The only real constant in cybersecurity is change. With that in mind, let’s take a look forward at how that will come into effect in 2018.
It’s been quite a year, hasn’t it? From the news that Russian hackers may have influenced the US federal election, and the overall financial damage on businesses in the US in 2017 amounting to $1.3 million, to global ransomware threats like WannaCry, the security community has never quite been so high-octane, nor has it ever faced such a diverse array of threats. That isn’t to say that security professionals have been sitting on their thumbs, mind you.
Far from it. 2017 also saw some huge advances in fields like artificial intelligence and cloud security. There were some intense conversation on the security risks behind the Internet of Things, the development of new security regulations like GDPR, and a renaissance for technology like Blockchain.
In short, it was a big year for both cybercriminals and security professionals. But 2018 is slated to be even bigger. Here are just a few ways things will evolve once we hit the new year.
1. IoT Attacks Will Increase Even Further – And Their Motivation Will Change
The Internet of Things picked up steam in earnest this year – but in many sectors, the concept of a connected world hasn’t quite caught on. That will change in the New Year, as the number of connected devices increases exponentially.
The ability to manage and analyze the data generated from those devices will be extremely valuable, leading to a massive upturn in big data analysis and exacerbating the ever-widening IT skills gap.
Here’s where things get a bit frightening. According to Forrester, the increased prevalence of IoT devices will also correspond with an increased volume of attacks targeting them. Not only that, their motivation will be completely different from those we see currently.
See, at this point, IoT devices are generally compromised so that they can be made part of botnets like Mirai. Come 2018, however, this will change. Hackers, aware that the Internet of Things will soon contain increasingly-sensitive and critical data, will begin attempting to either steal that data or hold it for ransom.
2. Ransomware Will Reach A Pandemic Point
2017 was a banner year for ransomware – but 2018 is likely to be even worse. Although some security professionals have predicted that global ransomware incidents have peaked, that doesn’t mean they’ve no room left to grow. Ransomware developers have gotten smarter with how they develop and deploy their tools.
And they’re able to offer those tools to just about anyone who can purchase them – regardless of their technical expertise.
According to research released by security analyst Carbon Black, ransomware will grow more targeted, more sophisticated, and easier to use in 2018. Rather than the ‘spray and pray’ methodology – which is currently the preferred way to distribute – we’ll start to see ransomware attacks targeted at specific industries, verticals, and file types. We’ll also see new ransomware techniques, such as data corruption and exfiltration.
3. The Digital Realm Will Truly Become The Next Theater of War
Recently, the European Union announce that it will now consider state-sponsored cyberattacks an act of war. This hardly comes as any great surprise, especially given the huge spike in cyberespionage we saw in 2017. And with more and more critical infrastructure being brought online, their potential to deal serious damage has never been higher.
We’ve already seen some evidence of this. The hacks against the U.S. power grid earlier this year, for example, showed just how vulnerable some of the country’s most valuable infrastructure is to an attack. The hackers in that case simply wanted to send a message – that if they’d wanted to devastate the power grid, they could have.
Expect to see more attacks of this nature – and more cyberespionage – as we move into 2018. It’s not solely isolated to Hollywood anymore.
4. Preventative Security Will Evolve Into Something New
Cybercriminals are getting smarter and more sophisticated. The resources they have at their disposal are now more extensive than ever before. Preventative security is no longer enough – nor is reactive security. Instead, businesses need to start shifting their focus to prediction, detection, response, and mitigation.
According to Gartner, modern security threats require an adaptive approach to risk management. 2018 marks the year that decision-makers will start to realize this en masse. Expect to see businesses taking a more active role in their cybersecurity outlook, continuously analyzing and adapting to risks and threats as they emerge and evolve. Expect also to see technology like blockchain and artificial intelligence entering the mainstream, being used hand-in-hand with this new approach.
5. GDPR Will Present New Challenges For Businesses
May 2018 marks the beginning of GDPR, the European Union’s tough new data privacy regulation. In addition to increasing end-user and customer rights across the board, it also goes hand-in-hand with a ton of tough penalties for businesses that fail to comply. We’re talking severe fines – up to twenty million euros, or 4% of annual global turnover, whichever is higher.
And GDPR is only the beginning. Not only does it apply to all European citizens – meaning overseas businesses are just as subject to it as domestic businesses – but other governments are following the European Union’s lead. Australia is already looking into its own version of the act, and they’ll not be the only nation, either.
It isn’t just a matter of protecting customer data. GDPR applies to employees, as well. And that will make catching bad actors – malicious and otherwise – more difficult than ever.
“It’s become easier for firms to monitor employees and their activities as a means to thwart malicious insiders, employees making mistakes, or an attacker with compromised employee credentials,” reads a piece on Tech Insider. “However, employees may find this to be an invasion of privacy…companies must inform employees in advance if their work email accounts are going to be monitored.”
Closing Thoughts
2017 was a big year in cybersecurity – and 2018 is slated to be even bigger. From the Internet of Things to ransomware to internal threats, businesses are going to have a lot on their plate in the coming months, yours included. Are you prepared for it?
Editor’s Note:
From time to time, SensorsTechForum features guest articles by cybersecurity and infosec leaders and enthusiasts such as this post. The opinions expressed in these guest posts, however, are entirely those of the contributing author, and may not reflect those of SensorsTechForum.