2017 was the worst year for cyber attacks and IT glitches

Up to this point, 2017 was by far the worst year for global-scale cyber attacks. In May, there was a massive worldwide attack by WannaCry cryptoworm that has particularly badly affected British National Health Service. Only a month later, NotPetya ransomware has infected many organisations based in Ukraine with the sole purpose to cause mayhem, as the files encrypted by the malware were kept encrypted. In October, Equifax, a credit scoring agency, was hacked and personal details of many of its users were leaked online.

This was the year when nation states scaled up their involvement in cyber warfare. The CEO of British Cyber Security Centre, Ciaran Martin, has suggested that Russia has attempted attacks on British media, telecom and energy infrastructure. China is believed to be behind an attack on British Parliament, which forced some services to be briefly taken offline.

As well as cyber attacks, a few noteworthy large-scale IT glitches have happened in 2017. One of the best know of such malfunctions is a meltdown of British Airways (BA) IT infrastructure that has happened in May. It has resulted in all of the flights being cancelled worldwide. Refusal to invest into enough IT staff to manage the infrastructure and cutting corners instead of following recommended best practices were to blame for the infrastructure failure. Ironically, the amount of money that BA has saved on its staff expenses has been dwarfed by the amount it had to pay in compensation to individuals, regulators and other organisations.

2018 has barely started and we already hear about major security vulnerabilities affecting most of CPU makes. A vulnerability that was given a name of Meltdown affects Intel chips and, without going into too much technical details, it allows hackers to bypass hardware barriers and read the data from the memory that a particular application is not supposed to have access to. Spectre is another CPU vulnerability, but, unlike Meltdown, it affects ARM and AMD hardware as well as Intel. This particular vulnerability allows otherwise error-free applications to be forced to give out hidden information.

Although significant, Meltdown and Spectre can only ever be exploited by very sophisticated hackers. This is different from the cyber attacks and operational failures mentioned previously, most of which were largely caused by negligence and sacrificing best IT practices in order to save the costs. It is not clear if any users were actually affected by these CPU vulnerabilities. However, many users were certainly affected by the attempt to fix them. For example, many virtual machines in Microsoft Azure cloud became totally unresponsive after Meltdown patch was applied to the hardware that hosts them.