The Good News and Bad News Of Cybersecurity In 2018

Photo of author

( — April 5, 2018) — There are two prevailing but almost entirely disparate views of the state of cybersecurity in the year 2018. Those that go by the headlines are led to believe the internet is on the brink of collapsing into a fiery inferno of breached data and malware infections, while those that don’t go by the headlines might think everything is a-okay and they should definitely wire money to that old acquaintance’s daughter who emailed to say she lost her passport hiking in Iceland.

The current situation lies somewhere closer to fiery inferno than a-okay, truthfully, but there’s reason for optimism amongst all the pessimism.

First, the good news

According to cybersecurity firm Imperva’s 2018 Cyberthreat Defense Report, the sharp and steady increase we’ve seen in the number of cyberattacks affecting organizations has officially come to a halt. In fact, 2018 has registered a year over year decrease in the number of organizations affected by at least one successful attack, with 2017’s 79.2% falling to 77.2% this year. Considering that the number of organizations smashed by at least one attack shot up 17% between 2014 and 2017, finally eking out a decrease is significant.

While some of the credit for this turning of the tide assuredly goes to the exhaustive work being done in security operations centers all over the world, there’s another development that has likely led to cyberattacks finding less success, and it’s cloud-based security solutions, often with a managed service model.

According to the Imperva report, 71.5% of responding organizations have invested in either hybrid on-premise and cloud-based or fully cloud-based DDoS protection, and 70.3% have invested in hybrid or cloud-based privileged account/access management solutions. These most popular hybrid and cloud-based security solutions are closely followed by web application firewalls and security information and event management.

The progress made by security teams and cloud-based managed services can’t be discounted, but overall, over 77% of organizations are still suffering at least one successful attack and cybersecurity professionals have reason to be worried. Which, of course, they are.

Causes for concern

The Imperva Cyberthreat Defense Report shows that amongst the many cyberthreats abounding on the internet, malware and spear phishing rank as two of the top concerns for security professionals, and for good reason.

Malware is the root of many evils, doing everything from acting as ransomware downloaders, depositing banking trojans, creating backdoors into systems and devices, cryptojacking, and infecting devices to allow for remote control. And considering that a lot of malware is spread through things like links in spam emails erroneously clicked by employees or through the infection of the ever-growing list of smart devices in an organization that often lack adequate security, malware can feel like a game of whack-a-mole that can’t be won.