Threat trends we can expect in 2018
Organisations across the board have been plagued by a number of high-profile breaches in 2017, and it’s only going to get worse. Cyber threats are set to worsen, and enterprises find themselves having to deal with complex technologies, sophisticated malware, floods of data, increasingly stringent regulation and a crippling skills shortage. So says Simon Campbell-Young, CEO of Intact Software Distribution, adding that there are several threats that will impact the operations of businesses of every size and type in 2018.
“Firstly, we can expect a surge in ransomware attacks, both in frequency and sophistication, targeting individuals and corporates alike. In addition, with the Internet of things (IoT), home users are at greater risk, as a growing number of home devices connect to the Internet and to each other.”
He says the IoT itself will become a greater problem too, as these devices are being adopted on a massive scale, and many of them were not designed with security in mind. “IoT devices are increasing the attack surface by a thousand fold, and because they collect a wealth of data, are highly attractive targets for cyber criminals. Their lack of security also makes them an ideal stepping stone for threat actors to gain access to a network, and its valuable data.”
Next, Campbell-Young says we can see an upswing in crime-as-a-service, as underground cyber criminal syndicates continue to mirror legitimate businesses, and collaborate more with each other, forming new partnerships and syndicates. “This will see cyber criminal organisations diversifying into new markets and further ‘commercialising’ and commoditising their nefarious activities. Even more dangerous, this will allow aspiring cyber crooks with little tech savvy or knowledge to buy malicious tools to launch attacks, without needing any particular expertise. The criminals who sell these tools will also offer customer service to these individuals, to help them should they experience any difficulties or snags.”
Another area in which Campbell-Young believes will see a surge of new attacks is the supply chain. “Any security chain is only as strong as its weakest link, and I’ve said for years that the supply chain is vulnerable, as confidential data is routinely shared with vendors and other third-party partners. Once that information has been shared, the organisation no longer has control over it. Perhaps too much faith is placed in the supply chain’s security. Irrespective of the type of business your organisation is in, it will have a supply change. The challenge is knowing where our data is at every stage of the lifecycle, and the ability to protect it as it’s being shared and stored out of our control.”
He adds that the supply chain also widens the attack surface, as it’s easy for talented cyber criminals to use a third-party partner to gain entry into a larger organisation which is the desired target. “In 2018, businesses will need to concentrate on better security for their supply chains, and ensure they have the appropriate measures in place.”
Cloud security will also remain an issue this year. “The past ten years has seen an explosion in the uptake of cloud-computing technologies and platforms, and with it, a whole new slew of security threats. Moving to the cloud inevitably means a certain loss of control of your businesses’ data, as it is now stored off-premise, with a cloud provider. Issues of data residency and governance will continue to be a concern for companies, as will ensuring data in the cloud remains private and secure.”
He says businesses also need to remember that although a cloud provider will have security tools and measures in place to reduce the risk of data breaches, it is crucial to remember that your company is ultimately responsible for the security of its data and a breach can have serious legal, regulatory, reputational and financial consequences.