The YEar Ahead
Cybersecurity in 2018:
39 Predictions for Business
Industry experts give thei r predictions for cybersecurity trends, technology and attack types in the year ahead
IoT Device Security to Become Key Focus for 2018
As the number of IoT devices continues to grow at a rapid pace and they become more engrained in everyday life – particularly with the rise of the smart home – businesses, consumers and regulators will need to work together to establish and enforce baseline security standards that have a meaningful impact on new IoT products.
With stories of hacked IoT devices continuing to surface, both consumer and business confidence in the new technology frontier will quickly disappear if a set of trusted security standards is not put in place. Given the potential scale of a well-coordinated IoT attack and the resulting threat to businesses as well as the country’s critical infrastructure, legislation and safety standards for internet connected objects will be vital.
At one level or another, 2018 will be the year we begin addressing the latent risk of unsecure IoT devices.
Geoff Webb, vice president,
strategy, Micro Focus
Smartphones to Become Major Focus of Cyberattacks
In 2018, the mobile platform will be hit hard. The recent news of the WiFi WPA vulnerability and the potential for attacks is greatest on the fractured versioning system of the Android device space. Along with this attack, the rise in social engineering with mobile application repackaging and app distribution is on the verge of explosion.
Combine these monster holes with where the mobile app industry is headed, and businesses should be aware and take extra precautions next year to secure their mobile offerings.
Will LaSala, director, security solutions,
security evangelist, VASCO Data Security
Email to Remain the Tool of Choice for Cyberattacks
Email will continue to be the tool of choice for attackers and, as the primary infection vector, an important attack surface to secure.
As browsers become more secure, plugins decline and Internet Explorer loses market share to Chrome – and now perhaps Firefox Quantum – cyber criminals are moving away from the web channel as a means to infiltrate businesses. So the carefully crafted phishing email will continue to be the biggest threat to consider in any 2018 cybersecurity strategies.
Having said that, businesses should not take their eyes off the web channel – it remains the second most important attack surface for the majority of organisations.
Richard Walters, chief security strategist, CensorNet
Growing Threats Require New Cybersecurity Tools
Cyberspace has emerged as a new battlefield where bits, bytes, and botnets are the weapons of choice. This is creating the Internet of Botnets, which are global networks of compromised devices that hackers can deploy or rent out to criminal organisations. This is particularly unsettling given the fact that there is currently a botnet out there (dubbed the IoT Reaper) that is powerful enough to take down the entire Internet.
Firewalls and other traditional security measures do not cut it anymore. As the battlefield moves into cyberspace, new tools will be needed to address the changing nature of conflict. AI, quantum computing, and quantum cryptography are particularly promising countermeasures against cyberattacks.
AI (in the form of machine learning) is being used to monitor networks and any associated devices for anomalies and report deviations in real time. Quantum computing can sift through 150,000+ daily threats in an organisation’s network to identify which events are the riskiest. And quantum cryptography can ensure secure communications. These emerging technologies are redefining cybersecurity as we know it. Moving forward, they will be our best line of defense against sophisticated cyberattacks.
Mark Barrenechea, CEO of OpenText
Web Crawling to Be Critical to Incident Response
As recent attacks have shown, actors will continue to leverage compromised infrastructure as an infection vector to target individuals and organisations of interest.
With this avenue of attack increasing, it will become even more important for security operations and incident response groups to be able to investigate correlations between compromised and actor-owned infrastructure, making web crawling capabilities critical to incident response.
senior product manager,
Proactive Cybersecurity in Light of GDPR
Getting more proactive will be important in light of the General Data Protection Regulation (GDPR), which finally comes into effect on 25th May. Although the GDPR specifies few prescriptive requirements when it comes to securing customer and employee data, businesses need to implement appropriate technical and organisational security measures. Regulators will certainly take a dim view of firms which fail to follow industry best practices.
It’s more than likely we’ll see some smaller UK firms fined in 2018 for failing to report data breaches — a key requirement of the GDPR. Complaints that this isn’t something they’re normally used to doing will eventually wear a little thin for the privacy watchdog the Information Commissioner’s Office (ICO). High-profile GDPR fines will be issued in select cases, which will send a message to the business community that lax attitudes to personal data will no longer be tolerated. With the maximum penalties possible now reaching 4% of global annual turnover or £17m, it’s time to start paying attention.
