IN THE NEWS: 32 Cybersecurity Experts Predict Threats and Trends for 2018

IN THE NEWS: 32 Cybersecurity Experts Predict Threats and Trends for 2018

Original article by Bojana Dobran.

According to expert estimates, we are up for another record-breaking year for data breaches.

Is your company prepared?

Cybersecurity continues to be a hot topic in both media and business. The reasons are evident – the last two years saw consistent growth in cyber breaches with 2017 hitting a new record high. Namely, the recent 2017 Annual Data Breach Year-End Review by Identity Theft Resource Center revealed a 44.7 percent growth in the number of cyber incidents compared to 2016.

Developing at this pace, cybercrime threatens to become even more devastating for businesses in years to follow. For companies across the globe, this strengthens the imperative to implement advanced data security strategies. To do so efficiently, they need to understand what are the most significant threats to your data.

Below are some expert predictions regarding business data security to help you prepare for a new year of cybercrime. Coming from industry experts, these insights will help you protect your data and secure your business long term. Read them through and reconsider your current practices. Is your cybersecurity strategy missing anything? 

We are thankful to everyone who participated, and we appreciate the opportunity to collaborate with such great minds. We hope you will find the tips listed below helpful and inspiring to prepare your business for another year of cyber incidents.


1. Mass growth of digital technologies 

Mass adoption of digital technology contributed to a wider dissemination of data. Environments which hold Personally Identifiable Information (PII) are constantly under external attack. If information is stored online, one can assume it will be compromised.

Businesses will require strong data governance strategy, framework and controls together with the increased corporate use of social media tools and technology to mitigate this risk.

In addition to this, the rise of cloud-based technology platforms such as Amazon and Salesforce with an increased need for continuous delivery will bring new threats of unauthorized access by developers and third parties to production environments. These threats need to be balanced with the increasing demand for continuous delivery in a disruptive technology environment.

The focus of cybersecurity moves to controlling what matters vs. controlling everything and working out ways to achieve the desired outcomes vs. locking everything down.

Increase in volume and sophistication of ransomware attacks and cyber terrorism is crippling the global economy. Ransomware could severely impact organizations globally where the threat is not mitigated. Businesses need to take this threat seriously if they are to avoid falling victim to ransomware attacks similar to the May 2017 cyber attack by the WannaCry ransomware cryptoworm.

Felicity Cooper, Executive Manager responsible for Enterprise, Technology and Risk at Suncorp Group


2. Insider cybersecurity threats and inadequate security strategies

Threat #1: Assuming that you will be able to stop all breaches.

Too much emphasis and investment are focused on protecting the endpoints and connected devices on the network with the goal of preventing all breaches. It is time to acknowledge that even the most experienced security team cannot possibly keep all cybercriminals out – and insider threats will always be a challenge. Instead, there must be a shift toward active defence. This mindset will give the victims of hackers a pathway towards preventing more damage. The question should not be: “How can I make sure our systems are never penetrated?” Instead, the questions to ask are:

“When a hacker penetrates the network, what will he be able to access? How can we make sure the hacker can’t open, share, print or download any sensitive files?”

Threat #2: Entrusting encryption as your saviour.

In 2018, we will see lots of investments in encryption and other data security technologies. Buyer beware. Encryption products, although crucial in many contexts and notoriously hard to use, will fail to stop the problem of data loss. Keys will be lost or stolen, at times by the companies who generate them. Users will be confounded by managing their own keys, which is hard to do when also trying to manage one’s passwords.

Threat #3: Bad actors within your company.

Employees present some of the most significant risks to organizations by clicking malicious URLs or bypassing security controls, however unintentional. But the frustration festers into a paternalistic, us-vs-them attitude between security operations teams and the rest of the organization.

Try googling “there’s no patch for stupidity,” or “people are the weakest link in the cybersecurity chain.” They have become the rallying cries for not knowing how to deal with what the sec pros dub “the human element” as though it were a zoonotic disease. Users will continue to be a weak link in the chain in 2018, but the problem is that experts are pretty bad at figuring out why.

