomerang Video Ltd in June suggested otherwise. ‘Regardless of your size,’ said ICO enforcement manager Sally Anne Poole ‘if you are a business that handles personal information then data protection laws apply to you.’

6. Human Errors in Cyber Security — A Swiss Cheese of Failures

Erlend Andreas Gjære applies academic research on human fallibility to cyber security before concluding people aren’t always a hazard. When well prepared, Andreas Gjære writes, people can be as much a defence as our technology and processes.

7. GDPR – sorting the fact from the fiction

Following an increase in scaremongering around GDPR, ICO published a guidelines relating to the imminent new law. Amongst their points: fines should not be the concern, consent is not the only way to comply with GDPR and organisations better get a move on to prepare for the regulation.

8. Major cyber-attack will happen soon, warns UK’s security boss

WannaCry – probably the year’s biggest attack – was a category 2 level breach. Technical director of the National Cybersecurity Centre, Ian Levy, predicts a category 1 level incident is just years away. His advice to organizations wishing to prevent such an attack was clear: stop relying on off-the-shelf security solutions and instead work with people to keep data secure.

9. Uber Paid Hackers to Delete Stolen Data on 57 Million People

Towards the end of the year, Uber gave us a lesson in how not to deal with a data breach.

10. The Psychology Of Cyber Security: How Hackers Exploit Human Bias

The human aspect of cyber security garnered more attention than ever in 2017, as more and more people began to see people as a potential defence. In an enlightening article for the Huffington Post, CybSafe founder Oz Alashe discusses the human biases that can can cause cyber attacks – and a simple way we can overcome them.

Behave Hub newsletter CybSafe

Do one more thing right today. Subscribe to the Behave newsletter

You may also like

Maximizing security awareness engagement: How the pros do it

Maximizing security awareness engagement: How the pros do it

Ditch mandatory training, starting riiiight…now!Want to boost security awareness? Talk about something else entirelyGet serious about funThe top mic-drop insights from our Cybersecurity Awareness Month engagement webinar We know people whose organizations make a big deal of CAM are much more...