Throughout 2017, cyber attacks were increasingly disruptive, causing major damage around the world. Large-scale data breaches against Equifax, Verizon, the NSA, and others demonstrated hackers’ increasingly sophisticated tactics.
In 2018 we can expect to see more advanced cyberattacks, and perhaps board members facing harsh scrutiny being held accountable for data breaches. The movement of data through the supply chain will also continue to cause problems as information is shared between data controllers and data processors. On the back of these very basic expectations, here are our top five cybersecurity predictions for 2018.
Crime-as-a-Service (CaaS) becomes more advanced
Criminal organizations will continue to develop on multiple fronts while turning to more sophisticated, complicated tactics. Hierarchies and partnerships reminiscent of large-scale private-sector organizations will continue to diversify cybercrime into new markets globally. There will be cybercrime syndicates stemming from traditional criminal structures, but others will focus solely on data breaches.
According to Security Info Watch’s 2018 Global Security Threat Outlook, cryptoware is becoming the malware of choice because of its high threat and impact level. The coming year will bring unprecedented cyberattacks that are more damaging than ever. A resounding call for additional, tightened information security controls will occur.
Ransomware will cause more big trouble for unsecured organizations
In 2017 there were three major ransomware attacks, which impacted hundreds of thousands of targets globally. The cyberattacks shut down airlines, banks, and utilities across Europe. Unfortunately, it looks like this is just a precursor to more severe cyber events.
According to Nick Savvides, chief technology officer at Symantec, the WannaCry ransomware attack, which impacted 200,000 computers around the globe last May, is merely a “warmup” to more pronounced virulent malware and distributed denial-of-service attacks. Marty P. Kamden, chief marketing officer of NordVPN, says that “Ransomware assaults seem to be getting increasingly dangerous.”
He warns that system administrators are not prepared to protect their networks from more sophisticated breaches and believes that attacks will only keep getting worse.
Internet of Things (IoT) will become a widespread target in offices and homes
While organizations integrate IoT devices with enthusiasm, they add unmanaged risk because of unsecured design. According to the Information Security Forum (ISF), a lack of transparency pervading the evolving IoT ecosystem (e.g. vague terms and conditions) will also enable organizations to use personal data in ways outside of what the company claims.
If devices are not secured properly, data can become vulnerable; organizations will be unable to discover what data is leaving their networks or being captured remotely. ISF states, “When breaches occur, or transparency violations are revealed, organizations will be held liable by regulators and customers for inadequate data protection.”
According to Kaspersky Lab, the number of malicious programs attacking the IoT has more than doubled in 2017. There are 6 billion smart devices around the world and many of them are vulnerable.
As IoT devices become wired into industrial control systems, a compromise can lead to a worst-case scenario of bodily harm or even death. Connected vehicles will be a big cause for concern. Larry Cashdollar, a senior engineer with Akamai’s Security Intelligence Response Team, advises that IoT developers should improve security efforts at the manufacturer level.
Artificial intelligence (AI) and machine learning (ML) will become cybercrime weapons
Nick Savvides predicts that cyber criminals will employ AI and ML to deploy more severe attacks in 2018. The technology will fall into the wrong hands and be used to orchestrate cyberattacks. For the first time, hackers will use AI to infiltrate, explore, and steal data from victims’ networks. Typically, exploration is the most labour-intensive task after an incursion.
New US and international regulations alter the cybersecurity landscape
The NYDFS cybersecurity regulation and the EU’s General Data Protection Regulation (GDPR) will add new compliance layers as organizations struggle to meet critical information asset management demands. Businesses will need to address a widespread lack of awareness among internal stakeholders and allocate more resources to ensure cybersecurity obligations are met. Over time, organizations will benefit from uniformity as part of compliance.
According to Matt Vernhout, director of privacy at 250ok, “I expect that soon after GDPR goes into effect, one of the member countries in the EU will quickly make an example of a company that failed to implement the proper procedures. There are few companies that can emerge unscathed after the fines and the blow to their reputation. Companies worldwide should be starting the process of being ‘GDPR-ready’ now.”
Ensure your organization is prepared to address cybersecurity in 2018
Compliance with the EU GDPR has to be in place by May 25, 2018, and will apply to any business that processes the data of European residents. IT Governance is offering the EU GDPR Practitioner Distance Learning Training Course.
Designed for those who have completed the Foundation course, this course will give you the skills you need to implement an effective compliance program and fulfill the data protection officer role under the GDPR.
Qualification: GDPR P from IBITGQ