Top 10 Cybersecurity Predictions for 2018
Before you write this off as another doom and gloom report of the security lapses sure to occur in the new year, consider the following: it’s a given by now that each new year is guaranteed to bring the next most impactful hack. If nothing else, 2017 made cybersecurity a completely mainstream issue. While 2018 is more likely to prove out that premise again, there are a number of other security issues that should top your worry list in the new year. Better yet, focus on how you can work toward solving for these issues for you and your organization in 2018.
1. GDPR will pave the way for more laws and regulations.
By now, everyone knows that European Union General Data Protection Regulation (GDPR) implementation looms for 2018. It officially goes into effect May 25, 2018. The GDPR is more than just a cumbersome data protection regulation. In addition to marking the rise of the Data Protection Officer, in many ways it is ushering in the advent of the importance of data privacy and has real teeth in regards to the scope of the entities it covers, its territorial scope, and steep fines for violation – potentially reaching the billions of dollars. It is likely that very few companies will be compliant by the deadline and EU regulators will not hesitate in doling out a ten figure fine. Fines of this scale are a pejorative drop in the bucket for large companies but this will be enough to significantly spur smaller and mid-sized businesses to work towards a compliance framework.
In addition, although this regulation is driven by the EU, the sheer volume of organizations that do global business likely means that additional countries will scramble to follow suit. Be on the lookout for additional laws and regulations in 2018.
2. IoT attacks will continue to increase.
As businesses continue to rely on connected devices to increase efficiencies and individuals embrace the popularity of voice enabled devices like Alexa and Google Home to make life easier, the risks posed by the Internet of Things (IoT) rise with it. 2017 witnessed the breadth and scale of hijacked IoT in the Dyn and Mirai attacks. Despite these events, the devices associated with IoT will continue to contain significant vulnerabilities that expand the overall potential attack surface of our homes and companies, making it likely that 2018 will see an event on an even larger scale with little hope that device developers and manufacturers start really baking in security by design.
3. The end of net neutrality will provide new avenues for exploitation.
The debate over whether the FCC’s recent ruling to repeal its net neutrality rules is unlikely to go anywhere in 2018, but there’s also an interesting twist in how this might impact security. It all depends on how much transparency is imposed (or not imposed) on ISPs in reporting any blocking or throttling they do on network traffic. In addition to ISPs potentially collecting more data about its customers, they could inadvertently end up offering different internet “markets” based on the types of sites customers are willing to pay to access. All of this could offer more opportunities for hackers, who thrive in the privacy and shadows of less transparency. Others argue the repeal of the original net neutrality transparency requirements could actually lead to increased security since it would allow ISPs to block or throttle potential bad traffic like distributed denial of services (DDoS) attacks.
We’ll have to wait to see which of these scenarios is more likely in 2018, but most of it depends on how ISPs will react. They may not do anything all that different from what they do today. But if they do, in fact, end up implementing different rules for managing, filtering, and altering internet content (or say, charging more for more security features), then they’re more likely to collect data that could be vulnerable to hackers or inadvertently create opaque networks that breed criminal activity.
4. Artificial intelligence and automation will transform cyber jobs.
The massive amounts of data generated across entire company enterprises has led to a lot of discussion about the adoption of machine-learning algorithms and sophisticated A.I. systems. While the push for security automation does remove many aspects of human intervention, the fear that it will eliminate the need to fill security jobs is unfounded. What is not unfounded, is the fact that automation will change the kinds of skills security professionals will need to succeed in this new environment. Entry level technical jobs will become rarer as they become automated and employers will increasingly need higher level analysts to ferret out exceptions and unique situations. This means that 2018 and beyond will demand candidates with a more diverse knowledge base and qualifications in areas like critical thinking, communication, and risk management.
5. Cryptocurrencies will continue to gain steam and thus will put pressure on traditional financial structures.
Almost all financial activity currently utilizes cyber as a domain and virtual currencies have become a major economic force for those in underdeveloped nationals. But the explosion of cryptocurrencies, in particular, will further the potential opportunities for cyber criminals to exploit the anonymity afforded in virtual currency exchanges for things like money laundering.
