From the WannaCry cyberattack on the operations of major multinational corporations, to the Equifax data breach that impacted 145.5 million customers in the U.S. and Canada, 2017 marked a shift in the cybersecurity landscape. Hackers upped their game—exploiting new vulnerabilities, leaking spy tools from U.S. intelligence agencies, and hacking political campaigns. As hackers gear up to unleash new and improved attacks in 2018, enterprises will need to be more proactive and reevaluate where they are dedicating resources. Here are my top ten predictions for what we can expect to see in 2018:
‘Hacking back’ policy will be an increasing concern. Two members of the U.S. House of Representatives introduced a bill earlier this year that allows victims to hack their hackers. The trouble is, we already know that real, definitive attribution is incredibly difficult. So, how can we ever be sure that we’re attacking the real source of an attack? What will happen when the source of an attack is another company that suffered its own breach and is being used as an intermediary? Will that company then be forced to “hack back” the hacking hackers? The situation could quickly devolve into chaos if organizations are allowed to build red teams with the sole purpose of going on the offensive.
GDPR will levy its first fine, and it will be painful. This is a very real threat to the many organizations who have not taken it seriously or have not done any preparation for it. We can expect to see at least one major fine levied against an organization who has made the conscious decision to play fast and loose with GDPR and abuse or lose EU citizen data. If I were a CISO in an organization that isn’t ready for GDPR? I’d start dusting off the resume and look to get far, far, away.
North Korean-sponsored groups will become a bigger threat. I think companies in the Western world need to be especially concerned about the impact of North Korean-sponsored groups. They have shown themselves to be highly skilled and capable of breaching and damaging their attack targets. Their intentions are multifaceted: they are combing the internet looking for ways to financially benefit, and they are equally interested in compromising targets that are politically beneficial to their leadership. Whatever they lack in skill, they make up with intensity and willingness to cause great damage to systems, which should concern executives everywhere.
The effects of the Equifax breach will linger for years. The Equifax breach and the colossal amount of personal information that was stolen will make things really difficult for defenders and those dealing with identity theft for years to come. Companies that rely on knowledge-based questions as part of their authentication measures (i.e. What street did you grow up on? Who did you have a car loan with in 2014?) will need to toss out those questions and embrace new methods to authenticate customers. I expect to see a surge in financial and identity theft for the next two years as a result of the Equifax hack.
The Shadow Brokers won’t go away anytime soon. I expect the Shadow Brokers to continue to attempt to profit off their pilfered exploits, and perhaps leak more exploits throughout 2018. I hope NSA officials will be able to determine everything the Shadow Brokers stole, and that they are working behind the scenes with technology vendors to rapidly fix the vulnerabilities that will certainly come to light.
API-based attacks will become a bigger deal. There is a lot of backend traffic flying around the internet— things the average consumer can’t see. Many API-based solutions are not regularly monitored, and some of them use outdated security methods, making them ripe for pilfering. I would be shocked if there wasn’t at least one massive breach in 2018 that involved the exfiltration of large data sets of sensitive information through this method.
DDoS will continue to sucker punch assets online. As more and more devices come online, especially ‘smart’ IoT devices, attackers will find new ways to zombie them and use them in their massive DDoS armies. Further, as the volume of DDoS attacks increases, demand for mitigation services will begin to increase exponentially. With the explosion of the deployment of IoT devices in the marketplace, and the lack of a better default security within these devices, it is entirely possible that DDoS will take over from ransomware as a dominant risk to organizations worldwide.
Security budgets will increase. There is no evidence to suggest the share of IT budgets allowed to security will decrease in 2018. The massive security incident at Equifax and the catastrophic impact of WannaCry and Petya/Not Petya on organizations around the globe spurred many companies, both small and large, to re-evaluate their spending and the allocation of their security dollars.
Use of ransomware will expand. The ransomware scourge won’t go away anytime soon. While it seems as though fewer individuals are paying out, the ROI for cybercriminals is still massive, and it keeps getting easier for them to spin up ransomware backend infrastructure to launch massive attacks. Crimeware-as-a-Service will keep enabling less-skilled attackers to launch attacks in the hopes of finding riches.
Companies will increase their focus on detection and response. Enterprises will put a significant share of their security dollars toward endpoint detection and response (EDR) technologies. Malicious and non-malicious insider incidents continue to wreak havoc on networks, and shoring up defenses at the endpoint can go a long way toward mitigating those threats. The tide has started to shift from focusing on prevention to immediate detection and response to incidents. Uncovering dark corners and hard-to-manage endpoints will be essential to delivering the rapid response capabilities needed to remediate devices in the critical moments after a security incident happens.
Like many things in our lives, threat actors evolve. They learn new and novel ways of committing cyber crime, and interesting ways to break into targets. Today’s highly sophisticated attacks become tomorrow’s exploit kit fodder and script kiddie toolbox. It’s the nature of the business. Threat actors today have become so adept at immediately taking advantage of new vulnerabilities that it’s incredibly hard for defenders and security vendors to protect against every single crack in the dike. As 2017 has shown us, no one is immune from cyber attacks. Consumers and enterprises alike will need to stay just as vigilant in 2018, if not more, to protect their assets from constantly evolving cyber threats.