Given what’s happened in 2017 — the Equifax breach, state-sponsored attacks, Russian manipulation of social media, Wannacry, and more phishing scams than we can count — you might not be looking forward to 2018. Breaches will be bigger, hackers will be smarter, and security teams and budgets won’t seem to keep pace.
There is reason to be optimistic, though. Yes, some things will get worse before they get better, but we expect real progress in a few areas. Here’s what we think will happen next year.
1. Many, if not most, U.S. companies will not meet GDPR compliance by deadline
Surveys show that U.S. companies subject to the European Union’s (EU) General Data Protection Regulation (GDPR) are far behind where they need to be to make the May 25 compliance deadline. For some, it might not matter.
Regulators will not audit for GDPR compliance, so companies are vulnerable to fines only if there is a breach or EU citizens file complaints. Even if a company experiences a breach or complaint, regulators will likely treat it leniently if the company can document good-faith efforts to comply.
Organizations that don’t take GDPR seriously and experience an event that triggers an investigation by regulators are at real risk of a heavy fine. That leads us to our next prediction.
2. GDPR regulators will quickly make an example of an organization
There are two schools of thought about whom regulators will target first. Some say they will set a precedent first with an EU company because they are perceived to be less likely to fight a fine. Others believe that regulators will not only go after a U.S. company early, but they have specific companies in mind.
3. The decline of password-only authentication will accelerate
of demand for stronger authentication as a reason for not offering it. They are reluctant to do so, in part, because they don’t want more complicated authentication degrading the user experience.
That worry will be eased by risk-based authentication tools that are becoming widely available. These tools work in the background to assess behavior and other data to determine the likelihood that the person attempting access is actually authorized. Coupled with MFA, risk-based authentication puts up a strong barrier to unauthorized access.
Risk-based authentication is often bundled with identity and access management (IAM) tools. According to Stratistics MRC, the IAM market is projected to grow at a compound annual growth rate of 14.8 percent in 2018, which is another indicator that password-only authentication is headed to extinction.
Liability concerns over compromised credentials are also driving companies to stronger authentication. In its Data Breach Industry Forecast, Experian points out that, after a major data breach at one company, credential reuse affects other companies. They are forced to notify users when hackers use their stolen credentials to fraudulently access services.
Experian calls this an aftershock breach, and the report urges organizations to deploy secondary authentication methods. “Given the continued success of aftershock breaches involving username and passwords, we predict that attackers are going to take the same approach with other types of attacks involving even more personal information, such as social security numbers or medical information,” the report stated.
4. State-sponsored attacks will increase
The usual suspects for state-sponsored attacks — North Korea, Iran, and Russia — don’t have much to lose by continuing their attempts to extort, steal, spy and disrupt by infiltrating information systems. All are already heavily sanctioned, and the consequences — at least those we know about — in response to state-sponsored attacks have been minimal.
This makes the risk of escalating those attacks seem low. Expect state-sponsored attackers to keep pushing the envelope in terms of scale and impact of their assaults. An area of particular concern is critical infrastructure like power and communications grids. “The progression of cyber attacks driven by nation-states will undoubtedly place critical infrastructure in the crosshairs, potentially leading to widespread outages or exposed personal information that could impact millions of innocent consumers,” stated Experian’s 2017 Data Breach Industry Forecast.
Affected nations and the international community will respond with more pressure on the bad actors. More sanctions and indictments of foreign nationals deemed responsible are likely. “Unfortunately, until there is a clear international agreement regarding rules of engagement in cyberspace, these attacks are likely only going to increase and escalate,” the Experian report stated.
State-sponsored attacks might also spur countries to form alliances to fight them. “Increased attacks on critical infrastructure will drive countries to begin discussing cybersecurity alliances. Establishing these alliances will provide mutual defense for all countries involved and it will allow for the sharing of intelligence in the face of attributed nation-state attacks, not to mention agreements to not attack each other,” says Eddie Habibi, CEO of PAS Global.
Until effective deterrents are in place, offending nations will escalate their attacks until the cost is too high. That cost might come in the form of in-kind counter-attacks or even some kind of physical strike. Let’s hope we don’t end up with the kind of brinkmanship that kept the world on edge during the Cold War.
5. Attacks via compromised IoT devices will get worse
Millions of connected devices have little or no defense against hackers who want to gain control of them. In fact, it’s getting easier for hackers to take over scores of internet of things (IoT) devices. All they have to do is purchase a botnet kit from the dark web and they are in business. The top three botnet kits — Andromeda, Gamarue and Wauchos — are estimated to be responsible for compromising more than a million devices a month. The Reaper botnet has infected more than a million devices.
The problem is that we haven’t yet seen what the hackers who control the botnets intend to do with them. Will it be to launch
6. Automation of some threat-detection tasks will increase
Security teams wade through massive volumes of alerts and data every day to determine what is or isn’t a likely threat. That volume will increase, driven by more attacks and more attack vectors. Filtering the alert data is repetitive, tedious work, which makes it a perfect candidate to automate using software.
here it makes sense. Automation will not be a panacea or replace staff, but it will boost threat detection effectiveness and free staff for other important tasks.
With the increased use of machine-learning-based automation will come a greater awareness of what it can’t do. For example, machine learning is only as good as its model and the data available to analyze. It will likely miss any new type of attack. This better understanding of machine learning and automation will allow security teams to deploy the technology more effectively.
7. Trust will be a casualty of the war on cyber crime
Who can blame anyone for mistrusting everything when it comes to cyber security?
ves the risk of Russian influence to compromise the software too high. Similar actions by other countries are likely in 2018. “Other countries have shown similar nationalistic tendencies such as China and its recently passed, far-reaching cybersecurity law that requires access to vendor source code. We predict that the U.S. Executive Branch will show similar tendencies and direct government agencies to exercise procurement preference for vendors with development and manufacturing in the U.S. or allied countries,” says PAS Global’s Habibi.
The environment of mistrust will present opportunities for companies that can show genuine concern for protecting data and that they have proper security infrastructure in place. In other words, earned trust becomes an asset when consumers and other organizations are willing to do business with you because they feel secure doing so.