Learning Library

← Back to Library

Year in Review: Breaches, Ransomware, MFA, IoT

9mUnknown ChannelsecuritynewsbeginnerWatch on YouTube ↗

Key Points

  • Data breaches remain a huge financial threat, averaging over $4 million per incident, and are increasingly linked to ransomware attacks that cause extortion, data loss, and operational disruption.
  • Ransomware continues to be a primary driver of breaches across individuals, corporations, and even nation‑states, highlighting the urgent need for stronger preventive measures.
  • The adoption of multi‑factor authentication (MFA) has accelerated, offering a more secure and user‑friendly alternative to password‑only logins and representing one of the few positive trends in cybersecurity last year.
  • Looking ahead, the same cycle of data‑breach and ransomware incidents is expected to persist, underscoring that current defenses remain insufficient.
  • Attackers are likely to focus more on the expanding Internet of Things (IoT) ecosystem, exploiting the growing number of connected devices as new vulnerable entry points.

Sections

Full Transcript

# Year in Review: Breaches, Ransomware, MFA, IoT **Source:** [https://www.youtube.com/watch?v=uAHFNuDlcRw](https://www.youtube.com/watch?v=uAHFNuDlcRw) **Duration:** 00:09:42 ## Summary - Data breaches remain a huge financial threat, averaging over $4 million per incident, and are increasingly linked to ransomware attacks that cause extortion, data loss, and operational disruption. - Ransomware continues to be a primary driver of breaches across individuals, corporations, and even nation‑states, highlighting the urgent need for stronger preventive measures. - The adoption of multi‑factor authentication (MFA) has accelerated, offering a more secure and user‑friendly alternative to password‑only logins and representing one of the few positive trends in cybersecurity last year. - Looking ahead, the same cycle of data‑breach and ransomware incidents is expected to persist, underscoring that current defenses remain insufficient. - Attackers are likely to focus more on the expanding Internet of Things (IoT) ecosystem, exploiting the growing number of connected devices as new vulnerable entry points. ## Sections - [00:00:00](https://www.youtube.com/watch?v=uAHFNuDlcRw&t=0s) **Year in Review: Cyber Threats** - The speaker recaps the past year's cyber‑security landscape, highlighting persistent, costly data breaches—often driven by ransomware—and previews what to expect moving forward. ## Full Transcript
0:00this year has been a tough one for cyber 0:02security especially if you were one of 0:03the folks that got hacked and even if 0:06you weren't you might have been and you 0:07just don't know it yet 0:09that happens 0:10so let's take a look at what kinds of 0:12things have we seen overall Trends in 0:15the past year in cyber security so we'll 0:18take a look back 0:19and then we'll take a look forward into 0:22the future what can we look forward to 0:24in cyber security threats as well as 0:27hopefully good things that can occur I 0:29think there will be a mixture of good 0:30news and bad news with both 0:32so first of all looking back one of the 0:35things that continues to plague us is 0:37this notion of data breach 0:41that is the bad guys get into your 0:43system they dump your customer database 0:46they use it to mine for information that 0:49they can later use identity fraud 0:51scenarios with they steal the secret 0:54sauce the plans this sort of stuff and 0:56the business is compromised as a result 0:59the IBM ponderman survey that we run 1:03each year on the cost of a data breach 1:05shows that the cost of a data breach 1:08continues to be in excess of four 1:10million dollars per incident 1:12that has been the case for a number of 1:14years and it continues to be the case 1:16we've got to do a better job on this 1:18it's almost become so commonplace that 1:21we're numb to it and that can't be the 1:23case 1:24what's the cause of a lot of these data 1:25breaches well it turns out ransomware 1:30is at the core 1:32of many of them not all but many and 1:35ransomware is costing people individuals 1:38all the way up to the large 1:40organizations and even nation states as 1:42its effect is resulting in data loss 1:46it's resulting in extortion a lot of bad 1:49things happen here so those are a couple 1:52of bad trends that we see how about 1:54something good A little bit of good news 1:56for last year I'll say multi-factor 1:59authentication is one it's not a new 2:02idea but the idea that I can 2:05authenticate prove my identity to the 2:07system based upon something I know 2:09something I have and something I am 2:12those three things 2:14put all of those together or some 2:16combination maybe even get rid of the 2:18something I know the password it's a 2:21better user experience and it can lead 2:23to better security and what we've seen 2:25is more and more widespread adoption of 2:28multi-factor authentication that's going 2:31to be a good thing for us all and we've 2:33seen that start to take more hold in the 2:37past year now how about looking forward 2:39what kind of things have can we expect 2:41to see well I'm going to say it's going 2:44to be a little bit of Groundhog Day what 2:46we've seen in the past we're going to 2:48keep seeing in the future until we learn 2:50how to solve these problems data breach 2:53ransomware multi-factor authentication 2:56hopefully we'll continue to see more and 2:58more widespread use of that 3:00so the past continues to play into the 3:02future and influence the future 3:05but what are some other things that 3:06we'll see I think we're going to see a 3:09rise in attacks for Internet of Things 3:13internet of things or iot is basically 3:16the notion if you follow along with me 3:18turn everything into a computer 3:20your car becomes a computer that takes 3:22you places your refrigerator is a 3:25computer that keeps your food cold 3:27your DVR is a computer that shows you 3:29movies 3:30and in the iot trend everything becomes 3:33a