Continuity Central asked a number of information security companies to look ahead and make their top predictions for how the cyber security landscape will change during the coming year. This is what they said…
Rich Campagna, CEO at Bitglass:
"The Necurs botnet attacks in 2017 were much more sophisticated than any enterprises had encountered before. This botnet distributed malware took desktop screenshots and collected device and network information to refine future attacks. The incident demonstrates how attackers’ nefarious techniques are evolving. In 2018, advanced malware will utilise machine learning for improved potency and delivery. In response, many organizations will deploy email filtering, malicious URL detection, machine learning threat protection, and take steps to train employees on these risks. Failure to proactively defend against futuristic forms of malware will prove disastrous for many firms."
Rob Strechay, SVP Product at Zerto:
"Cloud is here, and it’s here to stay – at this point, that’s basically old news. What is new, however, is the dramatic shift to IT infrastructures that cloud is bringing; with new platforms and challenges for the systems development life cycle (SDLC). In 2018, I predict that dev and IT teams will need to think about the best way to utilise orchestration and data mobility to their full potential. This will be important when it comes to bringing test, development or QA workloads to a public cloud platform or MSP. For example, applications may run more efficiently on Azure, while AWS is a better suit for others. It’s often difficult to know in advance. If you combine this with the fact that many companies are now demanding a multi-cloud strategy, and do not want to be tied down with one cloud or platform, more organizations in 2018 will adopt solutions that allow for easy and affordable cloud platform testing. Being able to ‘try out’ other applications on different platforms in a fast, easy and cost-efficient manner will allow organizations to end up with a tailored, multi-cloud strategy that optimises performance in ways that were not imaginable before the cloud boom."
Thomas Fischer, Global Security Advocate at Digital Guardian:
"So much personally identifiable information (PII) has been exposed in breaches over recent years that it is quite easy for hackers to use our identities against us. Everyone, in some form, is vulnerable to attack. In particular, the rich amount of compromised passwords and rise in cloud based applications will leave companies more vulnerable to compromise than ever before. Should a cybercriminal attain an employee’s credentials, they could log into their email, and then use the information gained to access more company services and applications – all with the company and victim being none the wiser. The consequences of this – combined with the impending GDPR – could be detrimental to an organization. The only cure is multi-factor authentication (MFA). As a result, in 2018, we will see an unprecedented rise in enforcement of MFA as a barrier to breaches."
Ken Hosac, VP IoT Strategy & Business Development at Cradlepoint:
"2018 will see organizations being smarter about how they secure their IoT devices. Global surveys show increasing enterprise IoT adoption, but with the spread of vicious botnets such as Reaper and Mirai, businesses know that deploying IoT devices on an existing network is dangerous. It creates cross-contamination, expands the attack surface and exposes corporate networks to new vulnerabilities. This is a serious threat that will need to be mitigated in 2018. One way of addressing the issue is by deploying software-defined perimeter technology. This enables businesses to control access and isolate IoT devices from each other. Significantly, it means existing networks can be shielded from potential attackers. In 2018, we will see more organizations addressing IoT security issues with software-defined perimeter technology, supporting the continued development of the global IoT ecosystem."
Tom Harwood, Chief Product Officer and Co-Founder at Aeriandi:
"Web based security measures have evolved much faster than those for voice and telephone in recent years. For the web there’s always the option of multi-factor authentication. There’s also behavioural monitoring as a preventative measure and identity based management - all improving degrees of data security. The same is not true however for phone-based contact, which is still a poor relation to online. As it stands, it is estimated that between 30 percent to 50 percent of all fraud incidents are initiated with a phone call, meaning telephone agents in contact centres are particularly vulnerable to social engineering and manipulation. I think it’s reasonable to predict that 2018 could be the year when we see the first major voice-initiated cyber breach. With fraudsters increasingly looking for ways to exploit telephone contact centre agents, and regulations like GDPR and MiFID II coming into play, organizations must give voice security the attention it deserves."
Mat Clothier, CEO, CTO and Founder at Cloudhouse:"In 2017 we saw ransomware attacks cause havoc across the board, and this doesn’t look like a trend that will phase out. If anything, attacks will become more sophisticated in 2018, with the perpetrators continually looking to infect high-profile organizations and bodies. Many will be looking to shore up defences to protect against these threats, but with some of the most high-profile names out there still using unpatched legacy operating systems such as Windows XP, this isn’t easy – in fact, it is impossible. Attacks can easily breach outdated defences and bring critical systems to a standstill, exactly like we saw with the WannaCry attacks. With more and more operating systems reaching their end of life in the near future - such as Windows 7 in 2020 - we hope that the next year will see businesses investing in ways to keep their legacy apps still functioning, but in a safe environment - not one built for a bygone era."