IT Pro's biggest tech news stories of 2018
From Meltdown to TSB's disastrous migration, we look at some of the most dramatic events of the year
It might not seem like it at times when your laptop is chugging along or your internet connection is glacially slow, but the technology industry moves at quite a pace.
IT Pro has reported on so many tech stories this year, so we've decided to round up some of our favourites, including the biggest stories and events from the year, ranging from IT outages to major data breaches.
Meltdown and Spectre emerge from hiding
It only took a couple of weeks of 2018 before the tech industry was racing to put out its first fire a serious flaw in Intel, AMD and ARM-based processors that had been lurking somewhat dormant in chip designs from the past 20 years.
While Meltdown affected Intel chips and two variants of the Spectre flaw affected chips from other major firms, the flaws exist in the speculative execution process, a means by which modern processors improve their performance by effectively predicting what data they will be asked to fetch and handle next.
With the use of some malicious code, the vulnerabilities can be exploited to pick up sensitive cached memory and kernel data that would normally be protected by processor operating system security services.
As far as we know, neither Meltdown or Spectre have been exploited out in the wild, but there has been a swathe of patches and mitigations released to prevent them from causing major harm. However, some patches designed for Windows 10 desktops and servers actually resulted in reduced processor performance.
While the CPU flaws might not pose a serious threat to the average PC user, the situation still shows how a flaw in processor architecture can have an enormous effect on millions upon millions of machines.
Facebook's year of woe
In what's perhaps a contender for Facebook's most turbulent year ever, 2018 saw the company come under intense scrutiny following a series of catastrophic blunders and failings.
The discovery that data analytics company Cambridge Analytica had managed to gain access to data belonging to tens of millions of Facebook profiles was a hammer blow to public confidence in the company. The scale of the scandal was bad enough, but what irked users and lawmakers alike was the apparent lack of oversight on the part of Facebook and an unwillingness to properly police applications on its platform.
While Facebook wasn't directly involved in the improper sharing of data information that was then used to power politically charged advertisements during the 2016 US Presidential Election the company's data protection and privacy policies, alongside how it tackles fake news and terrorism-related content, were pushed into the spotlight.
In the aftermath of a 500,000 fine by the UK's ICO, a congressional hearing, and an unprecedented formal apology from Zuckerberg, Facebook has emerged relatively unscathed. However, even though it remains the world's biggest, most influential social media platform, we did get a rare glimpse of a technology titan starting to lose its grip.
TSB's nightmarish migration
Digital transformation and system migration is all very well and good if handled correctly; if not it can result in severe IT outages and dramatic disruptions. This is what bank TSB discovered in April after the attempted migration of 1.3 billion customer records from one software platform to another resulted in one of the worst outages in recent memory.
Approximately 1.9 million of its customers were greeted with failed logins or disrupted services, and in some cases were even served up sensitive data belonging to other customers. The fiasco forced TSB to eventually take down its services for six days as it rushed to fix the issue, enraging customers and forcing the bank to turn to IBM to help it gets its systems in order.
If that wasn't bad enough, TSB then revealed its customers were being targeted by phishing attacks by criminals posing as TSB support staff. It's believed some 2,200 customers fell victim to fraud as a result.
The outage prompted an investigation by the Financial Conduct Authority, eventually leading to the resignation of CEO Paul Pester.
IBM noted that TSB's IT meltdown was due to a lack of testing, and the result of the outage cost the bank nearly 200 million.
GDPR finally comes into full effect
A deadline in every business calendar was 25 May, the day the General Data Protection Regulation (GDPR) finally came into effect across the European Union.
IT Pro has been reporting on the need for businesses to get their data handling policies in order to be ready for GDPR, as well as taking a look at some of the efforts major firms were undertaking to be GDPR-compliant ahead of its implementation.
While GDPR gives individuals more control of their data, for organisations, especially those with data-centric business models, it was a significant hurdle to overcome. Failure to have data protection policies in line with GDPR could see enterprises get hit with hefty fines from data regulators.
The maximum fine for GDPR violations has yet to be brought to bear, but in the UK the ICO has already levied fines at companies that have breached the regulations, notably AggregateIQ, the first firm the ICO has targeted. While AggregateIQ is currently challenging a fine of up to 17 million or 4% of its annual turnover whichever is higher the firm will face the fine is temporarily on hold.
Nevertheless, with a Portuguese data watchdog serving a hospital in the nation with a 400,000 fine for two GDPR violations, we can expect to see more of such fines being levied as companies continue to adjust to the new requirements.
One data breach after another
It seems like every year data breaches and leaks, or at least their reveals, get bigger and more severe. In 2018, we saw a UpnProxy vulnerability that exposed more than 45,000 routers to exploits linked to the EternalBlue malware created by the NSA, potentially exposing millions to hacker attacks, as well as a massive attack made against FIFA in March that saw hackers steal internal documents.
Then there was the breach of the Cathay Pacific airline that saw personal data, from credit card details and passport numbers to physical addresses stolen by cyber criminals. Not that it was the only airline to suffer such breach; British Airways had its website breached and data belonging to 380,000 customers stolen.
Others have been subject to such data protection problems, with the Marriott' Starwood Hotel brand suffering a data breach that potentially exposed the personal information of some 500 million customers. Dixons Carphone website also admitted to a data breach that occurred in 2017 which exposed up personal data belonging to ten million customers.
The number of these significant breaches is indicative of how important it is to have robust security and data handling policies within an organisation. But also highlights how it can be difficult to get ahead of motivated hackers and cyber criminals on a mission to steal data and sell or exploit it in nefarious ways.
IBM and Broadcom mega mergers
This year has seen two major corporate mergers with vast sums being spent to combine major enterprise tech firms together.
IBM entered into an agreement to buy Red Hat for a massive $34 billion in a move to acquire more open source technology and services to build out its hybrid cloud systems. The two companies previously had a long-term partnership, with IBM serving as an early supporter of Red Hat Enterprise Linux and well as Red Hat's work with the open source Kubernetes platform.
While Red Hat will fall under the control of IBM it will maintain the independence of its open source development and chief executive Jim Whitehurst will remain at the helm of the company.
Broadcom was also another firm making a hefty acquisition in 2018. Having failed to acquire chipmaker and rival Qualcomm, Broadcom surprised many by purchasing CA Technologies for $18.9 billion.
The movie was simply one to expand Broadcom's reach in the infrastructure technology world, which could see Broadcom's networking technology mix with CA's services in the mainframe software world, as well as in other areas such as cloud computing, database system management, and app development and testing.
Consumer choice and the payment experience
A software provider's guide to getting, growing, and keeping customersDownload now
Prevent fraud and phishing attacks with DMARC
How to use domain-based message authentication, reporting, and conformance for email securityDownload now
Business in the new economy landscape
How we coped with 2020 and looking ahead to a brighter 2021Download now
How to increase cyber resilience within your organisation
Cyber resilience for dummiesDownload now