As 2018 rolls around there are going to be lots of changes in the cyber security landscape. There will be steady rise in things like API hijacking and hacking coprocessors but these attacks will be relatively small scale and of little interest beyond the security community. However, of much greater concern are the five following points below, because they’re going to affect a lot of people.
General Data Protection Regulations
In May 2018, the European Union’s General Data Protection Regulations (GDPR) comes into effect. GDPR sets the bar high for cyber security and in essence those companies that don’t comply with its mandates to protect customer data will not only by very publically hauled over the coals but also hit with fines of up to 4% of global turnover.
GDPR applies to all organisations that hold customer data of EU citizens including both the UK and the US. If a company is hacked and data stolen it has two weeks from the time of discovery to notify the relevant authorities and customers. Within the security industry this is a best practise benchmark but the EU is now legally mandating this time period.
It should put a stop to organisations not telling customers that their data has been stolen until many months have slipped by; enabling hackers to cause havoc with ID theft for instance. However, on the ground we’ll still likely see major hacks. Some organisations are doing all they can to comply with GDPR but a lot are also hanging back and waiting to see what happens in practise when a company beaches GDPR.
Internet of Things
We’ve already seen some major IoT breaches not least 2016’s Mirai botnet which caused havoc online. Much has been said and much has been written about the Internet of Insecurity as it’s sometimes called. The question is how many people have actually been listening? We’re guessing it’s not many.
Pre-Christmas the shops are full of bright shiny objects, also known as smart devices. Sales of these clever devices are going to rocket like never before. As 2018 unfolds the impact of poor device security is going to hit, as increasing numbers of devices are hacked.
Much of this will be driven by hackers exploring exploits and simply causing mischief like playing around with central heating thermostats and lighting systems. Specifically expect to see growing attacks on home automation systems such as Amazon Echo and Google Home as well as devices which control home locks, garage door openers, video surveillance systems, home lights, TVs, and so on.
However, that said, a darker thread will also likely emerge as cyber crooks home in on the potential for fraud, such as using smart devices as back doors into networks and then planting malware to steal personal data. Victims likely won’t know what hit them and many months later will still be wondering how their bank account was plundered.
Super sophisticated phishing
It’s been a long time coming but organisations are finally waking up to the need for comprehensive security. They’re even getting the basics right like developing sweeping security policies and building out cyber protection from this foundation. But inevitably, and as is natural in any evolutionary course, hackers are also becoming increasingly sophisticated and nowhere will this be more apparent than with phishing mails.
It can already be difficult to detect the difference between genuine and phishing mails but in 2018 you can bet your inbox contents they are going to become super sophisticated, bearing company logos, grammatically perfect copy and compelling messages that target specific individuals and seem to come from senders that the recipient knows.
Ransomware scourge mutates into plague
There are people whose sole function is to map malware trends as they emerge globally, identifying different strains, the damage they inflict and how they are spread. Unanimously they point to ransomware as the most prolific malware threat over the last 18 months. You may recall WannaCry, which caused near global meltdown as it spread rapidly exploiting flaws in the XP operating system.
Of course you have to question why so many organisations were running XP given that it was no longer supported by Microsoft and therefore wide open to attack. Simply, many people weren’t taking cyber security seriously. Hackers know this and they know what a seriously lucrative ‘easy money’ tool ransomware is. As such ransomware attacks will continue to grow throughout 2018, particularly targeting businesses. You may not hear from the victims because no one, especially reputable businesses, want to put their hands up and admit to having been fooled, but ransomware is only going to grow… and grow.
As we load more and more personal and business data onto our smartphones and increasingly use them for online shopping hackers are going to move away from desktop PC attacks. 2018 is likely to be the year in which there is a significant uptick in financial crime directed at smartphones.