2018 might be the year in which we also see an AI-based cyberattack. Machine learning and AI have now become established technologies and the software tools to implement them are widely – and in many cases freely – available. As these technologies develop, it is invariably the case that criminal and nefarious uses of it follow on from an initial set of beneficial ones.
Whether this occurs, and by what means, remain to be seen. It could spread faster and be more wide reaching than anything seen before or it could be a stealthy, targeted data-stealing attack which remains undetected for months or even years to come.
Whatever happens over the coming 12 months, it’s going to be a bumpy ride. The bottom line? Businesses need to get proactive about security if they are to mitigate the risk of a cyberattack and avoid punishment from the ICO.
Mark Chimley, founder, DPHub
Cyber Insurance Policies Will Not Demonstrate Any Actual Reduction in Business Costs
The high levels of business damage due to cyberattacks has greatly increased the interest of Boards of Directors in managing this risk.
This has driven an increase in procurement of cyber insurance policies, as capping liability via insurance is well known to Directors. However, for a variety of reasons cyber insurance does not bound liability in any way, and the payback very often doesn’t even cover the costs of the premiums and the deductibles if an incident does occur.
John Pescatore, director emerging security trends, SANS Institute
Insider Breaches a 2018 Priority
Businesses are relying more on data which means more people within the business have access to it. The result is a corresponding increase in data breaches by insiders, either through intentional (stealing) or unintentional (negligent) behaviour of employees and partners.
While the most sensational headlines typically involve infiltrating an ironclad security system or an enormous and well-funded team of insurgents, the truth of how hackers are able to penetrate your system is more boring: it’s your employees.
A new IT security report paints a bleak picture of the actual gravity of the situation. Researchers found that IT workers in the government sector overwhelmingly think that employees are actually the biggest threat to cybersecurity. In fact, 100% of respondents said so.
Fortunately, security-focused companies have begun identifying these traditionally difficult to detect breaches using data monitoring, analytics, and expertise. The difference being that in 2018, more companies will invest in technology to identify this behaviour, where previously they were blind.
Terry Ray, CTO, Imperva
Cybersecurity to Embrace Blockchain
Aside from GDPR, one of the most significant cybersecurity industry developments of 2018 will be around the development and broader application of blockchain. Put simply, Blockchain technology offers a system for the decentralized agreement and then sealing of a transaction within a trusted group, making it especially useful in environments of security and trust e.g contracts.
As we continue to see greater improvement in the resilience of the technology, we can expect to see blockchain being increasingly applied to more and more processes in 2018. Blockchain should be seen as a welcome new addition to the Cybersecurity solutions available to business.
Another trend that will develop in the coming 12 months is the convergence of DevOps and automated security controls, to make SecDevOps a fundamental element of digital transformation. The challenge with DevOps has been how to build and harness applications that can transform the business, without undermining security.
New technologies and design methods now allow the automation of security controls so that they can be used during the DevOps cycle rather than at the end, resulting in a vital shift toward more secure Apps development without sacrificing pace and flexibility.
Andy Powell, VP and head of cybersecurity, Capgemini
Growth in Spear Phishing’s Scale and Sophistication
Spear phishing will continue to grow as long as it continues to be successful for cybercriminals. Spear phishing, highly targeted attacks that leverage impersonation of an employee or a popular web service, have been on the rise, and according to the FBI, these attacks have proven to be extremely lucrative for cybercriminals.
These attacks will continue to grow in number as well as become more sophisticated in terms of how they research and target their victims. In 2018, there will be a large increase of multi-stage spear phishing attacks that involve multiple steps, research and reconnaissance on behalf of the attacker targeting a small number of targets for very large pay outs. Cybercriminals are now taking an ‘enterprise’ approach.
Similar to B2B enterprise sales, they go after a smaller number of targets, with the goal of extracting a much greater payload with highly personalized attacks. The latest iteration in social engineering involves multiple steps. The sophisticated cybercriminals don’t try to target company executives with a fake wire fraud out of the blue. Instead, they first infiltrate the organization, and then use reconnaissance and wait for the opportune time to trick their targets by launching an attack from a compromised mailbox.
