Lists have infiltrated journalism recently. There is nothing inherently wrong with summing up some specific phenomenon with a list of its attributes, or comparisons, or occurrences. We consumers of printed work product clearly welcome list journalism, to give it a phrase. This is the old chicken-egg conundrum. Do media outlets produce lists because that’s what the reader wants? Or have readers glommed onto the device because they’re too complacent to pass on the piece for more traditionally styled news writing? It’s fuzzy. It’s also frankly unimportant to debate.
I’ll always have a soft spot for top ten lists since being a big David Letterman fan from childhood. Dave did those regularly. Paul Shaffer was in on the act as he peppered the list with musical cues. He gave us the Top Ten Household Hints From Elvis, the Top Ten Things That Sound Creepy When Said by John Malkovich, all of which sprung from the O.G., the Top Ten Words That Almost Rhyme With Peas. His last Top Ten found its way into Late Night’s finale back in May 2015.
The fact is that lists are here to stay for the near term. I’ll be frank again and admit that I get hooked by them like you. It’s become such a thing, especially in digital media, that TV and movies have been building a parody trope, related. In “Difficult People,” a fine comedy available on Netflix and created by Julie Klausner, Julie and the other lead, Billy Eichner, are cynical yet talented comics in New York where hustling for stage time and online ink space constantly challenges them. They land a seemingly stable gig that quickly turns sour for them. Their talents get wasted at Buzzlist, an online firm whose raison d'être is to create lists upon lists aiming for some of them to go viral. The theme is repeated in “Jexi,” a rom-com with hilarious Adam DeVine who plays a well-educated journalism graduate relegated to making top ten lists for an internet media company.
To different degrees we all get caught up in the zeitgeist. I’ll embrace this listing craze knowing that while it may not represent the most professional and sophisticated manner in which to share an opinion or two, it’s nonetheless effective. More to the point, you’re used to the device and if you’re like me you enjoy a list from time to time. Because we’re all anxious to give a send-off salute to 2020, let’s take a look at the Top Seven Cybersecurity Events of what quickly became the Number One weirdest, scariest, and challenging year in my memory.
Number Seven – Microsoft’s Quarter-billion Records Loss
This was a biggie, but only nabbed the last spot on a technicality. The breach actually began in 2019, but was discovered in January this year. “Misconfigured” security rules were to blame according to Microsoft. What sounds like a mere “whoopsie-daisy … we goofed a bit” resulted in 250 million email accounts, IP addresses, and inexact “case management” information being stolen.
Number Six – Cheesy Government Takeover
I like Oregon. I like cheese. No surprise then that I’m a fan of Tillamook cheddar, the most prominent of the Tillamook County Creamery Association co-op’s dairy line. The Tillamook County government suffered the grilling of the Black Hats in 2020 when its IT systems were breached. After two weeks of internally trying to separate the incident’s curds from whey, the only solution was to pay $300,000 in ransom.
Number Five – WHO-dunnit
Those who work with the World Health Organization have had some year, eh? The last thing it needed was the noise brought about by cybersecurity incidents. Alas, the last thing happened. Around 25,000 WHO email addresses and passwords were stolen during a clearly critical time for the organization. Hackers didn’t limit their nuisances to the WHO. They’re apt to take whatever is in the news and grasp onto its coattails for, if nothing else, gaining street cred in the community through exploits of highly visible targets.
Number Four – [Another] Experian Breach
The credit reporting company has been stung before, and yet cannot seem to shake the bad guys. In August, it again reported about a breach, this time mostly contained within South Africa where 800,000 businesses’ and another 24 million individuals’ records were compromised. One hacker simply pretended to be an Experian client and easily convinced them to give him access to those millions of records.
Number Three – Federal Government Contractor Hacked
Cognizant Technology Solutions, an IT services firm based in New Jersey and operating globally, was hit with ransomware in 2020 and paid the prices. Not only was its business severely disrupted in both its government services as well as the massive contracts with private firms (it’s a NASDAQ-100 company), but it paid the ransom on top of those organic losses. Hackers raked in between $50-70 million before giving back access to Cognizant’s own data.
Number Two – Russian (?) Hacking Into Government Systems
This one is quite recent, and a biggie for sure. And, we’re not done with it. Thus, the treatment of Number One, below. Russian state actors were found to have infiltrated some of the most sensitive federal systems, such as Treasury and Commerce Departments’ email and information caches. When even the limitless funding of the U.S. government can’t maintain security….
Number One – TBD
Out of an abundance of caution, and in fear of jinxing the entirety of security, I’m reserving this otherwise coveted spot for whatever may happen in the remaining days of 2020. Or, you may consider it a placeholder for the enormous plethora of cybersecurity events that we are completely unaware of. Either way, it’s a way to show humility in the face of this still complex and unknown part of modern life.
May your New Year be happy indeed, and never lose sight of the lessons taught by 2020. See you next year!
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at firstname.lastname@example.org.