Dr. Salvatore Stolfo, Chief Technology Officer, Allure Security


3. The use of machine learning for hacking attempts

Stolen customer data almost inevitably leads to increases in the overall volume of chargebacks, so we work closely with partners to help clients mitigate that risk. One of the biggest overall threats I am seeing is that hackers and fraudsters are more and more using our own technology against us.

Take machine learning, for example. With the ability to process mass amounts of data and adjust algorithms on the fly, we can detect suspicious behaviour faster, and with increasingly higher accuracy.

However, criminals are doing the same thing. They use machine learning to calculate defences, feed false information to detection programs, and the like.

I also believe internal threats, disgruntled employees, for example, will continue to grow. Externally, I do not doubt that instances of ransomware will increase, probably dramatically: fraudsters have shown that such attacks WORK—and are profitable—so there is no reason to believe they will decrease.

Monica Eaton-Cardone, Co-founder and COO, Chargebacks911


4. Organized hacking efforts

Gregory Morawietz suggests that in 2018, one of the most significant threats will be organized efforts. More attacks from state-backed hackers will take place. Large-scale social attacks, trying to influence political or modern events.

When it comes to his advice on how businesses should prepare, Morawietz suggests:

Buy a firewall, have a security policy, keep strong passwords and treat your employees fairly and with respect.

Gregory Morawietz, IT Security Specialist, Single Point of Contact


5. Ransomware and zero-day attacks.

Ransomware should be close to the top of everyone’s list. Disgruntled employees or former employees will still launch attacks. We will see more zero-day attacks as the market for vulnerabilities heats up.

What should businesses do to prepare?

Busy business leaders need to take these six catchy words to heart:

  • Care and share to be prepared.
  • Care enough about cyber-security to invest in it, and share what you learn with other good guys.
  • Level the playing field because the bad guys already know about your security operations.

Greg Scott, Senior Technical Account Manager, Infrasupport Corporation


6. Lack of cybersecurity talent.

One of the top threats in 2018 will be a lack of cyber-security professionals. We are still in a position where almost half of the vacancies go unfilled, and a lack of staff means a lack of solutions to simple problems. Applying basic levels of protection in smaller businesses, or training and awareness in larger companies are all things that require human resources and can make a big difference to the every-day threats.

Karla Jobling, MD, Beecher Madden


7. Inadequate cyber hygiene.

In 2017, we saw the widespread impact of the Petya and WannaCry attacks, both of which were a direct result of businesses failing to do the basics of cyber hygiene.

The fact is cyber hygiene was the problem ten years ago. Cyber hygiene was the problem (in flashing lights with horns blaring) this year. I am completely confident it will be a problem again in 2018. This is because enterprises find it incredibly difficult to demonstrate active control over their cyber hygiene and thus efficiently remediate cybersecurity risks. This is because the larger the organization, the more challenging it is to maintain these ‘basics,’ such as identifying their assets, updating software, patching it, running standard controls and educating the users.

Given that 80% of all threats could be stopped by addressing the issue of cyber hygiene, it needs to continue to be a key focus for security teams around the globe.

Nik Whitfield, Computer Scientist, Jones Consulting (UK) Ltd


8. IoT, Undetected Hacks, and the Cloud

Internet of Things

Using “smart” devices for a malicious activity like mining for bitcoins or DDOS will become more commonplace. These threats are coming from everywhere, but can be avoided!

Corporate Espionage

Undetected hacks that leave things operating as usual, but are actually siphoning off critical data. Again, these threats come from everywhere, including insiders within or closely associated with an organization. This type of risk can be mitigated by going back to the basics and getting a third-party evaluation.

You Don’t Know What You Don’t Know

Having a blind trust in cloud companies and assuming that the protections they implement are for you/your company’s best interests. Only YOU are responsible for YOUR security.

