[BreachExchange] An Outlook on the Cybercrime Epidemic - What Will 2018 Bring?
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Dec 12 19:55:08 EST 2017
http://www.iotevolutionworld.com/iot/articles/435915-an-
outlook-the-cybercrime-epidemic-what-will-2018.htm
2017 was a year of firsts for the cybersecurity industry. For one,
cybersecurity spending exceeded $86 billion, according to gartner research.
We also experienced several cybersecurity disasters we had never seen
before – think WannaCry, NotPetya, Wikileaks, Equifax – that made
organizations around the world concerned for the state of their
infrastructure’s security. These were not run of the mill, small breaches
either, but rather viral leaks and full-blown campaign hacks exposing
confidential customer information and government data. It was a year that
elevated the topic of security to the very top across every industry.
While companies are racing to protect their organization’s data from future
attacks, it is important to keep in mind that hackers are only getting
smarter and more sophisticated. This year’s breaches and cyberattacks
provided us with insight and understanding into the potential ramifications
of such attacks, however as the landscape continues to evolve at a rapid
pace, it’s going to be difficult for CSOs to stay a step ahead in 2018.
To help organizations and business leaders plan their security strategy in
the coming months, here are 6 specifics to consider when making a plan to
protect company data.
1. Increase of cybercrime epidemic – The global cybercrime epidemic is
expected to double in the next two years. Zero day threats are growing at
an exponential rate while advanced persistent threats (APTs) are no longer
the only concern of nation state organizations. As hackers continue to
become more sophisticated, cybercrime as a service will grow, turning into
one of the biggest challenges organizations will face in the coming decades.
2. Preferred attack vectors are changing – We expect to see a continued
change in hackers’ favorite attack vectors. The use of documents (Office,
PDF and others) will not disappear but is expected to continue losing
ground to other methods and attack surfaces such as archive files
containing malicious content, browser extensions, social media campaigns
and cross platform attacks.
3. Ransomware sophistication and formats – Despite surpassing most other
forms of cybercrime in 2017, ransomware has yet to reach its peak. We
expect to see ransomware campaigns increasing their level of sophistication
and evasiveness, especially with regards to lateral movement and infection
capabilities. We also predict more ransomware families will start using
other methods than file or disk encryption for extorting money – like
doxing, data-wiping and machine/system lockdowns. Companies will have to be
overtly aware of their payment systems security, ensuring end-to-end
encryption is being used to prevent criminals from obtaining credit card
data from point of sale systems.
4. Fast growth in Non-Windows threat landscape – Threats to macOS, iOS and
Linux based endpoints and servers will grow in number and complexity in
2018. We believe this will be the case both for state APTs and cyber-crime
related campaigns.
5. Threat intelligence in real-time – Due to limited staff resources and
expertise, more organizations will use threat intelligence services to
better understand the risks of external threats, such as zero-day threats,
APTs and exploits. However, in order to prevent attacks, these services
will need to be provided in real-time to be truly beneficial.
6. Increase of the adoption of Artificial Intelligence – More and more
cybersecurity related domains will migrate from the implementation of
traditional security solutions to AI based solutions due to the improved
accuracy and easier automation AI brings to the table.
Looking ahead, the cybersecurity industry will continue to play catch up in
2018, as hackers become more sophisticated and the number of attacks
increase against businesses, individuals and organizations. Ransomware will
remain a top problem for IT leaders, gaining even more momentum in the
coming months. As threats to macOS and iOS endpoints grow, the use of
real-time threat intelligence to better understand the risks of threats
will mature and become more commonplace. Next year will be a telling time
for the future of cybersecurity – companies should look to innovative
technologies as a solution to securing their infrastructure, and foster a
consistent dialogue among executives to keep up with the ever-changing
landscape.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171212/422d0dd5/attachment.html>
More information about the BreachExchange
mailing list