computer and what we know from cyber 3:36security is that every computer can be 3:38hacked so if everything can be a 3:41computer and every computer can be 3:43hacked all of a sudden everything can be 3:45hacked your car your refrigerator your 3:48insulin pump your implantable 3:50defibrillator these are things that are 3:53going to be pretty scary when we start 3:54thinking about the whole world around us 3:56is potentially hackable that's an area 3:59that we have got to give more attention 4:01to 4:02another one that could come back to 4:05haunt us is the use of artificial 4:07intelligence by the bad guys 4:09on the positive side we've had the good 4:12guys using AI for some number of years 4:14we can use this to do a better job of 4:17security analysis of root cause analysis 4:20looking for what all of these indicators 4:23of compromise ultimately mean and 4:25figuring out what we need to do the good 4:27guys are using this to analyze and 4:29investigate the bad guys I think are 4:32going to start using it more and more to 4:34do things like develop attacks that are 4:38specific to an AI an artificial 4:41intelligence system would be able to 4:44maybe design new types of attacks to get 4:46into systems 4:48we could also as our businesses become 4:51more and more dependent upon artificial 4:53intelligence we are dependent upon the 4:55Corpus of knowledge that's in those 4:57systems so therefore if someone were 5:00able to poison the Corpus of knowledge 5:02then the AI would be giving advice and 5:05making decisions based on bad 5:07information so that's a different type 5:09of AI based attack all of these go into 5:11what we refer to as adversarial AI 5:15so there are a number of things that the 5:16bad guys could be doing where they're 5:18going to start using AI more which just 5:21means the good guys are going to have to 5:22start using our AI more still and 5:25another one that is very new and will 5:28continue to grow is the notion of a deep 5:30fake that is an audio or video file 5:33where we have a a person maybe a 5:37well-known person saying something that 5:40they never said and we tend to believe 5:42what we see and if it goes out on social 5:44media everyone will believe it before 5:46anyone has a chance to refute it imagine 5:48what happens if a video is leaked on 5:51Election Day showing a candidate saying 5:54something that they never said that was 5:56terrible 5:57it could be too late before we get the 6:00news cycle the next news cycle to 6:02correct the error 6:04it could also move the stock market if 6:06we had a CEO seeming to say certain 6:08information that would look bad about 6:11the company and cause the stock to crash 6:14even though they never said those words 6:16but we have an AI that can do that sort 6:18of simulation we're going to have to get 6:20smarter about how to detect a deep fake 6:23from an authentic video as an example 6:26other things that we'll see 6:28quantum computers 6:31are very useful in solving problems that 6:35traditional computers have not been able 6:36to do to do simulations and things of 6:39that sort that we just don't have the 6:41Computing capacity to process with a 6:44conventional computer 6:46so a Quantum system could solve those 6:48problems in record time 6:51also a Quantum system could potentially 6:54attack the cryptography that we have the 6:57asymmetric crypto algorithms that we 7:00rely on every day for all of our secure 7:03Communications could potentially be 7:05broken in what we thought would have 7:08taken decades or hundreds of years now 7:11with a well-tuned Quantum system in the 7:13future maybe being able to be broken in 7:16a matter of minutes 7:17so that means we're going to have to do 7:19some good work to make Quantum safe 7:21algorithms for cryptography and the good 7:24news is we've got these things in fact 7:27the National Institute of Standards uh 7:29recently this year came out with four 7:32algorithms that they published as being 7:34Quantum safe these are the algorithms 7:36that will protect against a quantum 7:38computer trying to crack our encrypted 7:41messages and databases and the like 7:44and four of those algorithms that were 7:47accepted of those four three of them in 7:50fact had IBM contributions to them so 7:52we're very proud of our work that we've 7:54done in this space and trying to protect 7:57people going forward into the future 8:00and then another Trend that has 8:02continued for a number of years and it 8:04shows no signs of letting up is a skills 8:07Gap in cyber security 8:09there's one website called cyberseek.org 8:11that says currently as I look at the 8:13website there are about 8:16770 million unfilled cyber security jobs 8:19in the U.S alone 8:21that's right now and there's only about 8:23a million or so people working in the 8:25field so it's almost one-to-one for 8:27every job now there uh is an opening and 8:31we can't make cyber Security Experts 8:33that quickly with current technology we 8:36can create a new human in about nine 8:38months but if we're going to turn them 8:40into a cyber security expert it's going 8:42to take a few more years 8:43there's not anything that looks like we 8:46can suddenly start minting new Cyber 8:48Security Experts to fill the Gap but we 8:51can do some things to help and we can do 8:54things by working smarter using AI that 8:58I mentioned here to guide our security 9:00efforts using good tools to automate the 9:04responses that we have for security to 9:07do better analysis and become Force 9:10multipliers for the people that we do 9:11have also we need to do a lot more 9:13training for the people that are out 9:15there not only our end users so that 9:17they don't put us in such a bad place to 9:19begin with but also Security 9:21Professionals and create more Security 9:23Professionals so it's going to be a 9:26multi-pronged approach but these are the 9:28things that I think we're going to be 9:29able to see both on the positive and the 9:32negative as we start looking forward to 9:35the future of cyber security 9:39foreign