I’ll start this blog post by looking at some figures….
As of March 2017, there were 3.7 billion web users and each minute of every day we see 452,000 Tweets, 156,000,000 email messages sent, 16,000,000 text
messages sent, 342,000 app downloads, 900,000 Facebook log-ins, 2,000,000 Google search queries and £560,297 is spent online.
Multiply these numbers by the number of minutes in each day and the numbers are truly astonishing AND growing.
As these numbers grow, so too does the opportunity for hackers.
7.1 billion identities have been exposed to data breaches in the past 8 years and 88.9% of stolen data is personal information.
You can check if your email address has been involved in a breach by entering your details into the have I been pwned website – http://bit.ly/2iBT5g1
Sadly, these crimes aren’t victimless, 22% of businesses lose customers and 23% lose business opportunities because of cybercrime. Not only this, people
are losing their jobs – think Equifax.
During 2017 we faced some of the biggest challenges we’ve ever seen in the Cyber Security industry and 2018 is looking likely to present us with many more
great opportunities with Artificial Intelligence, Machine Learning and Cloud technology allowing organisations to become agilerin all aspects of their
operations. This does though present us with new challenges to overcome.
Below are some of the changes and challenges that we expect to see emerge during 2018.
Organised crime is moving from the street to cyberspace at a frightening pace, and as more criminals become cyber-aware we expect to see the Crime as a
Service model increase. Criminals are always looking at how they can make money whilst putting in minimal effort and providing entry-level cybercriminals
with the ability to execute ransomware (amongst other things) is a great way of doing this.
We also expect cybercriminals to really go after Privileged Account users in 2018. Stealing these credentials is undeniably going to be a top target for
hackers throughout 2018. In fact, a recent survey commissioned by Thycotic at BlackHat 2017 found that 32% of hackers said accessing privileged accounts
was their number one choice for the easiest and fastest way to hack systems and get at personal data.
Criminals to target Smart Devices far more often
Without even trying, the number of IoT/smart devices is going to explode over the next 18 months. Many families, if questioned, would be surprised at the
number of Smart devices they now own.
Again, the more internet-connected devices there are, the bigger the opportunity this presents for hackers.
Just today, we’ve been made aware of a vulnerability in Huawei Home Gateway, Huawei’s Echolife Home Gateway and Realtek routers, that allows the Satori
Botnet to compromise and use them to knock down websites.
So far, in just over 12 hours, some people have commented that over 280,000 IP addresses have been compromised.
Trying to stay ahead of the game, vendors have already started to react. ITB Partner McAfee are working closely with Xerox to embed security products directly
into their Altalink Multi Function Printers.
During 2018 we expect to see many more internet-connected devices being used to disrupt organisations, so it’s important to secure these devices and think
about whether you REALLY need that internet connected fridge.
Increase in the use of Blockchain in IT Security
Although in its infancy, the idea behind Blockchain will help alleviate many of the issues faced by organisations today.
Blockchain technology allows data to be stored in a distributed way meaning that there is no central repository of information and therefore a single point
of failure for hackers to exploit.
This is definitely one to watch in 2018.
More of a focus on Insider Threats
Whilst external attacks are becoming more sophisticated and take up a lot of press space, the insider threat is still being overlooked, despite accounting
for more data breaches than malicious outsiders.
Netwrix’s IT Risk Survey for 2017 identified that many organisations don’t have the ability to analyse insider behaviour which makes them particularly
Remember, a breach is a breach irrespective of where it comes from.
Increased Regulation across the world leads to a Data Protection drive
It’s not only Europe that is seeing a massive shift in regulatory compliance. Data Protection practices are being reviewed the world over.
The wave of new legislation (think GDPR and PECR) brings with it new penalties for non-compliance and it’s not just direct fines that will cost companies
but also damage to reputation, cost of remediation, impact on stock price and a threat to competitive advantage that will have a knock-on effect on
the profitability of a company.
Whilst the fine Equifax are to receive hasn’t yet been made public, our guess is that it will dwarf the final overall cost to the company.
Data Protection products have traditionally been cumbersome and difficult to implement to the high standards many organisations require, however, due to
these changes many company’s hands are now being forced.
How companies analyse security data will improve
With the new regulations, particularly the EU GDPR, not only must organisations be able to prevent a data breach, should one happen, they must be able
to provide as much information as possible to the regulators in a timely manner, letting them know what happened, how it happened and what has been
done to prevent it happening again.
Security products create a lot of data, so mining this data for information can be difficult and time- consuming.
This will lead to many organisations looking for ways to improve this process.
Luckily there are some brilliant people working in this industry who work tirelessly to keep us safe and help us drive to improve what we’re doing.
Remember, Cyber Security is a journey not a destination.