Chadd Kappenman, CISO, SMS AZ


9. Advanced hacking technologies

Cybercriminals are incredibly sophisticated and developing ways to “listen in” now, not just to grab credit card numbers shown in text files. Software already exists that can “tap” a voice call and understand it has heard a credit card number, expiration date, or a unique code. It can transpose that data, store it, and sell it within seconds. With active listening in the gaming space, for example, a cybercriminal could target young people who are completely unaware of the threat. What they are saying can be turned into valuable information, not just to steal identities or money, but to find future human trafficking victims. These technologies will become even more advanced in 2018.

Patrick Joggerst, Executive Vice President of Business Development, Ribbon Communications


10. Improperly secured cloud data

In 2018, we expect to see “more of the same.” Ransomware is very lucrative for cyber-criminals. It’s perhaps the easiest cybercrime to monetize because the criminals are taking payments directly from the victims. We advise companies to double down on basic security measures. These include a layered defence such as firewall with URL and malicious site blocking, filtered DNS, segmented networks, and security clients (anti-virus and anti-malware). But most of all, employee awareness and training is always the best ROI.

Secondly, expect more data breaches. 2017 was perhaps a record year for publicized data breaches – both in number and in scope. We advise companies to revisit all their stores of information and ensure they have got the proper controls and encryption – encryption at rest, encryption in transit, etc. This is another area where an employee error can overcome the best technology defences. So employee awareness and training are also critical.

Lastly, there were quite a few instances of improperly secured cloud data in 2017. A lot of “MongoDB” databases with default admin credentials and cloud storage buckets were left wide open. This will continue into 2018. Companies need to check and audit their access controls and settings on cloud services. The cloud doesn’t make security issues go away. In some respects, it increases the “attack surface.”

Timothy Platt, VP of IT Business Services, Virtual Operations, LLC


11. Weak passwords continue to be a Cybersecurity Trend

This year, companies and consumers were plagued with massive cyber attacks and security breaches – from WannaCry to Equifax, companies in 2018 will have to do a lot to win back trust and ensure a safer experience for the customers they serve.

We have all read the tips on how to secure yourself online, but one misguided argument encourages individuals to create stronger passwords. What if the solution is to rid the world of passwords altogether?

Ori Eisen, former Worldwide Fraud Director of American Express and CEO of Trusona


12. Cyber-Skills Gap: We Are ALL the Problem

Cybersecurity training is everyone’s responsibility. While online training isn’t the golden arrow for the massive, industry-wide skills gap, it does intertwine security in the culture of the organization and raise awareness and culpability at all levels. As an employee, don’t let anyone tell you there’s no budget for continued training. Make your case on how it is beneficial for you and the organization. Here are five diligence practices that organizations can put in place before the ball drops:

  • If your business depends on the internet in anyway, get a third-party DDoS service for business continuity.
  • Classify your digital assets immediately, and just as quickly fortify the highest risk areas first.
  • Find the hidden threats, get them out, and don’t let them back in. A defensive security approach will only get you so far.
  • Programmatic vulnerability scanning can identify a substantial number of holes in their defenses, and when found, the organization must make plans to continuously and expeditiously patch their systems. Rule of thumb: There are no excuses.
  • AI-based malware prevention should be the de facto standard on all endpoints, not traditional signature-based antivirus. 

Attacks will happen

Nation-state attackers continue to challenge the stability and safety of our critical infrastructure. Criminals are opportunistic and gladly enter unlocked doors, especially since companies continue to disregard their fiduciary responsibility to invest and protect themselves from cyber attacks. Because of this, we will see an increased number of attacks, they will be successful, and they will be public. Additionally, massive Denial of Service (DoS) attacks will increase and cripple businesses and the internet itself. 2018 will be a doozy.

Kathie Miley, Chief Operating Officer, Cybrary


13. Ransomware becoming more sophisticated

With data breaches and leaks on the radar of every industry, leaders are looking to cybersecurity experts for guidance more than ever.

