With the new year upon us our thoughts turn to what will happen to the security landscape over the next 12 months.
Mahmoud Mounir, regional director of Secureworks, gives us his predictions for the cybersecurity landscape of 2018.
As the new year begins, cyber threats such as ransomware will continue to pose a serious threat to enterprises and individuals around the globe, especially as the method continues to prove profitable, and offers virtual untraceability for cybercriminals.
Targeted ransomware attacks on enterprises are also likely to be on the rise, as companies have the capital to pay higher ransoms than individuals. Criminals will continue to become more sophisticated, better resourced, and more patient, and will look to target businesses with higher value ransoms.
Business email compromise (BEC) and Business email spoofing (BES) attacks will also continue. This is where threat actors profit from sending emails to employees who have access to company funds, and from compromising the computer, email account, or email server of the victim organisation in order to intercept and alter, or initiate business transactions.
Targeted attacks on banks will likely remain a threat, especially as organised criminal organisations engage in online banking fraud as a means of generating income. Some organisations will focus on non-European and US banks, which are perceived to have weaker security controls and less robust business processes than most of the major Western banks. However, malware targeting is diverse and not limited to major banks. Wealth management companies and their high-net-worth customers will also be targeted, as are payroll processing portals.
The dependability on AI/machine learning in cybersecurity will continue in 2018, as more cybersecurity professionals and companies understand the benefits of an AI/machine learning in the way of streamlining and enhancing threat detection and response, especially when coupled with human threat analysis.
Internet of Things vulnerabilities will also be increasingly targeted by criminals, especially as the IoT network is fast expanding its user base with the likes of smart home assistants, smart cars, and all smart ‘things’. For example, one Secureworks researcher discovered eight vulnerabilities in his own the smart automobile, which would allow unauthorised users to unlock the doors or gain the vehicle’s location.
The Shortage of skilled cybersecurity workers will continue, proved by the zero percent unemployment rate, according to Gartner. However, the industry should do more than just attract existing talent in the pool, it must ensure that it is both nurturing and retaining that talent for the long-term future. We also must focus on inspiring young talent.
Cloud security will become a greater priority for businesses, as more companies move their data to the cloud. When companies move IT assets to the cloud, they have an opportunity to realise cost savings, accelerate innovation, and improve IT performance. However, the benefits of cloud usage come with data security dangers. As such, there will be an increased need for cloud security consulting, especially in light of the upcoming GDPR regulation.