Organisations will have to invest in cutting edge tools and tactics in order to thwart spear phishing attackers. AI for real-time spear phishing defense offers some of the best hope in stopping these cybercriminals in their tracks.
Asaf Cidon, vice president content security, Barracuda
Artificial Intelligence Moves Beyond its Buzz to Make a Real Difference in ICS Security
Up to now, most industrial organisations have perceived artificial intelligence (AI) as a buzzword, and have not been familiar with the role it can play in ICS cybersecurity. However, the word-of-mouth around how AI empowered cybersecurity solutions are making a difference for faster threat detection and troubleshooting is out.
Organisations grappling with ICS cybersecurity staffing and skills shortages are turning to AI solutions to achieve security and productivity goals. We see this happening both at the level of large multinational customers with mature cybersecurity programs and processes, and at the level of smaller organisations who realize they have no other choice.
For example, a recent US-CERT advisory on Dragonfly 2, (Alert TA17-293A), recommended checking 17 different logs and repositories for indications of the malware. That could take a lot of scarce staff time, versus using an automated threat detection solution that can do the same check very rapidly.
In 2018, industrial organisations will adopt AI powered ICS cybersecurity solutions to radically automate threat detection and mitigation. The outcome will be better reliability and security and more effective use of staff resources.
Edgard Capdevielle, CEO, Nozomi Networks
DDoS Impacting the Cryptocurrency Exchange
DDoS attacks against cryptocurrency have been a fairly common occurrence as of late, crippling the exchanges. With the growing popularity of digital currencies, the number of those attacks is likely to increase in the future.
DDoS attacks against any digital currency could be utilised to manipulate the exchange market or the targeted currency. They can prevent traders from logging into accounts and making transactions, causing the value to drop. Attackers can then pause the attack efforts to buy as much as they can while the price is low – impacting the overall value of the currency.
Sean Newman, director, Corero Network Security
Firewalls and Virus Protection to Officially Become Obsolete
In a world of cloud computing, the notion of a firewall is all but irrelevant. And with the proliferation of zero-day virus signatures, virus protection is completely ineffective.
Today, all an attacker needs are the stolen credentials of your user. To protect your organisation, traditional ‘defense in depth’ – firewalls, encryption, application barriers and the like – will no longer cut it.
In 2018, we’ll see more and more organisations turn to an ‘identity in depth”’approach to security, whereby they’ll augment traditional forms of cybersecurity with modern, intelligent and adaptive identity-centric solutions.
Jackson Shaw, VP of product management,
Growth in Attacks on Connected Vehicles, Healthcare Providers and Financial Services
Connected vehicles are likely to face new threats as a result of growing supply chain complexity leading to a scenario where no one player has visibility of, let alone control over, all of a vehicle’s source code. This could make it easier for attackers to break in and bypass detection.
In healthcare, attacks breaching private networks to target medical equipment and data with the aim of extortion, malicious disruption or worse, could rise as the volume of specialist medical equipment connected to computer networks grows.
In financial services, the increased security of online payments means that fraudsters will turn their attention to account takeover attacks. Industry estimates suggest fraud of this type will run into billions of dollars.
Industrial security systems are likely to be at increased risk of targeted ransomware attacks. Operational technology systems are more vulnerable than corporate IT networks, and are often exposed to the Internet.
David Emm, principal security researcher, Kaspersky Lab
The Security Market Will Incorporate Machine Learning to Address Identity-Related Breaches
Last year, companies integrated machine learning to ascertain the risk level of individual transactions and decide in real-time whether or not to allow them. While behaviour analytics aren’t new, until now few solutions had the ability to actually stop a transaction in real time.
This pivots identity security away from detect-and-respond alerts and towards more automated preventative controls. For example, risk-based authentication (RBA) improves user experience by using machine learning algorithms to assess risk, and can require a second factor of authentication only when risk is high.
The benefits are substantial, and we expect to see rapid integration of these technologies into cybersecurity solutions in 2018.
Andy Heather, vice president and general manager, EMEA, Centrify
Ransomware Will Remain One of the Most Popular Attack Methods
Ransomware has dominated many news cycles throughout 2017. And, unfortunately, we won't see this attack vector slow down anytime soon.