The top IT Security Threats we expect to see in 2018 include an increasing number of more sophisticated ransomware attacks that are difficult, if not impossible to detect. In response, leading IT professionals will place more emphasis not only on endpoint security but also on corporate data-protection.

For many government-based organizations, tech startups, and research labs, breaches can mean exposed vital and sensitive data. Although the cloud is a looming entity in the enterprise, it is estimated that half of the data lives on endpoint devices. In 2018, we will see an increase in large-enterprise attacks costing hundreds and millions of dollars in revenue. Additionally, hackers will press for increased ransom due to easier information access.

To top off the evolution of ransomware, we’ll continue to see Petya-grade attacks threaten businesses and evolve into tools for hackers to leverage in 2018. With this in mind, we need to question the ability for an organization or business to protect itself. The only way companies can solve this is by adopting and streamlining evolving technology.

Ian Pratt, President and co-founder, Bromium


14. New technologies will create new loopholes.

With the rise of Bitcoin, Ethereum, and other cryptocurrencies, many businesses and corporations started exploring blockchain technology. It is estimated that more than 50% of corporations currently expecting to integrate with this technology sometime in 2018.

However, with new technologies comes a valuable opportunity for cybercriminals. We have already started witnessing that as news are coming out every other week of cyber criminals hacking into cryptocurrency exchange companies and hacking corporations using this technology. This is expected to continue heavily in 2018, with more criminals and hackers finding similar opportunities.

Businesses and corporations that choose to adopt such an early-stage technology are also under the threat of attracting similar attacks by hackers. To prepare for such threats, businesses who plan on using blockchain technologies should focus heavily on building the right security infrastructure to protect themselves from hackers who are taking advantage of the vulnerability of the blockchain technology at this stage.

David Kosmayer, CEO and Founder, Bookmark Your Life Inc.


15. Smartphone risks

Enterprise

For several years now, cybersecurity has been a top priority for businesses of all sizes and industries. And yet, nearly every month another massive data breach takes place, leaving businesses and their customers highly vulnerable.

Even the most established organizations with ample resources are not safe (take Verizon’s or Chipotle’s recent breaches, for instance), and worse, cybercrime levels are only continuing to rise. The first attack (which is inevitable) of 2018 will set the tone for the year.

Consumer devices

In 2018, any individual who owns a smartphone or laptop needs a way to protect themselves against the ramifications of identity fraud should their personal information become compromised. Savvy consumers that are paying attention might agree that relying solely on business to protect one’s personal information is naive, and no longer enough. Given the realities of our increasingly complex, digital world, it behoves consumers to work to protect their privacy on their own.

Establishing company-wide security policies

All it takes is an employee to click an insecure link, and your server is no longer secure. Implement a policy to keep employees informed of the latest scams and educate them on how to be vigilant and avoid downloading information from emails they do not recognize. Highlight the fact that their participation will boost efforts to keep an eye out for fraud and attacks.

Consumers can get the right cyber insurance

The loss of sales caused by cybercrime has been reported to cost SMEs nearly $21,000. That could put a business under. Cyber insurance can lessen the financial blow of a cyber attack and give your business the support it needs to get back on track. Some business insurance policies may include limited coverage against cyber attacks compared to a standalone cyber insurance policy. It is imperative to speak with a licensed insurance agent with cyber insurance experience to understand the proper type of coverage your specific business needs.

Keith Moore, CEO, Coverhound


16. Black market demand for personal information continues to surge.

Seeing as we’re in the midst of two giant data breaches with Equifax and Uber, I expect us to see much of the same in 2018. A person’s identity, such as their SSN or credit card information, is extremely valuable. As long as people on the black market keep purchasing people’s info and identities, hackers will continue to attack large data stores and take people’s information. Luckily, the implementation of blockchain technology could mitigate much of this issue, but widespread adoption is still ways away. Also, hackers always seem to find ways around the newest data security, anyway.

Evan Tarver, Fit Small Business


17. Email phishing

Researchers in the second half of 2017 have been finding more and more flaws in the way email clients deal with fraudulent emails. There have been further weaknesses discovered in email protocols themselves.

