It’s that time of year already, and what a year it has been! The ever-changing landscape of cybersecurity was rocked by some major breaches throughout 2017.
Key moments include the WannaCry ransomware attack that compromised the NHS and affected large companies in over 99 countries, the Petya and NotPetya strains of ransomware/malware that infected thousands of large organizations, and more recently, Uber’s huge data breach that saw them pay hackers to delete 57 million pieces of sensitive information.
With all of this now behind us, we want to know how the cybersecurity will evolve in 2018. What changes will organizations have to adapt to if they’re to stay secure? What technology should they adopt to achieve this? And how will new regulations (like GDPR) affect the way data is stored and protected?
Courtesy of our Security Analyst James Maude, here are our top five predictions for the year ahead…
1. Ransomware to run riot
With WannaCry and NotPetya, cybercriminals have seen how effective it can be to target enterprises with ransomware. In 2018 we will see this broadening out with more enterprise specific ransomware strains and more systems being targeted.
Ransomware will continue to broaden out as databases, websites, IoT and ICS are all prime targets. We may see some interesting new variations of ransomware either encrypting data or disrupting access to these systems. Critical infrastructure and financial systems will need to become more resilient to disruption caused by attacks that seek to restrict the availability of resources and data.
2. Living off the land
As browser security improves and Windows 10 gains traction, attackers are shifting away from relying on vulnerable or unpatched software to gain access to a system. In 2018 we will see more attacks that “live off the land” and exploit applications and functionality that are built into the system and applications.
We have already begun to witness this with an increase in script-based malware using PowerShell and various Office exploits that use built-in functions to run code or launch apps without relying on macros. These attacks are very powerful as they use legitimate trusted applications to evade detection and are often difficult to prevent.
3. The stresses and strains of GDPR
Becoming GDPR compliant will challenge a lot of businesses who are not already prepared. In SMEswith smaller IT and security teams this may be a drain on already limited resources and cause them to take their eye off the ball as they focus on data mapping and policy work. Those who have not planned or budgeted for this extra workload will suffer the most and may unintendedly expose the business to risk. We will also see a lot of consultants riding the wave of GDPR fears as it becomes the new Y2K bug.
For further help with your GDPR efforts, you can watch our 8 minute webinar to learn more about the regulation, along with understanding how Defendpoint can help you to achieve compliance with ease and efficiency.
4. Artificial Intelligence: the good and the bad
Attackers will start to leverage AI to evade detection and build more effective attacks. We have already witnessed machine learning being used to evade detection and this is increasingly becoming an automated service. Given the volume of data available online, AI could also be harnessed to build better targeted attacks by learning about and interacting with potential victims.
On the flipside AI will also help inform and automate security responses and reduce the incident response time, as more organizations will turn to automation and orchestration technologies to bring together data from various "sensors" and create actionable intelligence. This will provide a way to augment lines of communication and gain the most from their investments in Cyber Security.
5. People will continue to be the weakest link
Social engineering will continue to be the go-to strategy for cyber criminals. People are the easiest way into an organization, they can be easily duped into providing credentials or executing malicious code, often subconsciously. There needs to be a two-pronged approach to counter this; 1) invest in security foundations to mitigate these types of attack executing 2) Provide regular security awareness training.
Do you have any predictions you’d like to share with us? Please feel free to get in touch. And for any more information on how Defendpoint can make your company more secure, compliant and productive, why not schedule a free demo today?
James Maude, Lead Cyber Security Researcher
James Maude is the Lead Cyber Security Researcher at BeyondTrust’s Manchester, U.K., office. James has broad experience in security research, conducting in-depth analysis of malware and cyber threats to identify attack vectors and trends in the evolving security landscape. His background in forensic computing and active involvement in the security research community makes him an expert voice on cybersecurity. He regularly presents at international events and hosts webinars to discuss threats and defense strategies.