With lower execution costs, high returns and minimal risk of discovery (compared to other forms of malware), ransomware has quickly become a preferred method of attack for cybercriminals. And it's now easier than ever for virtually anyone – even individuals with minimal security knowledge – to extort money from companies and individuals through do-it-yourself ransomware toolkits or via the services of a Ransomware-as-a-Service (RaaS) provider.
While security controls continue to improve and definitely help companies defend against ransomware, the threat vector is becoming increasingly sophisticated and exacerbated by the growth of the Internet of Things (IoT). The proliferation of IoT devices has vastly expanded the network of potential targets for cybercriminals – making the ransomware of IoT the security world's new nightmare.
Javvad Malik, security advocate, AlienVault
Organisations Will Increasingly Adopt AI-Based Systems to Help With Cybersecurity
In 2018, we’ll see companies using AI-based tools to benchmark their networks to ensure that companies know exactly what systems should ‘normally’ look like, allowing abnormalities to be identified faster before cyber incidents become full-blown attacks.
Despite hackers constantly evolving their attack methods to target new vulnerability points and bypass existing defence systems, AI-based tools can use real-time analytical models to search for anomalies. While analysts still need to decide whether these anomalies require urgent action or not, AI can help make them more productive.
We can also expect to see AI being used more to evaluate and prioritise security alerts. This will automate the more routine procedures that analysts have to undertake, and may even reduce threat related ‘false positives’ alerts in networks. Many companies are relying on rule-sets provided by third-party providers to deal with false positives, and they often don’t have the ability to tune and change the rules. This means that they either suffer the false positives and ignore them, or turn off that rule if the false positives are too prevalent – neither of which is an effective strategy.
AI-based systems can help by filtering out the noise of false positives, making it easier for analysts to identify, and focus on, the real threats.
James Barrett, senior director EMEA of Endace
The Cybersecurity Skills Gap to Bite
The skills gap will make organisations more vulnerable than ever. The resources needed to deal with security incidents will continue to be difficult to acquire.
In 2018, we will see large security incidents occurring simply because the affected company does not have the resources to deal with incidents as they arise, regardless of whether security staff have the means to detect them or not.
director of threat research,
Encrypted-by-Default: Implications for All
The web is moving to encrypted-by-default. Seventy of the Top 100 non-Google websites, accounting for 25% of all website traffic worldwide, are using HTTPS by default. Major search engines, social media networks and shopping sites are investing in the technology to make the web a safer place for everyone.
Meanwhile, to protect personal data and intellectual property, organizations are trying to keep visibility of their web and app traffic by using SSL/TLS decryption and inspection technologies, simply to understand the data which is moving from machine to machine. Such technologies use man-in-the-middle (MITM) techniques in a legitimate manner.
It’s therefore no surprise that cybercriminals and nation state actors will adapt their tactics, techniques and procedures accordingly. Malware creators, or those controlling botnets, will continue to take advantage of any environments that are not using SSL/TLS decryption and inspection to hide communications using encrypted communication channels. We will also see other malware attempting to detect or thwart MiTM security techniques by using non-standard cryptography, certificate pinning and other techniques.
The only effective way to monitor the traffic for Network DLP and CASB analysis is to MiTM the streams, so we see this becoming more common. This will raise privacy challenges, and we also expect to see malware taking this MiTM into account when determining how to act by ceasing execution once it realises it is under analysis.
Audra Simons, head of Forcepoint Innovation Labs, Forcepoint
Many More Security Vendors Will Testify on Capitol Hill
With major cyberattacks like WannaCry and the breach at Equifax getting the attention of lawmakers, it is only a matter of time before we starting seeing more cybersecurity companies be called to testify before congress.
So far, victim organisations have taken the brunt of criticism from politicians and the press, but less attention is being paid to the companies promising to secure the sensitive data in the first place.
There will be a moment when security vendors are asked to explain why their products weren’t able to live up to the promises of their marketing departments, which will have a serious impact about how we talk about the capabilities of security solutions.
Malcolm Harkins, chief security and trust officer, Cylance
Move Over Netflix: Threat Analytic Services On-Demand Has Arrived
We are a world at war – and most people don’t even know it. It is not a traditional war with bombers, battleships and bazookas. Rather, it is being fought everyday by cyber soldiers, protecting governments and organisations from state-sponsored hackers and organised crime.