Moreover, automated tools that make it nearly impossible to detect fraudulent emails have recently been published. Phishing is already one of the most difficult attack vectors to defend, and this will only become more difficult. Businesses should focus on training their staff to prepare for more fake emails and spot fakes using clues in the email.

Pieter Van Iperen, Founder, Code Defenders


18. Continued evolution of malware

Since 2017 was hallmarked by a record number of hacks to major data records, like Equifax and Verizon, David believes the focus should be put on storing and protecting precious data in a place that can’t be tampered with or altered – an immutable bucket.

According to David, the biggest mistake that IT people make is worrying about making their data hack-proof rather than keeping the focus on storing it someplace safe. Nothing is completely hack-proof, but lost data can certainly kill a business. If you have data that is stored in an immutable bucket, it cannot be altered or deleted. If someone gets a virus that is attempting to take over your data and encrypt it, this will not be possible. It will just produce an error message saying that the data cannot be altered. If all of those people had put their data into an immutable bucket, it would still be there in perfect condition because there’s no way the person or a piece of software could alter the content. If you have sensitive business data, it is worth putting into an immutable bucket and making it immune to ransomware and other threats.

David Friend, Co-founder and CEO, Wasabi


19. Increased reliance on convenience services

On the edge of another year, the wrath of cybersecurity threats continues. Given the breaches in 2017 such as Equifax, Sonic, FAFSA, and Verizon, we are going to continue feeling the repercussions of identity theft and ransomware. The nation needs to prepare for the when and how this personal information is going to be used against us. And, individuals need to be careful about what they are doing online. The busier our lives get, the more we are relying on convenience services such as Uber, DocuSign, and America’s JobLink, but unfortunately, these come at the cost of potential identity theft.

What should businesses do to prepare?

Businesses need to stop looking for cybersecurity professionals in the wrong places and using outdated ways of hiring employees. We find that many companies lack the understanding of potential cyber threats and also are unfamiliar with the state of the cybersecurity landscape. Therefore, they don’t know better than to rely on a resume than to ask a potential employee to show proof of their skills being validated. This is the main reason the National Cyber League started providing NCL Scouting Reports. Not only does this report reflect personal cybersecurity skills growth, but cybersecurity students are getting jobs as it shows employers their skills are tested and validated.

Dan Manson, National Cyber League Commissioner, Professor in Computer Information Systems (CIS) at California State Polytechnic University, Pomona (Cal Poly Pomona).


20. Attacks on emerging blockchain solutions

Based on the past two years, 2018 may very well see a ‘next phase’ of attacker activity that should have CISOs on high alert:

  • Acceleration of data breaches targeting individual information similar to those we have seen throughout 2017 – such as Equifax, the 198 million US voter registration breach, the IRS taxpayer information and the ongoing medical information breaches.
  • New attacks upon individuals or entire systems as a result of the information mined from these breached records, or the use of it for identity theft or spoofing to access higher-profile assets or objectives
  • Increased attacks and attempts upon Bitcoin and emerging blockchain solutions because of the high financial motivation, as well as the assertion that these systems offer stronger security and thus resulting confidence placed on these systems by the organizations that employ them
  • Social engineering has become the top-ranked attack vector, along with identity theft as one of the top crimes in the US. The information obtained from these breaches across 2017 will provide attackers substantial insight into how best compromise the employees of organizations in their personal lives, or gain access to government or business assets through them, including those with privileged access.

Organisations should stay vigilant and double-down on employee education and awareness, increase controls on identity and access, and improve audit trails and their frequency. Most importantly, they need to employ tools that implement advanced anomaly detection methods to determine when information and systems are being accessed inappropriately.

