Here’s a roundup of what a number of cyber security solution providers see for the next 12 months:
1. More IoT attacks will be motivated by financial gain than chaos
The Mirai botnet that hit in late 2016 demonstrated how hackers can use a botnet army of compromised IoT devices to launch a massive DDoS attack. IoT-based attacks will likely continue to grow in 2018, including those on both devices and cloud backplanes, as hackers try to compromise systems for ransom or to steal sensitive information.
Instead of being motivated solely by political, social, or military reasons, cybercriminals will likely be motivated by financial gain moving forward, the report noted. We’ve seen that these hackers are already exploring the potential for ransomware that targets vehicles, operational technologies, and medical equipment.
Action: Assess IoT attack vectors, compliance risk, and organizational readiness. Ensure security in existing IoT deployments by conducting assessments of endpoint devices for gaps such as default passwords, weak encryption implementations, and inadequate patching or remediation capabilities.
2. Firms too aggressively hunting insider threats will face lawsuits and GDPR fines
It’s become easier for firms to monitor employees and their activities as a means to thwart malicious insiders, employees making mistakes, or an attacker with compromised employee credentials. However, employees may find this to be an invasion of privacy.
In September, the European Court of Human Rights ruled that companies must inform employees in advance if their work email accounts are going to be monitored. Further, such monitoring must not infringe upon workers’ privacy, the court ruled. The EU GDPR also applies to employee privacy and data handling, and includes large fines for noncompliance.
“Conventional wisdom dictates that mishandling of customer data will draw the ire of regulators, but employee data is personal data, and Forrester predicts that regulators will be just as likely to focus on employee privacy violations as they are customer violations,” according to the report.
Action: Create privacy rules of engagement for employee monitoring.
3. Malicious domain registrations will increase
With enterprises increasingly on the lookout for malware spread through email, attackers will be looking for other vectors. Proofpoint notes already there has been a 20 per cent year-over-year increase in suspicious domain registrations.
These domains are likely intended for fraud, typo squatting, spoofing, and other malicious schemes, and it expects this trend to increase due to widespread adoption of email authentication.
Industry-wide efforts to roll out email authentication services will result in significant increases in malicious domain registrations as threat actors move away from less effecting spoofing to registration of lookalike domains.
During 2018, we will become even more reliant on and immersed in our hyperconnected world. Every network we use could be targeted wherever we’re connected, and the information we digest manipulated without us being aware of it happening. Now more than ever, we need to better secure networks and data so that we can trust the services we use, and ensure the integrity of the data we produce and consume. The future is coming, and we can see what it holds for us – so this time, we need to be ready.