Unfortunately, most private enterprises and organisations do not have the resources to effectively combat coordinated cyberattacks – it isn’t their core business and information security resources are expensive and hard to come by. But the picture isn’t as bleak as it sounds.
2018 will see cybersecurity-related services dramatically increase, especially around threat analytics. In the past, only the largest companies could afford to invest in the procurement, management and maintenance of threat analytics services (TAS), but now they are becoming readily available to customers on demand for whatever purpose needed. Maybe it’s a point-in-time situation, like incident response or strategic advisory to evaluate existing infrastructure, determine regulatory compliance, or confirm the veracity of a particular security architecture.
Cyberattacks will continue to increase. But organisations are no longer defenceless in the fight. TAS are not just for the big boys any more – every size company can take advantage of on-demand specialised services to improve their overall cybersecurity.
Christopher Steffen, CISSP, CISA, technical director, Cyxtera
Artificial Intelligence is Weaponised
Elon Musk recently made headlines for suggesting we should be more worried about AI than North Korea, reinforcing fears that the human brain simply can’t outperform or keep pace with certain kinds of automation. No one yet knows exactly what AI can do for humankind nor what happens if AI falls into the wrong hands.
But there is evidence that 2018 could be the year that it happens in earnest as the black market for off-the-shelf attacks is starting to mature.
The only hope will be to fight AI with AI. Already most cybersecurity applications use some form of AI to detect attack patterns and other anomalies.
White and black hats are continually hunting for vulnerabilities and zero-day attack concepts. Both can use machine learning/deep learning to collect information and either fix the problem or, in the case of unethical hackers, create one.
Other hackers are more ambitious. For them, research is paramount. Consider that Vladimir Putin is on record stating that World War III will be fought over global AI dominance.
Will AI be used to jam communication links, plunge cities into darkness, set oil rigs on fire or destroy emergency services? Those may be worst-case scenarios, but they point to the need for every enterprise to consider how AI could both damage and protect it.
Carl Herberger, vice president of security solutions, Radware
Internet Embedded Technology Will Take Centre Stage in a Major Breach
With the ever-expanding influx of Internet Embedded Technology (IET) within businesses, such as printers, conferencing solutions, building security technology, heating, ventilation and air conditioning, automated lighting and other various consumer-based Internet of Things technologies, I would not be surprised if we see these technologies take centre stage in a major breach in 2018.
Currently no large breaches have been centred directly around IET. However, there are two ways these technologies could play a role in a breach. One way is indirect, where a business has been previously compromised and the IET is then compromised as a secondary phase and used to hide the malicious actor’s presence as an advanced persistent threat (APT) on the network. Unfortunately these technologies are not monitored and are often overlooked when it comes to a healthy security environment, making it very practical for them to be used as an APT.
The second way IET could be used for a breach is direct. With many IET solutions having some form of direct access, including IP exposure to the Internet, WiFi capabilities and radio frequency functions such as Zigbee, Zwave, Bluetooth, BLE and others, I see malicious actors using these communication services to compromise the IET devices to gain a foothold on the business network. They can then silently hide on the corporate network, be able to launch direct attacks against other critical systems and exfiltrate data off the network in a stealthy way, again taking advantage of the lack of monitoring of IET.
Deral Heiland, IoT research lead, Rapid7
Establishing a United Nations Hacker Group
2018 must be the year that the UN sets up a hacker group to test the cybersecurity of nations, businesses and Non-Governmental Organisations to ensure they are doing the things they are meant to do. At present, we are relying on talented hackers who are doing us all a favour by exposing poor cybersecurity practices in business and government.
Thankfully, many of the major 2017 hacks have resulted in relatively minimal damage to businesses and organisations. The majority of people orchestrating these attacks have been non-malicious and are either doing it for fun or to prove a point.
We must not rely on “ethical” hackers lurking in the shadows of the internet to warn businesses and governments. This must become official and regulated by organisations such as the UN in 2018.
Dik Vos, CEO, SQS
Zero-Tolerance on Data Recovery
Organisations will need to tighten up their disaster recovery strategies in the face of increasing cyberattacks, in particular the threat posed by ransomware. Cybersecurity Ventures has predicted that ransomware attacks on businesses will increase in frequency from every 40 seconds in 2017, to every 14 seconds by the end of 2019.