Monika Goldberg, Executive Director, ShieldX Networks


21. Network endpoints becoming increasingly difficult to secure

Data security failures and cyber attacks such as the Equifax, Yahoo and OPM breaches demonstrate the extent and diversity of security challenges IT professionals are facing around the world. The increased usage of laptops, smartphones and IoT devices all represent network endpoints that are increasingly difficult to secure, as most employees are always connected via multiple devices. In 2018, with the growing complexities of endpoint security, emphasis will be placed on tracking and managing how users access corporate data across each of their devices. When analyzing the flow of data for threats and vulnerabilities, powerful search and analytic tools can then deliver necessary, actionable intelligence.

Rob Juncker, Senior Vice President, Product Development at Code42


22. Sophisticated cyber attacks within your infrastructure

No organization is always 100% secure. Detecting and stopping sophisticated cyber attacks that have bypassed traditional perimeter security systems and are now active within your infrastructure should be on your top 3 list of 2018 security priorities.

Security teams will need to factor in a slew of unforeseen threats next year, including those from bad actors scanning the Dark Web in search for the newest attack tools.

Increasingly, security and IT teams are collaborating to address these stealthy attacks before they do real damage. This includes the use of IT infrastructure and security solutions that work together. Leveraging new technologies such as AI-based machine learning, analytics and UEBA can be extremely useful to improve attack discovery and decrease attack dwell times, as well as to send alerts which activate automated or manual enforcement actions that suspend potential attacks until they can be thoroughly investigated.

Larry Lunetta, Vice President of Marketing for Security Solutions, Aruba, a Hewlett Packard Enterprise company


23. Cybersecurity threat: Advanced email phishing attacks like Mailsploit

While it is all but universally accepted that email phishing will remain the primary attack vector in 2018, recently discovered vulnerabilities such as Mailsploit, an exploit designed to spoof an email senders name to bypass DMARC, present substantial challenges for organizations phishing mitigation and email security.

To reduce the risk of Mailsploit and other spear-phishing, spoofing and impersonation vulnerabilities, organizations should consider implementing the following steps:

  • Augmenting the representation of senders inside the email client by learning true sender indicators and score sender reputation through visual cues and metadata associated with every email
  • Integrating automatic smart real-time email scanning into multi anti-virus, and sandbox solutions so forensics can be performed on any suspicious emails either detected or reported
  • Allowing quick reporting via an augmented email experience, thus helping the user make better decisions

Eyal Benishti, Founder & CEO, IRONSCALES


24. Outdated equipment

2017 was a year of technical innovation, and that includes innovative cyber crime as well. We’ve seen ransomware evolve in unexpected ways, becoming a malicious enterprise operation. With vulnerabilities like KRACK infiltrating the standards we once thought secure, it’s more important than ever for businesses to make sure their equipment is up to date. Regular updates and security patches are essential!

What should businesses do to prepare?

Employee training is equally important, especially when it comes to phishing scams. As with the advances in malware, cybercriminals are getting smarter about sneaking past the safeguards that keep them at bay. The recent scams attempting to replicate PayPal and Netflix, programs we frequently use in our personal lives, remind us to be aware of any email that hits you or your employees’ inboxes. Employee training and education serve as a critical barrier against these kinds of attacks, protecting from new threats in the coming months. It only takes a single failure due to lack of proper training to take down an entire network.

Amy O. Anderson, Principal, Anderson Technologies


25. The development of AI and automation

The development of artificial intelligence and automation is the most imminent and dangerous threat that we’ll see in 2018. Artificial intelligence has already been weaponized, automating the process of malware dissemination and data retrieval. Machine learning has already been used to combat AI cyber attacks, but companies both large and small will be hit hard if they don’t adapt.

Harrison Brady, Communications Specialist, Frontier Communications


26. Privileged account misuse

Csaba Krasznay, a security evangelist, believes that in 2018, privileged account misuse will continue to be the biggest threat to the security industry. He suggests that organisations should start to mitigate the threats using the following strategies:

An increased focus on user behaviour analytics over IT assets.

Historically, IT security has mainly been focused on securing IT components, such as data, related processes, IT services, servers, networks, etc. However, if the user is the weakest link in the IT security chain, organizations should place more emphasis on identity and access management.

