The 5 Cyber Security Predictions for 2018
Looking at what happened in 2017, the Equifax breach, Ransomware WannaCry, Russian interference, phishing scams. Well, one has to be prepared for more in 2018. There will be bigger breaches, bigger scams and the security teams and budget will find it difficult to keep pace with the criminals. This brings in the factor that user should have antivirus software for PC to counter such threat. When the situation looks so grave, we also have something to smile; here are few things that are expected to improve in the coming year.
1. GDPR Compliance
Many companies are likely to implement GDPR compliance before the deadline ends. A recent survey shows that US companies subject to the European Union’s (EU) are far behind where they need to be to make the May 25 compliance deadline. For some, it might not matter. Those companies that fail to implement will be liable to pay fines in case of any breach that happens and the user complaints. Even in case of breach the company can still suffice any document that they are in the process of compliance.
2. GDPR regulators
There will be two sets of the target for the regulators. Most like to start with EU companies because they are less likely to defend for a fine. The rest of the US Company, they have already had a few of them in mind after whom they have to go.
It’s not a tough to guess which all companies are there in their mind, it can be Apple, Google, Amazon, Facebook, etc and they all have a contentious relationship with the EU in antitrust and privacy issues. So in this case, if the four giants show any reluctance to comply with GDPR, the EU regulators might go after them.
Other companies may not find it hard unless something of the massive breach happens and that could have been prevented in case GDPR was implemented. The idea is to make the environment safe and comply with the rule before the deadline ends on 25th May. There are companies that provides antivirus free download for users to try and then buy.
3. Password-only authentication deadline
It’s self-explanatory when you see how Equifax breach happened, and customers’ were wary about the online transaction as they wanted to know how safe the online environment is. Most of the customers had no idea about the alternatives of the password and multi-factor authentication. One thing they were clear about was that password alone will not keep their account secure.
This is important because companies often cite a lack of demand for stronger authentication as a reason for not offering it. They are reluctant to do so, in part, because they don’t want more complicated authentication degrading the user experience.
Companies often overlook this factor because not many customers come forward to seek this feature of strong authentication and password authentication. The companies are also reluctant since they do not want to drag the customers into the more complicated process. But, this is likely to go because there will be more emphasis on risk-based authentication tools, which will be available widely. This move will actually assess the behavior that the person attempting to access the data is authorized to do so.
Experian calls this an aftershock breach, and the report urges organizations to deploy secondary authentication methods. “Given the continued success of aftershock breaches involving username and passwords, we predict that attackers are going to take the same approach with other types of attacks involving even more personal information, such as social security numbers or medical information,” the report stated.
4. Country-sponsored attacks will increase
Malware producing states like North Korea, Iran or Russia will up their ante since they have nothing to lose by continuing their attempts to steal, extort, or disrupt the system. All these places are already on the Watch list so we know who all are likely to pin us down.
Experian’s 2017 Data Breach Industry Forecast said: “The progression of cyber-attacks driven by nation-states will undoubtedly place critical infrastructure in the crosshairs, potentially leading to widespread outages or exposed personal information that could impact millions of innocent consumers.”
State-sponsored attacks might also spur countries to form alliances to fight them. Eddie Habibi, CEO of PAS Global said “Increased attacks on critical infrastructure will drive countries to begin discussing cyber security alliances. Establishing these alliances will provide mutual defense for all countries involved and it will allow for the sharing of intelligence in the face of attributed nation-state attacks, not to mention agreements to not attack each other.”
5. Attacks through IoT devices will increase
Millions of connected devices have little or no defense against hackers who want to gain control of them. In fact, it’s getting easier for hackers to take over scores of the internet of things (IoT) devices. All they have to do is purchase a botnet kit from the dark web and they are in business. The top three botnet kits — Andromeda, Gamarue, and Wauchos — are estimated to be responsible for compromising more than a million devices a month. The Reaper botnet has infected more than a million devices.
Thousands of connected devices will fall prey and there will be no mechanism to revert it or gain control back. Having said that it has been seen how the hackers easily take over IoT devices. All they do is get a botnet kit from online gray market and then its business as usual. Some of the most known botnet kits are Andromeda, Gamarue, and Wauchos, and this is followed by Reaper botnet together they all have done massive damage to a million devices across the world. Let’s see how we fair in 2018. The best option is to have antivirus protection for your PC and keep yourself protected in the vulnerable cyberworld.
Julia Sowells150 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.