ForcePoint’s 8 cybersecurity predictions for 2018
Cybersecurity provider, ForcePoint, has unveiled their 2018 Security Predictions Report, which will provide guidance on how to approach threats in upcoming months.
In no particular order, 2018 cybersecurity predictions, are as follows:
- Privacy will fight back.
If in 2015, people were willing to sacrifice their data for more convenience, they will become more discerning in 2018. Before, they may have been ok with exchanging personal data for say, free WiFi service, but moving forward they will begin to question why they need to keep doing it.
ForcePoint also observed more privacy regulations being enacted around the world. Forcepoint’s APJ Channel & Alliance Director, Alex Lim, said, “The European Union’s GDPR or General Data Regulation Protection, is one of the biggest example of a fightback from the legal perspective.”
- GDPR: Procrastination now, panic later
ForcePoint’s Principal Technical Consultant, Brandon Tan, said many companies will not be compliant when the deadline arrives on 25th May 2018, and panic-driven policies will stifle businesses as they struggle to become compliant.
He also opined that visionary CIOs will realise that a cyber breach is only a matter of time, and will prepare the organisation, in terms of how to respond to the breach incident.
- Disruption of Things.
With the Internet of Things, there are three vantage points for attacks to happen – devices or sensors, the network that connects them all, and the data that devices/sensors collect. Tan foresees these devices, and especially those that are connected to critical infrastructures; be they nation-owned or not nation-owned, being attacked in 2018.
“There will be major disruption of these IoT devices.”
- The rise of cryptocurrency hacks
This type of hack has already happened in 2017. Tan said, “We have already seen malware to mine cryptocurrencies, credentials being stolen at exchanges, and cyberattacks exploiting weaknesses in underlying algorithms.”
Tan pointed out that in 2018, what will be different is cyberattacks will be at the exchange-level. This is a result of increasing amount of malware targeting user credentials of exchanges.
An exchange, is the point in the whole chain, where cryptocurrencies are held when they are about to be converted into fiat money.
- Data aggregators.
Tan described these as organisations that compile information and apply analytics to them, to produce insightful information.
“These are gold mines of information, and a data aggregator will be breached in 2018 using a known attack method ie. Known vulnerability, employee error, third-party compromise, ransomware, security misconfiguration, weak authentication and so on.”
- Cloud security
On the cloud, there is no such thing as a perimeter anymore. Without this perimeter, firewalls are rendered useless, and there is increased risk of breach
Cybercriminals turn to the cloud to spread malware due to its scalable and readily available nature and because cloud networks are generally trusted, raising the probability for malicious activity to go unnoticed.
- Encrypted by default
The web is moving to being encrypted by default.
ForcePoint observed, “In order to protect personal data and intellectual property, organisations are using SSL/TLS decryption and inspection technologies on their web and app traffic.
In reaction to the increased use of HTTPS, cybercriminals and nation state actors are
adapting their tactics, techniques and procedures. For example, scammers have been acquiring certificates that make their fraudulent websites imitate the likes of PayPal and Google to appear legitimate.
- The human point
ForcePoint calls it the next giant leap for the industry – finally focusing on the workforce within the organisation, and understanding how they are behaving in the organisation.
“The user is constant, while they interact with apps and data which change. Moving forward, workforce monitoring and the use of User Entity Behaviour Analytics (UEBA), will become a top priority for CISOs in 2018,” Tan said.
UEBA solutions analyse user behaviour for a long period of time, and focuses on events, not data, to detect anomalies.