Once again, Forcepoint, a global leader in cybersecurity that focuses on what matters most has released its report about 2018 security predictions. It has also provided the required guidance on threats companies and organizations are going to face.
In its introduction, Forcepoint pointed out that security industries have been focusing on the wrong things. That’s traditional perimeters which have become obsolete; the focus should be on bigger walls and better visibility. With the rise of digital transformations, employees now have the power to interact with data and access intellectual property using devices, systems, and applications. These interactions have led to behavior-centric risks such as common errors which as shown in the 2017 malware attacks. In this wake of evolving malware attacks, security professionals must be vigilant in order to identify the risks. This can be done by understanding how data flows, entities who have access to it and what they can do with it and assess cyber risks in real time. Security efficiency can be increased by focusing on what matters, user data patterns and reducing complexities. Behaviour and intent should be placed at the center of security.
This year, Forcepoint has eight 2018 security predictions. Below is a preview and a spotlight on some of their predictions;
Privacy Fights Back
Forcepoint’s’ prediction is based upon the perfect storm among four drivers namely; technological, societal, legal and political. With the confluence of these drivers and support from new regulations, privacy will make a comeback. With new regulations set to take effect in May 2018 under the General Data Protection Regulation, compliance will drive visibility. Many technologists are also favoring privacy. Regarding societal and technological changes, privacy is no longer an abstract concept, but an actionable one. Thanks to data aggregators and data breaches which has helped raise the awareness. Legal and politics on the other hands may hinder legitimate privacy concerns with security needs as they will be polarizing.
Prediction: “2018 will ignite a broad and polarizing privacy debate, not just within governments, but between ordinary people.”
Disruption of things
In the past year, the popularity and adoption of IoT devices in both consumer and business environment has become evident. This widescale growth has also attracted something else, IoT will become a target for mass disruption. This is because they are easier to access and they’re unmonitored most of the time. The worrying thing is the growth, the more it occurs, the more the data that can be leveraged and so the IoT malware. In 2018, its predicted that ransomware will not attack the IoT but its feasible. More concern is to the disruption of things as IoTs offer access to critical data which attackers can use to steal data, infiltrate a network, insert malware and even build botnets to take down a whole network. It also more lucrative as nowadays home assistants are linked with financial accounts.
Prediction: “IoT is not held to ransom, but instead becomes a target for mass disruption.”
The rise of cryptocurrency hacks
Another area for security threats come 2018 is cryptocurrency. Cryptocurrency has garnered popularity, and its value is forever rising by each day. Cryptocurrency has become one of the major online currencies in which users can pay for goods and services. Cybercriminals have also delved into it as it’s their main form of users paying for ransomware. But next year things might be different, cybercriminals will now attack and hack the cryptocurrencies. Although hacking blockchain is not viable currently, attackers will be after something else as the trends have shown; the underlying technology and support system. Malware is now able to steal cryptocurrency from exchange users, mine cryptocurrency and exploit other weaknesses. In 2016 alone, the worlds largest dollar based bitcoin exchange was breached, and bitcoin worth of $72million was stolen. In the same year Coin base was targeted by a Trickbot. In 2017, CBS websites were exploited to redirect computing power to mine other lesser known cryptocurrencies.
Prediction: “Attackers will target vulnerabilities in systems that implement blockchain technology associated with digital currencies.”
Cybercriminals are now targeting information associated with personal data such as banks, digital healthcare records and other info that have inherent wealth value. Unlike other data, complete sets of data are always associated with individuals and cannot be altered. This makes cybercriminals to target those data aggregators. Given that they have so many egress and ingress points and also hold huge quantities of data, they create complexities in security which cybercriminals will exploit. Data aggregators offer effective and efficient ways for modern working practices which many companies have adopted. These practices also offer anytime and anywhere access to exploits. Forcepoint says that Equifax was just the tip of the iceberg, considering its magnitude, we are expecting more breaches to happen in 2018.
Prediction: “A data aggregator will be breached in 2018 using a known attack method.”
Encrypted by default – implications for all
Forcepoint is predicting that attackers will follow the migrations to secure web encryptions such as HTTPS. As of now, 25% of all website traffic are moving to the encrypted by default technology including all the major global search engines. As everyone is moving towards the HTTPS, cybercriminals are also acquiring certificates to put up their fraudulent websites such as fake PayPal and Google. In order to protect data and intellectual property, most organizations and companies are now implementing the SSL/TLS decryption and inspection to understand how data is moving using a legitimate man in the middle (MITM) attack. Cybercriminals and other actors are also adapting their tactics and procedures to use the visibility MITM provides a way in which malware can be used to propagate.
Prediction: “An increasing amount of malware will become MITM-aware.”
Other predictions by Forcepoint include;
- Procrastination Now, Panic Later
- Cloud Security
- The Next Giant Leap for the Industry
From the projections, the security industry will be impacted heavily if the threats happen. Most traditional security are now mediating and trying to prevent data leakages and ransomware. But other risks are also arising which will make systems more vulnerable unless we shift to a human-centric future to understand the root of all risks.