2017 was a really great year. For hackers. Many of us heard about WannaCry and NotPetya that took down over 300,000 computers across the world, including the UK’s National Health Service or government agencies in Ukraine. CCleaner, a utility program millions of Windows users rely on to clear potentially unwanted files off their PCs, got hit by a malware. The installer was patched to remove the malware, but only after over 700,000 machines were already infected.
After one year of successful silence, Uber’s little secret about millions of hacked accounts came out too. The hackers stole personal data of 57 million Uber riders around the world in a breach dating back to October 2016. Also the credit rating agency Equifax experienced a huge data breach as 143 million consumers were robbed of their Social Security and credit card numbers, names and addresses. These are just some of the technological failures we experienced during the last year. Here’s what the predictions say about the year 2018.
1. Continuing data breaches will no longer be IT problem only
Many industries started shifting to advanced technologies to stay innovative and competitive. Yet these technology advancements bring major global concern of cyber-risks and threats. Public and private companies have become more vulnerable to cyber-attacks as established IT security controls are failing to protect the current systems. Therefore, it is highly important that cyber-attacks become an urgent boardroom debate. They are no longer an IT problem, but a whole company problem and everyone is now responsible for cyber-security.
2. IoT – a time bomb
IoT is a rapidly growing phenomenon which will accelerate in 2018, as organizations are increasingly adopting IoT devices. However, most IoT devices are not secure by design. Additionally, there may be an increasing lack of transparency in the fast evolving IoT ecosystem, which will cause problems for organizations to know what information is leaving their network or what data is being secretly captured and transmitted by devices such as smartphones and smart TVs.
3. AI as a weapon
Security companies and researchers have been using machine-learning models, neural networks and other AI technologies to better predict attacks and spot ones already on the way. It’s highly probable that hackers are adopting the same technology to strike back.
One of the examples is spear phishing. It uses carefully targeted digital messages to trick people into installing malware or sharing sensitive data. Spear phishing messages appear to come from a trusted source, a well-known company or website with a broad membership base, such as Google or PayPal. Machine-learning models can now match humans convincing fake messages, and therefore be more successful in gaining the sensitive data. Hackers will take advantage of this to drive more phishing attacks.
4. Costly ransomware
Global ransomware damage costs are predicted to exceed $11.5 billion annually by 2019, up from $5 billion in 2017. There were frequent ransomware attacks in the past 12 months with targets including San Francisco’s light-rail network and big companies such as FedEx. The main target in 2018 will most likely be cloud computing businesses, which house plenty of data. The biggest cloud operators like Google, Amazon and IBM have hired some of the best experts in digital security, so they won’t be easy to crack. However, smaller companies are likely to be more vulnerable.
5. Mining cryptocurrencies
In 2018 the theft of computer processing power is going to be a big thing as mining cryptocurrencies requires huge amount of computing capacity. Recent cases have ranged from the hacking of public Wi-Fi in an Argentinian Starbucks to a significant attack on computers at a Russian oil pipeline company. As currency mining grows, so will hackers’ temptation to breach many more computer networks. If they target hospital chains, airports or other sensitive locations, the potential for collateral damage is deeply worrying. It may even become a more serious issue than ransomware.
6. The insider threat
The insider threats have been underestimated, yet they were a primary cause of security incidents in 2017. These could be caused by malicious actions of the staff or simply poor cyber-hygiene. Such malicious actions can easily happen if the organizations do not pay proper attention to the security during the whole user’s life cycle. This way already fired employees’ accounts can be still functional with the access to the sensitive data or the users could have incorrect data roles. Poor cyber hygiene can be connected with weak passwords (or keeping passwords at inappropriate places) or being fooled by phishing.
In 2018, there will be growth in cyber education which involves training and automated testing, such as simulated phishing and social engineering attacks. In connection with data protection not only of the individuals but also organizations a usage of proper tools and systems will be a wise move.
These were 6 IT security threats predicted for 2018. We can only hope that organizations will not underestimate potential risks and really do their best to prevent such things from happening, as the data breach and security incidents cost not only money, but often also the reputation. To support data protection, various regulations started to appear. One of them is GDPR you can learn more about in here.