Cybersecurity trends for 2018

2017 was a year dominated by news of data breaches and new cybersecurity threats, from major hacks affecting companies like Equifax and Verizon to ransomware attacks such as the global WannaCry incident.

It stands to reason then that we will see more of the same in 2018, with corporations, governments, public bodies and even political campaigns all likely targets.

So, what exactly will 2018 have in store? McAfee Inc.’s recent threats predictions report identified five key cyber security trends to watch in 2018:

• An adversarial machine learning “arms race” between attackers and defenders
• Ransomware to evolve from traditional PC extortion to IoT, high net-worth users, and corporate disruption
• Serverless Apps to create attack opportunities targeting privileges, app dependencies, and data transfers
• Connected home devices to surrender consumer privacy to corporate marketers
• Consumer apps collection of children’s content to pose long-term reputation risk

It is hard to argue with these predictions, particularly those concerning an “arms race” and the evolution of ransomware.

Those of us involved in cybersecurity solutions have been locked in an “arms race” with hackers and their like for many years, each side trading the advantage as new risks emerge and new solutions are developed.

But the growth of AI and machine learning, with tech giants like Amazon, Facebook and Google all getting in on the game, makes this the next area ripe for exploitation.

As McAfee’s report said: “Adversaries will certainly employ machine learning themselves to support their attacks, learning from defensive responses, seeking to disrupt detection models, and exploiting newly discovered vulnerabilities faster than defenders can patch them.”

It will be essential, therefore, for enterprises to become more strategic in their thinking and combine machine learning with human intellect and intuition to understand these new risks and anticipate where they might come from.

When it comes to the threat of ransomware, we should see the WannaCry attack as the beginning of this trend, the thin end of the wedge if you will.

The good thing about WannaCry is that it focused attention in this area and now lots of enterprises are proactively investing in making their systems and data secure so they don’t fall victim to future attacks.

Unfortunately, these types of incidents will become more sophisticated and more frequent because they have been shown to work; as long as some enterprises are paying to rescue their data the attacks will continue.

I think the increase in number and sophistication of cyberattacks in 2017 will encourage many enterprises to introduce more rigorous cybersecurity procedures in 2018, both to hinder the external threats and negate the risk of insider threats.

This insider threat is particularly important as it presents the most immediate danger to an enterprise’s cybersecurity.

It can be broken down into three areas: the malicious insider, the opportunist insider and simple end user error.

It is this last category that poses the greatest risk. End user error is where an employee in the course of their work makes a mistake, such as inadvertently sharing something with the wrong person or typing in the wrong email address, which causes a data breach.

Even trusted employees are, after all, only human and can and will make honest mistakes.

A recent survey of cybersecurity professionals by Crowd Research Partners found the vast majority (90 per cent) of companies and government agencies feel vulnerable to insider threats.

What’s more, 53 per cent said there had been insider attacks against their organisation in the previous 12 months, and 27 per cent said they had become more frequent.

A renewed focus on cybersecurity will mean an increase in the use of external providers and solutions by many enterprises.

While this will be to their organisational advantage it will be to the detriment of their users, who will find themselves having to jump through more hoops to authenticate themselves and access systems and data.

This heightened security and atmosphere of mistrust could have implications for employee privacy, and we can expect to see cases where regulators have to get involved.

We should also expect the introduction of the GDPR in May to have a major impact. As with the introduction of most regulations or pieces of legislation, I expect there will be a period of grace in which the authorities will take a “softer” approach to breaches.

However, before the end of 2018 we should also expect to see at least one enterprise made an example of for breaching the GDPR and facing a huge fine, though nowhere near the maximum that has been threatened.

Finally, with the rapid improvements in artificial intelligence capability we should expect AI to be the next big thing in endpoint security.

Cyber solutions providers are already offering endpoint device protection using AI, and consequently we should also expect this to be an area hackers will look to exploit.

The key message for enterprises is to learn the lessons of 2017; cyberattacks will increase in volume and sophistication and if you are not being proactive in protecting yourself against them you stand to become a victim.