It’s safe to say 2017 was a challenging year for cybersecurity. Last year saw a large number of high-profile cyberattacks to companies such as Uber, Equifax and Deloitte, and don’t forget the notorious WannaCry ransomware attack.
Despite the relentless flow of various security patches and updates, these attacks continue to go haywire. We are led to ask ourselves, what’s in store for 2018? Will this year be better or will it be worse than 2017?
Let’s look ahead and see the upcoming cybersecurity trends and predictions in cybersecurity for 2018.
Increase in sandbox-evading malware
We have witnessed the growth of sandboxing technology in recent years as it became one of the popular methods used to detect and prevent malware infections. However, just like any virus, cybercriminals too evolve or mutate, whichever is applicable, and find more ways of evading this technology.
For example, new malware strains have the capability of recognising when they will execute a malicious code. These new strains can recognise if they’re inside the sandbox, and if they are, they wait until the moment they’re outside the sandbox and wreak havoc.
The uprising of machine learning (ML)/AI software is upon us.
AI “learns” from the consequences of previous events and uses that to predict and then identify future cybersecurity threats. In fact, according to a Webroot report, roughly 87% of cybersecurity professionals in the United States use AI.
However, AI could prove to be a double-edged sword. A great number of security authorities are concerned that AI could be used to launch more sophisticated cyberattacks, such as assisting hackers in narrowing down passwords based on demographics and geography and other significant factors.
AI could also be used to automate the collection of certain data, which could be related to particular organisations. These could be sourced from code repositories, support forums and social media platforms.
Internet of Things (IoT) Ransomware
Although ransomware has been around for some time, IoT ransomware is relatively new. As it stands, the threat of IoT ransomware is more serious than we previously thought, yet this has not received much attention.
This is understandable since most IoT devices do not usually store valuable information. You see, as its name implies, ransomware is a malware breed that encrypts your files so you can’t access them. Then, it sells you the decryption key so that you have access to your valuable data.
However, even if the devices will be infected and then encrypted, it is not likely that someone would actually pay the “ransom” just so they could access their files. Additionally, developing ransomware for IoT devices would seem cost-effective since the number of potential victims would be significantly low.
Yet the threat is still there, and it’s serious. You can never be too careful nor underestimate its potential to wreak havoc on IoT devices.
For example, hackers could potentially target smart cars, factory lines or home appliances or other critical systems like power grids. When the victim or victims fail to pay the ransom, they may choose to cause relatively irreversible damage.
Failure of companies to comply with General Data Protection Regulation (GDPR)
If you haven’t heard, the GDPR will come into effect on May 25, 2018. Now, what does this mean?
The GDPR offers a number of vital changes to the existing Data Protection Directive, from stricter consent laws, improved territorial scope to elevated rights for data subjects. Fines for non-compliance will be imposed and could reach to around 4% of yearly worldwide turnover or €20m, whichever is greater.
Increasing number of state-sponsored attacks
Perhaps one of the most concerning areas of cybersecurity is the rise of state-sponsored ones. Typically, these attacks are politically motivated and are more than pure financial gain.
State-sponsored attacks are often elaborately designed to acquire vital information regarding one party that the other can use to further their objectives. In fact, these attacks can be used to manipulate public opinion by targeting electronic voting systems.
These well-funded sophisticated attacks have the potential to be extremely disruptive. The most notorious for unleashing such attacks include Russia, China, Iran, North Korea, Israel and even the United States.
Given the level of finance backing these attacks and the expertise to concoct such sophisticated programming, protection may prove difficult, if not challenging. Hence, governments must make sure their respective internal networks are particularly isolated from the Internet. Also, extensive security checks must also be carried out on all of its staff.
Generally looking toward 2018, it is without question that these cyberattacks will be more elaborate and bigger. It goes to say that breached data will definitely be more valuable than ever.
However, there’s still ample time to prepare for whatever cyber attackers are planning. One thing is certain, continue to put emphasis on cybersecurity and raise awareness about these cybersecurity trends. It has to start somewhere.