Many of us can agree that the past year hasn’t really been great for cyber security. A lot of companies have experienced numerous cyber attacks, including some high-profile ones such as Equifax, Uber, Deloitte, as well as the WannaCry ransomware attack.
That is why people are worried about what we will be facing in 2018. Despite great advances in security updates, cyber attacks continue to threaten us. So, in this article we will provide you with the latest trends that we can expect this year, as well as some predictions for the future.
1. Sandbox technology malware
Sandbox technology has recently become quite a popular method for both the detection and prevention of malware infections. Nevertheless, cyber attackers are still finding ways to dodge this technology – the latest malware is now able to detect when it is inside a sandbox, so that it can wait outside before infecting it with a malicious code.
2. AI attacks
Machine Learning (ML) and Artificial Intelligence (AI) software systems are able to learn from their past experiences, with the goal to predict cyber security threats. AI technology is being used by 87% of cyber security professionals in the US, according to the Webroot’s report.
However, 91% of them are worried that hackers can use AI technology in their favor, to launch some more sophisticated attacks. For instance, with the help of AI, the collection of a certain organization’s valuable information can be automated. In addition, hackers can use AI for cracking passwords by limiting the number of possibilities based on demographics, location etc.
3. IoT ransomware
The majority of IoT devices don’t store any valuable data and, even if they were infected, not many people would be ready to pay the ransom. Moreover, developing ransomware that would attack these devices is not actually cost effective, since the number of victims wouldn’t be high enough.
However, we should still be cautious and aware of the problems IoT ransomware can potentially cause. For instance, if a hacker targets power grids, provided that a person doesn’t pay the ransom, they can shut them down. Moreover, they can also attack factory lines, home appliances and smart cars this way.
4. Multi factor authentication standards
According to the report about data breach investigations issued by Verizon in 2016, “63% of confirmed data breaches involved leveraging weak, stolen or default passwords”. These breaches mostly happen because a large number of businesses are still using SFA (single factor authentication).
Many of them refuse to implement MFA (multi factor authentication) because they fear that it can have a negative effect on user experience. However, with an increasing concern about identity theft, it’s expected that more companies will be implementing MFA in some form.
5. GDPR compliance
GDPR, short for The General Data Protection Regulation, which will become effective in May 2018, offers some important changes in Data Protection Directive, such as stricter consent laws, increased territorial scope, more rights for data subjects etc.
Forrester’s report claims that “80% of companies will fail to comply with GDPR”. What’s more, it’s predicted that around half of them will decide not to comply, since they believe that the compliance costs are greater than the risks.
6. State sponsored attacks
These attacks are among the most concerning forms of cyber attacks today. They are, in most cases, politically motivated and are not just about financial gain – they are designed to obtain intelligence which can be used to interfere with politicians’ objectives.
State sponsored attacks are very well-funded, sophisticated, and thus quite dangerous. Countries notorious for such attacks are Russia, the US, North Korea, China and a few others. Although it is difficult to be protected from them, governments must make sure their networks are completely isolated from the internet, and perform regular security checks.
7. New security technologies
Luckily, there are new emerging security technologies that we can expect in 2018. They include remote browsers, deception technologies, EDR (Endpoint Detection and Response) solutions, NTA (Network Traffic Analysis), and different auditing solutions as well.
To sum up, we may expect that the largest emphasis will be put on insider threats, in order to decrease the number of insider risks by closely monitoring user activities and behavior, and assessing risks on a regular basis to spot any weaknesses and improve the security of businesses.