[BreachExchange] 5 IT Security Trends to Watch in 2018

Audrey McNeil audrey at riskbasedsecurity.com
Fri Jan 5 14:05:02 EST 2018


The EU's General Data Protection Regulation (GDPR) will be the single most
important security factor in 2018. Unlike most security events, this one is
completely predictable. It's been in the works for nearly a decade so it
should come as no surprise to anyone who conducts business that impacts in
any way with Europe.

So, naturally, about half of the companies in the US that fit this
description aren't ready. If they still aren't in compliance with the EU's
new data protection requirements by May 25, 2018, then they can risk up to
4 percent of their global revenue in fines for failure to protect the data
of people in the EU.

The GDPR requires companies that do business in Europe to protect the
personal data of the people they do business with against breaches or other
types of exposure, and to report breaches when they occur. While the actual
amount of penalties can vary with the extent and type of breach, and
whether the company took reasonable steps to protect the data, the penalty
can be substantial.

In reality, most of the GDPR's requirements for data protection are what
organizations should be doing anyway to protect their customers. Had
companies been compliant a couple of years ago, major events such as the
Equifax breach would not have happened or the loss of data would have been
less significant.

When enforcement of the GDPR begins in May, you can assume that the
European authorities will want to make an example of some company that
fails to protect the personal data of someone in Europe. Don't be surprised
if the biggest example is an American company.

Ransomware and Artificial Intelligence

If the huge penalties under the GDPR aren't enough incentive to convince
companies to finally protect their data against loss, then the new security
challenges that are sure to come in 2018 should be. As cyber-criminals hone
their skills, you can expect to see ransomware become an even greater
threat in 2018 than it was last year.

The reason the threat from ransomware will grow is because the criminals
who use it will find ways to circumvent backups as a way to recover without
paying a ransom. Ransomware will also be harder to detect as spear-phishing
becomes more sophisticated and more accurately targeted.

Cyber-criminals will be able to focus their targeting by using artificial
intelligence (AI) and machine learning (ML) to know exactly who to attack
in a specific organization and what they have to do to make it effective.
In addition, they will use those same capabilities to target partners of
the ultimate target as a way to get past security protections.

Those same techniques, along with more traditional methods of credential
stealing, will lead to a major breach in 2018—one that's going to be even
bigger and more serious than the Equifax breach last year. What company
will be breached? It's hard to say right now but look for a major bank with
global operations or perhaps a major data aggregator. In fact, it's likely
that such a breach has already happened and the victim either doesn't
realize it or hopes nobody will notice.

You can also expect to see a breach of a high-profile target such as the
Winter Olympics by state-sponsored attackers. While it could be some other
organization, the Olympics gets the most global attention, and there are
enough states with a grudge involving the event that would find
satisfaction in disrupting it.

Breaches, Spoofing, and Extortion

As showy as a breach against the Olympics might be, the real damage in the
long run will be through interruptions in the daily commerce of
organizations and the resulting loss of revenue. Such attacks as
Point-of-Sale (POS) breaches, CEO spoofing, and digital extortion will grow

POS breaches, which may include the computers used in stores or perhaps in
ATM machines or in other terminal devices, frequently succeed because they
use computers that run obsolete operating systems (OSes), such as Windows
XP, that are rarely updated. In addition, they are frequently located where
they're accessible to the public.

But the lack of updates will continue to plague organizations at all levels
as IT managers continue to delay critical security updates in the belief
that they may keep other features from working. Many successful breaches in
2017 happened when tools developed by intelligence agencies were used
against enterprises. Those attacks succeeded even though they were against
long-patched vulnerabilities because updates were delayed, sometimes for

Hope on the Horizon

Fortunately, there is hope. The most immediate is that passwords will begin
their decline as the primary means of authentication for users. Microsoft
has already begun the work of integrating biometrics into the
authentication process in a form that can be used in the enterprise. In
addition, the facial recognition used in Apple and Samsung phones, and the
iris recognition in some Samsung phones, are leading to a freedom from
passwords or as part of multi-factor authentication (MFA).

MFA is already mainstream as its use by Apple, Microsoft, and Google
already demonstrates. Right now, authentication mostly uses codes sent to a
mobile phone but an extension to biometrics is already underway.
Organizations that invest in MFA—whether it's through biometrics, smart
cards, codes sent to phones, or some other method—will reduce their risk
from credential stealing software.

Another reduction in risk, at least temporarily, is the ongoing collapse of
cryptocurrency. Bitcoin is already falling out of favor among criminals
because of weak security in some blockchain calculations and because law
enforcement is finding ways to track the transactions. Chaos in the
cryptocurrency world makes it harder for the criminals to transfer money
and reduces the attraction of crimes that make use of it, including

But the good news, such as it is, does not mean that security challenges
are somehow being reduced; they are not. The attacks will continue at a
higher level than in previous years and the attackers will find new ways to
get past your defenses. The fight will get harder. It has become more
important than ever to focus your resources on prevention and on supporting
the security efforts of the Chief Security Officer (CSO) and the Chief
Information Security Officer (CISO) in your organization.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180105/fbcd3f4e/attachment.html>

More information about the BreachExchange mailing list