In our last post, we talked about the most significant data breaches of 2017. And what better way to wrap up 2017 than by pulling out our crystal ball and gazing into the near future.
Using our expertise in infosecurity, here is our shortlist of what to watch out for in the upcoming year:
The way in which your website collates and processes sensitive information from its users is about to radically change. Or should be.
The new EU regulations known as GDPR, which is designed to better protect the rights of the user, comes into full effect in 2018. Companies who have yet to prepare for this eventuality – and there are many out there, particularly in the US – still do not understand the full impact of the regulation.
If you collect or process sensitive data – from web forms for instance – and it contains sensitive information from EU residents, it is high time to get educated on the matter.
EU GDPR demystified: a straightforward reference guide for US firms – Part One
EU GDPR demystified: a straightforward reference guide for US firms – Part Two
The value of cryptocurrencies went a bit nuts in the final part of 2017, leading scammers to salivate at the possible return on investment if they managed to steal someone’s bitcoin.
Recent hacks have called not only the digital currency, but its powerful engine, Blockchain, into question: is it really secure? Blockchain, if managed properly, is a sound security proposition, and we expect to see security services include this technology to further protect sensitive information. We expect to see a lot more Blockchain information and education, as well as services relying on its model, in 2018.
We expect attack agents to increasingly tailor their attacks to industry-specific applications and systems.
Healthcare services, for instance, are renowned for delayed adoption of new systems, applications and technologies, making them prime candidates for exploitative malware.
At the other end of the spectrum, entertainment production companies, if last year was any indication, have less-than-ideal security in place, despite the high value and secretive assets stored on systems (such as an upcoming series or movie).
Without regular risk assessments, widely adopted system set ups or industry-specific application adoption can create a bit of a homogenic environment. If improperly secured, we worry that industry itself can suffer huge losses.
Ransomware is not going anywhere soon.
Ransomware has proven to be a lucrative cash cow for attacker cells, solidifying its future as a prime cyberattack vector.
We do expect this line of cyber attack to evolve.
Already we have seen in the later part of 2017, new ransomware-like attacks that steal sensitive information and threaten to release it unless a ransom is paid. This renders back-ups moot in this scenario, as it doesn’t matter if you still have the original copy.
As seen in 2017, expect the river of new IoT devices to continue flowing. Sadly, we do not expect to see any major improvements in security options or better default security in these devices.
As consumers and businesses continue to introduce – and give full reign to – these internet-enabled devices, we expect to see an increased number of data breaches that stem from poorly protected IoT devices.
Before you buy or connect a smart device (IoT), read this!
IoT Developers: checklist for building more secure Smart Devices.
There you have it, our list of 2018 cybersecurity predictions. Let us know if you think we missed something. From everyone at TBG Security, we wish you happiness, peace and, above all, security, this holiday season. And of course, happy New Year!