As organisations prepare to proactively combat cyberattacks, they’re finding that no single cyber security product today has a ransomware feature. To assist organisations, we predict that more information-sharing partnerships such as Ransomware Watch will start to form between data security and data protection providers, as well as potential formal partnerships or merger and acquisition activity in this space.
Because of increasing cyberattacks, organisations will also invest more in ensuring that they have an off-site backup of their critical data and place much heavier demands on managed service providers, with expectations of being able to recover their data more quickly and more completely.
Based on this trend, Arcserve anticipates that managed service providers will be driven to develop data recovery solutions that can enable near-zero recovery time objectives (RTOs) and recovery point objectives (RPOs), at costs that are affordable to enterprises and SMEs. MarketsandMarkets has forecast the disaster recovery as a service (DRaaS) market will reach $12.54bn by 2022, compared to $2.19bn in 2017: representing a compound annual growth rate (CAGR) of 41.8%.
We believe that 2018 will be the year of zero-tolerance when it comes to recovering data, largely driven by the 64% of data and applications that fall into mission and business-critical tiers. Organisations will continue to have high expectations around how long it takes to recover their data (RTOs), but to ensure operational, compliance and consistent customer experience, there will be a greater awareness that the relevance of their data recovered (RPOs) is as important as how quickly they can retrieve it.
Christophe Bertrand, VP product marketing, Arcserve
Vendor-Agnostic Data to Become Vital
The sad truth of the matter is that cybersecurity attacks are more likely than ever before. Attacks are increasing in both volume and complexity, and without a more advanced approach to analytics, organisations risk falling prey to more such attacks in future.
Modern malware tends to adapt and evolve itself. This makes the malware’s signature almost impossible to track manually. However, big data analytics, which can look at a much wider range of the data, can spot larger-scale patterns and trends in malware – helping security experts detect and combat them.
But if big data is the stitch in time that saves nine for many of the cybersecurity threats facing organisations today, then efficient data management is the thread without which the solution would be impossible. Without being able to pull together all of the different data streams from a range of different servers and systems into one consistent format, analysis on this sort of large scale would be impossible. This is where a vendor-agnostic, open-source approach to data integration is a crucial part of the digitisation process for security-conscious entities.
Laurent Bride, CTO, Talend
School Heating Demonstrates IoT Vulnerability
The vulnerability in British schools’ heating systems is the latest in a number of worrying stories where connected devices have been easily manipulated by hackers.
The accelerating standardisation of these technologies is creating new attack vectors for not only the education sector but others including healthcare. Previously, heating systems for schools weren’t as widely connected to the internet, meaning they would never have been considered as critical infrastructure.
However now, as many schools increasingly use the same technology because it’s more efficient, unfortunately the devices also have the same vulnerabilities. This makes it easier than ever before for an attacker to gain control of a large number of schools’ heating systems simultaneously.
As you can imagine, turning off Britain’s schools’ heating systems in the dead of winter would have significant impact on the UK economy. We need to act now if we are going to plug the huge IoT security vulnerabilities that exist across our infrastructure.
Wieland Alge, GM EMEA,
Generation Z Poses an Emerging Threat
In 2018, I believe that we will see the first real evidence of a new, widespread insider threat: Generation Z, the generation currently graduating from university and entering their employment years.
The GenZ Insider brings a new set of risks due to their knowledge and comfort with IT. Not least because they don’t know or acknowledge boundaries in the same way as older generations do.
They are used to 'sharing' and this will present major problems around data sharing, both unintentional and also motivated by social justice.
Added to this, GenZ are ‘always-on’ and this is unlikely to stay confined to personal lives. As employees, they will demand access to what they need, from wherever they want to work. Combined with the sharing psyche, this poses a big data security risk, even from shoulder surfing and shadow IT.
Because these employees are digital natives and surrounded by tech references in pop culture, they also have the curiosity and capability to successfully find and use resources on the Internet to learn to hack.
With easily-obtainable information, a GenZ Malicious Insider is armed with the capability to access other employee's accounts and passwords, as well as spy on their colleagues if they wished to. Depending on their motivations, this could be used against a co-worker, the employer or even for financial gain by selling IP to competitors.
