How secure is your customer data in a world of ransomware, malware and data breaches?
It’s been an almost perfect storm of data breaches, ransomware, and malware in 2017. Data breaches have continued and ransomware has kicked up a gear with major attacks such as WannaCry, Petya and BadRabbit causing havoc around the globe. Rick McElroy, Security Strategist at
Carbon Black, look at the three most important trends this year, and provides his predictions for 2018.
According to the Ponemon Cost of a Data Breach 2017 Report, $3.62 million is the average total cost of a data breach and $141 is the average cost per lost or stolen records. There is also a 27.7% likelihood of a recurring material data breach over the next two years to companies for companies that have been compromised.
So what were the main trends that played out in 2017 and what are we likely to see happening in 2018?
Trend 1 - Nation states attacking more
One clear trend has been the mainstream visibility of nation states being involved in cybersecurity incidents. Countries have always been involved in cyber-espionage and in 2017, this has become more apparent. Not only that, but tools used by intelligence services have now fallen into the hands of cybercriminals. The biggest of these was the NSA Shadow Brokers release as well as the Vault 7 and Vault 8 leak onto Wikileaks.
The tools that intelligence agencies have spent millions of dollars on have become commoditised.
Trend 2 – Unknown mobile devices are on the network
I was speaking to a CIO and he told me that on his network there were around seven or eight devices per person. Not just mobile phones, tablets and laptops, but also fitness trackers, etc. Keeping track of all of these will be a challenge for security teams as security solutions need to cover everything hitting the network.
Trend 3 – Keeping up with threats in the Cloud
Another big trend has been trying to secure everything in the cloud as organisations start to adopt more cloud services and transition more of their IT into the cloud. So how do security teams know what is happening in all their clouds? How do they know what third parties are accessing their cloud? There has been a greater focus by hackers on attacking cloud networks this year and I only see this increasing in 2018.
Prediction 1 for 2018 - Nation-state actors including Iran and North Korea are likely to increase cyber-attacks and Russia will engage in more cyber electioneering following efforts in 2016
Malign nation state actors now have the playbook and they know what to do in order to affect elections in the west. It’s further likely that these and other nation-state actors become emboldened following the non-response from the United States. If you have a system connected to the internet, you are part of cyberwarfare in some fashion.
Attackers won’t go straight to an organisation, they’ll use nested hacking of people to get to the data. There will also be a lot of social engineering to spread disinformation in order for them to destabilise other countries.
Prediction 2 for 2018 - Ransomware will continue to be a major problem
Ransomware will become more targeted by looking for certain file types and targeting specific companies such as legal, healthcare and tax preparers rather than the ‘spray and pray’ attacks we see now. In particular Brazil has become a hub for ransomware development. Why? They have trained a lot of college kids to write a bunch of code but they didn’t have jobs for those kids to go into, so now they have ventured to the dark side. Also, ransomware developers are refining this malware to make it more effective. To fix the problem of ransomware, the entire world has to stop paying ransoms. Also, organisations need to bolster their disaster recovery and resiliency efforts.
Prediction 3 for 2018 - IoT based DDOS attacks will have a major impact on services
These have happened in the past and will continue to do so in the future. Organisations have staff trying to cope with a thousand devices to secure and will then have to cope with securing tens, perhaps hundreds of thousands, even millions of devices. Most likely with no extra resources. This is going to be a continuing challenge.
Prediction 4 for 2018 – the rise of offensive AI
Artificial intelligence will be increasingly used by cybercriminals to carry out attacks on infrastructure. 2018 will be the year will see attacks using machine learning to outwit security systems. Some people working on AI may be tempted to go over to the dark side and use their knowledge for illicit gains.
The importance of securing the endpoint
What we have faced and what we expect for next year means that for enterprises the endpoint is the new perimeter to defend. The data lives on the endpoint, so you have to provide great security where the data is. The trends we have seen mean that our solutions need to adapt to combat these trends and the threats they bring. With attacks on the rise we expect a sharper increase in security awareness and spending. Evolving threats and sophistication of tools available to attackers means that 2018 isn’t the year to accept risk. We recommend that companies are far more risk adverse than in previous years, because if we have learnt one thing it is that would be malign cyber actors are waiting to capitalise on past mistakes.