Looking back, 2017 was the year of WannaCry, the global ransomware attack, and major breaches at Equifax and Verizon. As we look ahead, can we expect much of the same? The following reflects some of what the cyber experts have had to say in terms of what’s to come in 2018.
- Ransomware will go beyond looking to extort individuals, to cyber sabotage and disruption of organizations. This drive among adversaries for greater damage, disruption, and the threat of greater financial impact will not only spawn new variations of cybercrime “business models,” but also begin to seriously drive the expansion of the Cyber insurance market, says McAfee Labs. “While much about the motives behind WannaCry and NotPetya are still debated, the use of pseudo ransomware is likely to continue, partly due to the ease with which as-a-service providers can make such techniques available to anybody with the means to pay,” said Raj Samani, Chief Scientist and head of McAfee Advanced Threat Research. “Such attacks could be sold to parties seeking to paralyze national, political and business rivals.”
- With billions of connected devices globally, many of which individuals use daily, it’s more than likely that a serious attack could occur. 2018, says IBM, seems poised to have the right combination of device proliferation, underlying vulnerabilities and bad-guy attention for Internet of Things (IoT) attacks to go to the next level.
- Chatbot takeover: In 2018, some financial institutions will begin using chatbots to facilitate payments, luring cyber criminals to impersonate good users and take over their accounts, possibly using remote access into the regular user PC to neutralize any device-based recognition.
- Just as organizations are adopting machine learning and Artificial Intelligence (AI) to improve their cyber security posture, so are the threat actors. Attackers are using machine learning to speed up the process of finding vulnerabilities in commercial products, with the end result being that attackers will use even more new exploits without signaling that AI was involved in their creation.
- There will be a rise in insider threats and compromised business addresses. Attackers will spend more time on the attack gathering as much data as they can and will target key people in a company to either turn or compromise for their own gain. Additionally, business addresses will be compromised for use in attacks. Websites will be compromised to host malware, digital currency mining operations, or data gathering.
- Businesses will be rushing to prepare for the European Union’s sweeping General Data Protection Regulation (GDPR), which goes into effect in May 2018. While survey data varies, it’s clear that many businesses around the world are still unprepared, cites IBM. Given the enormous potential for fines for noncompliance, companies will be scrambling.
RPS specializes in providing Cyber insurance solutions to a wide range of businesses and is available to assist you with placing this much-needed risk protection in today’s environment.