Thomas Fischer, global security advocate, Digital Guardian
Increased Use of Built-In Tools, Service Accounts Become A Target
Given the trends established in the second and third quarters of this year, I expect attackers in company networks to continue to leverage built-in Windows management tools to achieve lateral movement within networks once a foothold is gained. One-off incursions on isolated systems will become increasingly rare, and incident responders will find themselves hunting down infected neighbours with greater frequency. IT departments should make an effort to gain more control over the use of powerful admin-level tools like PsExec and begin to profile and establish baselines for legitimate use to make it easier to identify potentially malicious behaviour.
Attackers will also tend to compromise service accounts – those accounts used by business processes with unusually high access privileges and weak credential management – when given half a chance. Those features make these accounts treasured prizes, but there are a few, basic steps organisations can follow to ensure they remain out of reach.
Rebekah Brown, threat intelligence lead, Rapid7
The Rise of the Digital Risk Officer
I think in 2018 we will see the rise of the Digital Risk Officer (DRO). In light of growing cyber threats and impending regulation such as GDPR, many more organisations will be appointing DROs to take overall responsibility for managing digital risk.
Fabian Libeau, VP EMEA, RiskIQ
A Lack of Social Media Security Policies Will Create Serious Risks for Enterprises
As observed during 2017, social media platforms are regularly being used for the spread of fake news or the manipulation of public opinion. But social media can also be used for sophisticated social engineering and reconnaissance activities which form the basis of many attacks on the enterprise. Criminals and hackers are known to use these platforms to distribute malware, push rogue antivirus scams and phishing campaigns to lure their victims.
Social media provides the medium for connecting people globally, in the rapid exchange of ideas, discussions and debates in our digital world. However, from an attacker’s perspective, social media have become an easy target because of the number of non-cyber security savvy users, and the fact that these platforms are easy and cost effective to use.
To protect themselves against social media attacks, organisations need to implement enterprise-wide social media security policies. This includes designing training programs for employees about social media usage, and creating incident response plans that coordinate the activities of the legal, HR, marketing and IT departments in the event of a security breach.
Markus Braendle, head, Airbus CyberSecurity
Data Increasingly in the Spotlight
With GDPR coming into force in May, we can expect data security to come under increasing public scrutiny in 2018. There will be more onus on brands being responsible with, and respectful of, customers’ data, and that’s only a good thing.
Those companies with access to proprietary data will have an advantage, however they will need to be scrupulous with the data entrusted to them. As people become more aware and comfortable with what data they share we’ll see a reduction in data asymmetry – the idea that businesses are getting more value from shared data than they are returning.
Companies will need to work fast, test and iterate their customer experience to bring as much value as possible. Not only will regulations enforce this, but individuals will become more reluctant to share vast amounts of data without feeling a fair and valuable return.
Mark Holt, CTO, Trainline
Corporate Cyber Insurance Will Fuel Ransomware Growth
While the increasing number of publicly disclosed breaches and successful ransomware incidents are driving growth in cyber insurance, there is a risk that this will encourage criminals to target companies with extortion insurance to demand increased payments.
If insurers pay ransoms to recover data, it is possible that this will encourage this criminal business model and increase the number of incidents insurers have to handle or the cost of ransoms. It is likely that insurance providers will start to implement guidelines that require companies to have strong security controls in place as a prerequisite.
Corey Nachreiner, CTO, WatchGuard Technologies
Politics to Play a Thorny Role in Cybersecurity
Security and politics will become an even thornier morass than they have been since 2016. Security is important, but fear, uncertainty and doubt (FUD) is bad. Lately, there is too much FUD in politics, and much of it happens in the name of security. Computer security still sells with FUD. We need to change that. FUD is corrosive.
Facebook and Twitter will have to take responsibility for the abuse of their platforms. The election of 2016 showed how vulnerable our democracy is. Technology providers can no longer pretend that the tools they made are “just tools” without any moral or ethical implications. As we learn more about information warfare, propaganda and modern social networks, we’ll need to make some adjustments.