The implementation of a higher degree of automation through machine learning.

AI-based analysis of behavioural biometric data will be the next major trend in cybersecurity and data protection. Sophisticated machine learning algorithms can build up a profile of a user’s typical behavior, identify unusual patterns of activity and highlight potential threats in real-time before they have a chance to materialize. By automatically detecting suspicious data, the whole security process becomes more efficient, obviating the need for a painstaking manual review of log data.

Csaba Krasznay, Security Evangelist, Balabit


27. Crypto-jacking

The crypto-jacking activity has been exploding, and we will certainly see more threats in 2018, particularly as the value of cryptocurrencies escalates. Secondly, the cybercriminal underground will continue to evolve and grow further in 2018. Apart from that, there is a very strong chance that in 2018, the state-sponsored attacks will increase immensely.

With cyber attacks on the upsurge, every industry has become a target. However, by becoming proactive towards cyber-security and employing innovative security strategies and tools, along with spreading awareness about the epidemic, organizations can indeed enhance their security against countless threats and avoid expensive data breaches. Many big organizations are improving their IT systems, but we need to do more. We have more devices, more data, more threats, more sophisticated attacks and more attackers. We must group together as an industry to push in the opposite direction: towards blazing-fast solutions at a majestic scale. That is our only hope. And over the next decade, organisations that assure results without speed or scale will perish, as they should.

Kashif Yaqoob, Brand Strategist, Ivacy  


28. Cultural inertia grows as a cybersecurity threat

One of the biggest threats to security will be cultural inertia. Not moving forward because you are not sure of how to get started or due to having the stance that “security is important, but not a priority” will most likely mean that your company will be the next headline news.

2017 marked yet another year of massive breaches. Yahoo and Equifax topped the charts, but there were, unfortunately, plenty of other incidents that punctuate the fact that security is not yet a top priority for many companies. If security priorities are not first, they are last. Security initiatives need to be embedded into overall programs and objectives, not an afterthought or a periodic exercise.

Unfortunately, I fear that there will continue to be substantial security breaches and issues in 2018, especially as more IoT devices flood the market. This will result in more regulatory discussions, which I hope actually help increase resiliency.

Mike Kail, CTO and co-founder, CYBRIC


29. Advanced persistent threats gaining more AI capability

One of the biggest things we will see in 2018 are improvements to technology and services that already exist. For example, social engineering will continue to get better, ransomware will continue to evolve, attacks on exploits will continue to grow faster and patch scenarios are going to quickly be exploited.

Secondly, we might be seeing more of Artificial Intelligence (AI) Malware in 2018, which has the ability to think in different ways and is self-aware. Watch out for Advance persistent threats as we might see that go into more of an AI capability in the new year. We will also see that issues with IoT will grow and continue to be a problem.

What should businesses do to prepare?

Start doing something. Don’t wait until last minute to take action. Begin following NIST guidelines as a resource for technological advancement and security and implement those guidelines to mitigate control. If you do not understand them, then work with a security expert or partner with someone who does to ensure that you are compliant and have the proper tools in place. You do not need the latest technology, malware or sandbox to prepare for these threats. Instead, figure out where your gaps are in your security posture and learn how you can better monitor, manage, and fill in those gaps.

Matt Corney, Chief Technology Officer, Nuspire Networks


30. Misconfiguration of permissions on Cloud resources

The most impactful threat to companies in 2018 will be the misconfiguration of permissions on Cloud resources. As both small companies and large swaths of the Fortune 500 move to the Cloud, security practitioners will need to relearn how to restrict access and permissions to data. This is a model closer to Active Directory. While it’s powerful, it has a steep learning curve until IT staff can confidently monitor and restrict access.

2018 has been dubbed the year of Kubernetes and Containers in production. Expect attackers to start paying attention to Docker and Kubernetes for post exploitation fun. As was presented a few weeks ago at KubeCon by Brad Geesaman, you need to harden your instance of Kubernetes on most public clouds and also monitor it.