In addition to increased criminal innovation in using virtual financing, cryptocurrency itself is likely to be a target in 2018. As the value of currency like Bitcoin, Litecoin, and Zcash grows and its decentralized system undermines the regulatory structure underpinning the traditional financial structure, cryptocurrencies become much more appealing targets for cyber criminals. These threats could lead to a positive prediction as well. There is some potential light at the end of the tunnel as some experts are advocating for new security protocols, policies, and financial system regulations in 2018 and beyond that utilize “Anti-Money Laundering” and “Know Your Customer” procedures.
6. Ransomware and phishing attacks will persist in compromising individuals as well as organizations.
Ransomware proved to be one of the most successful forms of digital extortion in 2017 and cyber criminals will continue to leverage a fraud based business model to trick even more organizations into siphoning money to them. Business email compromise typically involves scammers targeting employees with access to financial accounts and tricking them to make fraudulent wire transfers. These scams are attractive because they don’t require much technical sophistication, are relatively easy to execute, and can lead to big payoffs. All of these factors make business email compromise a trend to look out for in the new year. In fact, Trend Micro predicts that global losses in 2018 from business email compromise will exceed $9 billion.
7. Cyber propaganda will shape our view of the world.
With the renewed attention on fake news, it’s easy to forget that it’s one of the oldest tricks in the book. Propaganda has been around for centuries, arguably used to greatest success during the Nazi regime in the years leading up to and during World War II. But it’s alive and well in the modern era as well. The 2016 election proved just how impactful social media and sensational news story can be. In 2017 the term “fake news” itself was weaponized by government officials who disagreed with publications or sites that conflicted with their own messaging. Not only will 2018 see the continued and even more widespread use of the internet and social media to spread misinformation and influence public perception, but it will also continue to serve as a convenient battle cry to undercut trust in mainstream reporting and truth finding. Search engine optimization and social media spamming will continue to promulgate manipulated information, videos, and photos with little hope that tech giants like Google and Facebook will successfully navigate their stated crackdowns.
8. Cloud security will be challenged liked never before.
Cloud computing has revolutionized the way businesses collect, store, and process information since it came onto the scene a little over ten years ago. Since then, businesses and individuals have been lured by the potential cost efficiencies and ostensible security offered by migrating key applications and network architecture to the cloud. And while conventional wisdom holds that cloud providers invest significantly more resources and energy into securing their infrastructure than individual enterprises of and are thus responsible for the security of the data they store, the reality is that customers are the ones ultimately responsible for protecting their own data. As the utilization of the cloud grows it becomes a bigger target for hackers looking to steal sensitive information. Furthermore, as cloud providers and customers continue to integrate their systems through APIs and other interfaces they inadvertently expand the vulnerabilities and attack surface between organizations. 2018 may very well see a major breach to a cloud service that leads companies to start to question the overall security of migrating to the cloud.
9. Our pockets will house the latest malware and ransomware.
Mobile security has been a top priority of security professionals for a while now, and 2018 is no different. Given the ubiquity of smartphones and mobile devices in the workplace, the majority of which have direct access to corporate data, it’s no surprise that companies have reason to worry about their security. Third party apps may inadvertently allow for sensitive data leakage. Employees can be just as easily tricked by a social engineering text or email on their phone and most people still can’t resist the opportunity to connect to free and open wifi. All of these potential vectors make the possibility of mobile ransomware and other malware a distinct new reality in the new year.
10. There will be a renewed sense of hope in cybersecurity workforce development.
If you’re wondering if there’s any hope left after reading all the things in store for 2018, then you’ve come to the right place. Addressing the wide swath of security issues from a policy and technical perspective will require a more robust and diverse cybersecurity workforce than ever. And addressing the cyber workforce gap is a worthy initiative for 2018, requiring increased spending and dedicated efforts to increase the cybersecurity talent pipeline. This is already happening on some level, as can be seen with New York City’s impending grant to make the city a cyber hub. 2018 is poised to be the year the federal government and private enterprises can take actions to invest in the longterm people problem that has plagued the security industry for the last decade. The U.S. didn’t land a man on the moon without a moonshot (and the investment behind it) and the U.S. isn’t going to lead the world in technology and security without one either.
Together, we can all make 2018 the year that we start to solve for all these dire predictions. We’re here to help. If you’d like some assistance in addressing these or other cybersecurity issues for your organization, let’s connect.