Crypto will be painted as the enemy of security instead of as its saviour. Public figures who have no business even saying the word ‘crypto’ will attempt to thwart math and engineering with empty political words. We will need to defend strong crypto again in Crypto War III. Coming soon to a three-letter agency near you.
Gary McGraw, vice president of security technology, Synopsys
More Attacks on Corporate Websites
One type of attack that we will see gain more traction in 2018 is the website attack. With the growing use of online services (checking accounts, merchant accounts and Point-of-Sale (POS) systems, etc. now going through the web) the risk of attacks is large and has the potential to affect any institution using these services, as it opens access to institutions’ backend databases, document stores and applications all within easy reach.
This type of attack is very hard to find, but it is incredibly easy for attackers to undertake. Because an attacker can gain access to the website via high jacking a user’s request, and then by simply making a small change to the code to redirect payment information their way while not stopping the correct path of the request, it makes it easy for attackers to get access to critical data without alerting any red flags.
Critically, the website is no longer just a marketing tool. It has become a business tool, and as such, it now needs to be properly protected from attacks and placed inside a firewall, and preferably completely encrypted, so that attackers are unable to change, manipulate and delete code to their advantage.
Simon Bain, CEO, BOHH Labs
Greater Scrutiny of Third Party Providers
Experience has shown us that your network or data can be breached via a trusted partner, and this is a big security blindspot as IT teams simply don’t have the same level of insight into their partners’ or suppliers’ security processes. To this end, and as part of their risk assessment, organisations should ensure that they’ve done due diligence and have policies and contractual obligations covering security for third parties, including those that are much larger than their own organisation.
Despite the build-up, lots of companies will be unprepared for compliance when the GDPR kicks in this May. It will be more important than ever to ensure that employees are educated as per Article 37 & 43 on their role in the protection of data, as human error is a significant contributory factor in security incidents. Any measures which help to raise awareness of how employees can minimise this risk should be incorporated into cyber security planning.
Stephen Burke, CEO Cyber Risk Aware
Growing Threat of Secure Bank Messages
We have seen a stark increase in email attacks that impersonate secure messages from financial institutions. These fake “secure messages” carry malicious content and malware for download.
Impersonation is one of the most common tactics used in email attacks because it works very well. These impersonation threats leverage the relationship a victim has with his bank and the associated trust the victim may have in his bank’s online communication. A victim who engages in online communication with the bank is usually of high value to these criminals.
These impersonation threats carry malicious word documents that often appear harmless, but include an embedded script that can be updated by attackers at a later date. This script can be modified to deploy a variety of threats including ransomware or advanced persistent threats. These attacks are very difficult to spot by end users as the email domains used in this attack are designed to look like real emails that customers might receive from an actual bank.
The volume of these attacks is rapidly increasing, so plan to see more of these fake secure messages in the coming year.
Fleming Shi, SVP of technology, Barracuda
Growing Cooperation against Cyberattacks
For things to really improve, industries specifically and nations at a broader level need to work together and we need to see renewed, more collective efforts to combat cyber criminals and nation state threats.
The fight isn’t fair if we think in terms of the power of a nation state pitted against the security resources of just one organisation. Globally, we’re all so interdependent that any weak link in the cyber security chain can have a huge ripple effect. That’s why it’s in all our interests to combine resources and, to this end, the stronger have a duty to protect the weak. To that extent, alliances will be forged with the specific intent of guarding against threats in cyberspace posed by hostile nations.
It’s important that industry, consumers and government can work together in this respect. We’re seeing a growing movement in which vendors are coming together to share information and threat intelligence; we need to build on this in a more unified way.
Matt Lock, director of sales engineers, Varonis
It’s the Beginnings of a Cyber Bloc Party
As governments battle it out in cyberspace, the question of cyber balkanisation rears its head. In 2018, we will see an escalation of the drama around Kaspersky and the US government. The long-term implication of this could be game-changing.
As governments globally take America’s lead and start rejecting security software, and then sensitive apps and entire operating systems on the grounds of National Security, we will inevitably see cyber balkanisation levels not seen since the Cold War.
Smaller countries that don’t have their own security vendors, or can’t afford to build their own OS stacks will be forced to align with one major power or another, creating new blocs that will spell out the state of play sooner than we realise. How this will impact enterprise security is unknown, but we won’t be able to rule it out as an area for concern.