With the Equifax breach, state-sponsored attacks, Russian manipulation of social media, Wannacry, and more phishing scams that happened in 2017, what will this year bring as far as cyber-attacks are concerned? Data hacks will be on a colossal scale with smarter attackers on the prowl, and security teams and budgets won’t be able to keep up.
But there’s an upside. We expect good progress in a few areas. Here are a few of our cyber security predictions for 2018.
Increase in ransomware:
This is high in the list as we would see more targeted attempts. We will see a lot of digital extortion campaigns and use ransomware to “invade” non-GDPR compliant companies. Therefore, extortion based disruption will increase this year disabling networks, denial of service, and email crashes.
State-sponsored attacks will Increase:
State-sponsored attackers will keep pushing the boundaries of their attacks. Cyber-attacks driven by nation-states on infrastructure like power and communications grids will lead to widespread outages and put personal information at risk that could impact millions of innocent consumers. That might spur cybersecurity alliances between countries to fight these attacks with agreements to not attack each other either.
Rise in breaches:
Data breach is an integral part of cyber-attacks. With cloud computing being used by almost everyone these days this year will see massive data breaches. Politically motivated and espionage cyber-attacks against sensitive infrastructure and industry will be on the rise. Even human life will not be safe as the healthcare sector will also come under targeted cyber-attacks.
IoT devices will become more vulnerable:
Internet of Things or IoT, have no chance against hackers. In fact, it’s getting easier for them to take over millions of IoT devices. The good news is device manufacturers are making progress on securing their devices. But that won’t recover the scores of devices already deployed and in use, rendering them difficult or impossible to patch.
What we need is data protection regulation such as the EU General Data Protection Regulation or GDPR, which, incidentally, is coming into existence on May 25, 2018. This might see a rise of Data Protection Officers, which may witness heavy staff shortage impact GDPR adoption. Come May, it is predicted only 10 per cent of companies will be GDPR compliant. That translates into many companies closing down due to having to meet considerable fines. That means hackers will run digital extortion campaigns with ransomware to threaten non-GDPR compliant companies seeking to capitalise on a potential fear of large fines.
Adoption of biometric technology will increase. With facial recognition authentication on mobile devices on the rise, we will see more adoption of this technology in enterprise. And as consumer trends will drive change there will be continued growth in biometric services and a lot of them will use biometrics on their mobile devices. Today, at least 28 per cent of consumers are using two factor authentication on at least one device. But that also means we will see biometric-access-based exploits using facial recognition or fingerprint access.
More artificial intelligence and machine learning:
Artificial Intelligence (AI) and Machine Learning are on the rise too. Spending on both will increase as companies find that there will be a large amounts of smart device data being generated, which has to be garnered. Security industry will include more automation, machine learning and artificial intelligence to combat cyber-attacks because of a lack of human staff. In the coming years, business success will largely depend on integration of AI and machine learning capabilities. While AI and machine learning will offer breakthrough possibilities to enterprise, they will also bring with them uncertainty in terms of impact on jobs. But these technologies were not really thought to have a lot of advantages. We predict we will return to SIEMs and detection technologies by the end of 2018 as they will eliminate or drastically reduce experienced and skilled cybersecurity staff.
Rise in automation of threat-detection tasks:
Sifting through alert data is repetitive, tedious work, making perfect sense to automate using software. Security teams are already deploying machine-learning-based tools to help filter alerts. It is predicted this trend will increase in 2018, in proportion to the volume of threat indicators. Studies suggest that properly deployed automation tools are more efficient at identifying alerts, which need to be looked at rather than human security staff filtering data manually.
Trust is out of the window:
When it comes to cyber security you can’t trust anyone. This lack of trust is starting to have a real effect on businesses, and is expected to continue into 2018. Uber is a case in point, as the company hid a large breach for a year. Now companies want to make sure their security integrity of their suppliers and partners is at par. They want to ensure their customers’ and employees’ data stays safe and they’re not at risk by the organisations they’re doing business with. Even the U.S. government is doing the same. It has banned the use of Kaspersky software in government agencies because it believes Russian influence will compromise the software, which might be a risk to them. Similar actions by other countries are expected in 2018. Even China has done the same. It recently passed a cybersecurity law that requires access to vendor source code. Companies that protect data with proper security infrastructure in place will win business. Earned trust will become an asset when consumers and organisations will do business with you because they feel secure.
Not to forget mobiles:
These days everyone carries a mobile device, especially, a smartphone on their person. It is predicted that we will see major malware infection in the Android App Store including worming mobile phone ransom ware, possibly spread by SMS/MMS.
Cyber skills shortage will rise and the only enterprises that will survive are the ones that will have their own cyber talent. Organisations will have to overcome the cyber talent gap by training teams and individuals internally to create more talent. With the push towards more cyber skills education at an earlier age, we hope there’ll be enough to counter any and every data breach.
Chris Albert, IT & Security Specialist, Charter Spectrum
Image source: Shutterstock/Sergey Nivens