We expect attackers to start looking for privileged containers on Docker hub, and to start to abuse the Kubernetes and Docker APIs. Expect this will be an issue after containers with Web Applications get exploited while the rest of the Kubernetes world upgrades to the newer and safer versions of Kubernetes.

Expect this year to be the year that someone backdoors a favourite container images on a container registry.

The last prediction for 2018 is not a shocker, but expect that a lot of IoT devices will continue to be the launching point for DDoS attacks and that 2018 will be the year that these attacks do more sustained attacks against infrastructure like github and dyn.

Pete Markowsky, Co-founder and Principal Engineer, Capsule8


31. State-sponsored attacks and massive IoT device hacks

According to George Tatar, Founder & CEO, Akruto, Inc., these are the top 3 cybersecurity threats of 2018:

State-sponsored cyber attacks

The more steps we take towards computerising our lives, the more room there is for cyber attacks from foreign governments, targeting everything from the economy to national defence. Recently reported Russian interference into the election process perfectly demonstrates how even democracy itself can be affected.

Massive hacks of IoT devices

Internet of things (IoT) is a rapidly growing trend. The number of IoT devices is set to outrank human population by 2020. And most of them are easily hackable! Taking into account how easy it is to hack most of these devices and how devastating IoT-powered DDoS attacks can be, we would see even more significant attacks and breaches in 2018.

Cryptojacking

With Bitcoin and other crypto-currencies becoming a substitute for traditional money and rapidly rising cryptocurrency prices, many malicious actors turned their attention to hacking popular websites to hijack people’s devices to mine cryptocurrency.

Businesses can prepare with revising their data security policies and investing more in cybersecurity protection. 2018 is the right time to start using AI-powered cybersecurity solutions. Although nothing can guarantee 100% protection, using such technologies can dramatically lower the chance of data breach no matter which industry you are in or how big your company is.

George Tatar, Founder and CEO, Akruto, Inc.

 

32. The lack of urgency and concern around data breaches

The lack of urgency and concern around data breaches continues to increase, with major incidents only dominating news cycles for a few days or a week at most. Consumers have become completely numb to security issues and having your credit card information stolen is expected, rather than surprising.

Looking ahead to 2018, the public will either continue to tune out the latest data breach or something hugely significant will happen to wake people up to the issue and have them take security seriously. In addition to the general public becoming more aware in the wake of a major event, companies will begin to make consumer education a bigger part of their business model.

Neill Feather, President, Sitelock


Original article published by phoenixNAP on February 26, 2018.

Bruce Chaplin

Facility Management Consulting | FM Services | Asset Management | FM Strategy | Workplace Services | FM Software

6 年

I am impressed with the cybersecurity research and knowledge gone into this piece. Great read.

回复
JON MICHAIL

???? ?????????????? ???????? ?????????????????? | Personal & Business Brand Authority Coach | Advisor | Mentor I Author | Forbes Council Thought Leader

6 年

Thanks for the article, Felicity!

回复

要查看或添加评论,请登录

Felicity Cooper的更多文章

  • Emotional Intelligence for Leaders

    Emotional Intelligence for Leaders

    Many, many years ago I was gifted a book that covered numerous aspects of emotional intelligence and human behaviour…

    1 条评论
  • IN THE NEWS

    IN THE NEWS

    Check out my article in Arianne Huffington's Thrive Global. I'm chuffed! Felicity Cooper: “I’d like to start a movement…

    2 条评论
  • Risk & Reputation in the Financial World

    Risk & Reputation in the Financial World

    Ask any business owner what is the hardest thing to recover and they will without a doubt tell you that it's your…

    2 条评论
  • Risk Culture & Governance – A transformational leadership model for banks.

    Risk Culture & Governance – A transformational leadership model for banks.

    Risk management in banking has been transformed over the past decade, largely in response to regulations that have…

    2 条评论

社区洞察

其他会员也浏览了