2017 was a big year in the world of cybersecurity. There were some large-scale cyber attacks, including a highly publicised ransomware attack that crippled hundreds of corporations and medical facilities. Cybersecurity experts were scrambling to tackle these threats with sophisticated new software and cybersecurity awareness campaigns.
At the same time, businesses across the United Kingdom began preparing themselves for the enforcement date of the General Data Protection Regulation (GDPR). This bill places additional obligations on companies that are handling sensitive customer information and reporting cybersecurity breaches. But what does 2018 hold? Here are the 9 most essential cybersecurity trends for the coming year.
The number of cybersecurity breaches will increase
A recent report published by cybersecurity firm Norton found that cybercriminals stole an estimated £130 billion from consumers in 2017, including £4.6 billion from British internet users. More than 17 million Brits were affected by cybercrime in some way during the year.
The Global Security Report published by cybersecurity firm AppRiver found that 2017 was a record year for cybersecurity breaches. The report found that approximately 1.9 billion data records were lost or stolen as a result of cyber attacks in the first half of 2017, in the United States, costing businesses USD$16 billion. AppRiver found that Malware-as-a-service, Ransomware, and Dynamic Data Exchange (DDE) protocol attacks were the fastest growing form of cyber attacks.
Most cybersecurity experts expect even more attacks to occur in 2018. There will more frequent attacks and more successful large-scale attacks. The head of the UK’s National Cybersecurity Centre, Ciaran Martin, has even stated that he expects the UK to be hit with a massive scale category one cyber attack within the next couple of years. An attack of this type could cripple national infrastructure and disrupt financial markets.
Ransomware attacks are set to become more common
Cybersecurity firm Spam Titan found that the number of ransomware attacks grew by 2,502% in 2017. This trend will continue in 2018 as many cybercriminals have found ransomware attacks easy to orchestrate and highly lucrative.
Ransomware is malicious software that blocks access to a computer terminal or network until a ransom is paid. Cybercriminals using this form of attack will often target businesses and medical facilities, where continued access to the enterprise’s computer system is critical. Until now, most ransomware attacks have occurred on Windows devices. Experts believe that ransomware will become more common on smartphones and computers running Apple’s OS X or Linux in 2018.
Many businesses will fail to meet their GDPR obligations
The GDPR comes into full effect on May 25, 2018. After that point, UK businesses that have failed to comply with the GDPR may face heavy fines. Nigel Houlden, from the Information Commissioner’s Office (ICO), has already made it clear that the ICO will be very pro-active when it comes to identifying businesses not in compliance.
Businesses that fail to comply with the GDPR will face potential fines of up to 4% of their annual global turnover, or €20 million, whichever is the greatest. A YouGov survey of 2,000 businesses performed in the middle of 2017 found that 71% of UK businesses didn’t even know that they may face fines for non-compliance. In 2018, we can expect to see many penalties being handed out and companies scrambling to become GDPR compliant.
Malware will be used to attack the cloud
The popularity of cloud computing services has dramatically increased in recent years. Consumers are storing everything from their tax records to family photos in the cloud. Businesses are using the cloud to store sensitive data including financial documents and trade secrets. Unfortunately, cybercriminals have now turned their attention to this potentially lucrative source of data. While the big players like Google, Apple, and Microsoft have very powerful cybersecurity regimes in place to protect data in their networks, most smaller companies do not.
Cybercriminals will focus on cryptocurrencies
Many financial analysts have been shocked by the increase in the value of cryptocurrencies in 2017. The most well-known cryptocurrency, Bitcoin, surged by more than 1,300% over the course of the year.
This rapid increase in value has attracted the attention of cybercriminals, who are devising new methods for attacking cryptocurrency exchanges, blockchains, and the personal computers of people who hold cryptocurrency.
2018 began with the largest cryptocurrency theft in history. Japanese cryptocurrency exchange Coincheck had 58 billion yen of cryptocurrency stolen from their system. We can expect many more high-profile attacks involving cryptocurrencies in 2018.
Cybersecurity firms will continue merge
2017 saw some massive mergers and acquisitions involving cybersecurity firms. One of the most significant transactions occurred in August when Symantec sold its website security and PKI businesses to DigiCert for USD$950 million and 30% of DigiCert’s common shares. Another significant transaction in 2017 was the USD$2.7 billion sale of French biometrics and security firm Morpho to the U.S. private equity firm Advent International. 2018 will see even more significant deals, with some massive players looking to expand their market share and develop new niches.
Cybercriminals will begin harnessing artificial intelligence
Many cybersecurity experts are simultaneously delighted and horrified with the impact that artificial intelligence will have on cybersecurity. On the plus side, it will allow cybersecurity firms to develop advanced cyber security tools that can quickly identify and isolate cyberattacks. On the negative side, A.I. will be used by hackers to create sophisticated malware.
Cybercriminals are already developing AI chatbots that are designed to perform phishing attacks. The average Internet user will believe they are talking to a real person when they are actually talking to an AI bot designed to obtain confidential information. AI bots will become widely used by spammers to post spam content on blogs and forums. It will be challenging for website owners to identify the bots because they will operate in a similar way to ordinary Internet users.
AI bots will also be used to perform “smart” brute force attacks. The bot will generate a profile of the user whose password it is attempting to guess, increasing the efficiency and accuracy of the brute force attack. AI bots will be much more successful at guessing the passwords of users and extracting useful information.
More businesses will invest in cyber-insurance
Given the extraordinary cost of cyber attacks, it is no surprise that many companies are interested in reducing their financial exposure by purchasing cybersecurity insurance. In 2018, we will see more insurance companies begin to offer insurance services for cyber attacks.
Cybercriminals will look to the Internet of Things (IoT)
The Internet of Things (IoT) is a network of physical devices, including cars, home appliances, and objects fitted with sensors. It will allow these objects to create and share data. It is a fascinating technology with the potential to change our lives.
Unfortunately, we have already seen some malicious attacks using the IoT. They have included:
An IoT botnet that was used to attack Twitter, Netflix, and CNN.
An exploit that allowed hackers to send alerts on baby monitoring systems
A terrifying exploit that would let hackers to take control of a vehicle that someone else was driving.
In 2018, we can expect cybercriminals to start looking for new ways to exploit the IoT. More hackers will attempt to obtain the data produced by devices on the IoT. They will also be interested in harnessing the computing power of IoT devices to create botnets that facilitate ransomware attacks.
Thanks for reading Cybersecurity trends in 2018. For more cybersecurity news, subscribe to our blog or follow us on social media!