Will 2018 be better or worse than 2017? Current trends and future predictions.
I think it's fair to say, 2017 wasn't a great year for cyber-security. We saw a large number of high-profile cyberattacks; including Uber, Deloitte, Equifax and the now infamous WannaCry ransomware attack. Despite the constant flow of security updates and patches, the number of attacks continue to rise.
This raises the question…will 2018 be better or worse than 2017? Let’s take a look at some of the current trends and future predictions.
1. AI-powered attacks
AI/Machine Learning (ML) software has the ability to "learn" from the consequences of past events in order to help predict and identify cybersecurity threats. According to a report by Webroot, AI is used by approximately 87% of US cybersecurity professionals. However, AI may prove to be a double-edged sword as 91% of security professionals are concerned that hackers will use AI to launch even more sophisticated cyber-attacks.
For example, AI can be used to automate the collection of certain information — perhaps relating to a specific organisation — which may be sourced from support forums, code repositories, social media platforms and more. Additionally, AI may be able to assist hackers when it comes to cracking passwords by narrowing down the number of probable passwords based on geography, demographics and other such factors.
2. More sandbox-evading malware
In recent years, sandboxing technology has become an increasingly popular method for detecting and preventing malware infections. However, cyber-criminals are finding more ways to evade this technology. For example, new strains of malware are able to recognise when they are inside a sandbox, and wait until they are outside the sandbox before executing the malicious code.
3. Ransomware and IoT
As it stands, IoT (Internet of Things) ransomware isn’t making the headlines. This is understandable, as most IoT devices don't typically store valuable data. Even if an IoT device were to be infected, and the data it holds were to be encrypted, it's unlikely anyone would bother to pay the ransom. Not only that, but developing ransomware for IoT devices would not be cost effective as the potential number of victims would be much less.
However, we should still be very careful not to underestimate the potential damage IoT ransomware could cause. For example, hackers may choose to target critical systems such as power grids. Should the victim fail to the pay the ransom within a short period of time, the attackers may choose to shut down the grid. Alternatively, they may choose to target factory lines, smart cars and home appliances such as smart fridges, smart ovens and more.
4. Many companies will fail to comply with the GDPR
The General Data Protection Regulation (GDPR), which will come into effect on 25 May 2018, offers a number of important changes to the current Data Protection Directive. These include; increased territorial scope, stricter consent laws and elevated rights for data subjects to name a few.
Fines for non-compliance reach up to €20m, or 4% of annual worldwide turnover — whichever is greater. According to a recent Forrester report, "80% of companies will fail to comply with GDPR". Interestingly, the report claims that 50% of these companies will actually choose not to comply, as they claim that the cost of compliance outweighs the risks.
5. Emerging standards for multi-factor authentication
According to the 2016 Data Breach Investigations Report by Verizon, “63% of confirmed data breaches involved leveraging weak, stolen or default passwords.” This is largely due to the fact that most organisations are still using single-factor authentication, which basically relies solely on “something you know”.
Companies have a tendency to shy away from implementing multi-factor authentication, as they feel that it would negatively affect user experience. However, according to research carried out by Bitdefender, there is a growing concern about stolen identities amongst the general public. As such, we will likely see an increase in the number of companies implementing some form of MFA.
6. The adoption of more sophisticated security technologies
There are a number of new technologies emerging that may start to see wider adoption in 2018. For example, the use of "remote browsers" can be helpful for isolating a user’s browsing session from the network/endpoints.
Deception technologies, which work by imitating a company’s critical assets, act as a trap for attackers looking to steal this data.
There will also be an increase in the use of solutions which can detect and respond to anomalous behaviour. Firstly, there are Endpoint Detection and Response (EDR) solutions, which can monitor endpoints and alert sysadmins of suspicious behaviour. Secondly, Network Traffic Analysis (NTA) can be used to monitor network traffic to help determine the type, size, origin, destination and contents of data packets.
Thirdly, and very importantly, more and more companies are starting to adopt sophisticated real-time change auditing solutions, which can help companies secure critical assets in numerous ways. For example, they can help detect and respond to user privilege abuse and suspicious file/folder activity — either based on single event alert or threshold condition. They can detect account modifications, deletions, inactive user accounts, privileged mailbox access and a lot more.
7. A rise of state-sponsored attacks
The rise of nation state cyber-attacks is perhaps one of the most concerning areas of cyber-security. Such attacks are usually politically motivated, and go beyond financial gain. Instead, they are typically designed to acquire intelligence that can be used to obstruct the objectives of a given political entity. They may also be used to target electronic voting systems in order to manipulate public opinion in some way.
As you would expect, state-sponsored attacks are targeted, sophisticated, well-funded and have the potential to be incredibly disruptive. The countries most notorious for unleashing such attacks include; China, Russia, Iran, Israel, North Korea, and the United States.
Of course, given the level of expertise and finance that is behind these attacks, they may prove very difficult to protect against. Governments must ensure that their internal networks are isolated from the internet, and ensure that extensive security checks are carried out on all staff members.
Likewise, staff will need to be sufficiently trained to spot potential attacks. Governments should avoid purchasing technology from untrusted sources. For example, the U.S. government recently in government agencies due to concerns about the Russian government's potential influence on the company.
Finally, it is important that nations work together and share any information they have about potential state-sponsored threats.