Article

Rick McElroy
Rick McElroy 13 December 2017
Categories Technology

How secure is your customer data in a world of ransomware, malware and data breaches?

It’s been an almost perfect storm of data breaches, ransomware, and malware in 2017. Data breaches have continued and ransomware has kicked up a gear with major attacks such as WannaCry, Petya and BadRabbit causing havoc around the globe. Rick McElroy, Security Strategist at Carbon Black, look at the three most important trends this year, and provides his predictions for 2018.

According to the Ponemon Cost of a Data Breach 2017 Report, $3.62 million is the average total cost of a data breach and $141 is the average cost per lost or stolen records. There is also a 27.7% likelihood of a recurring material data breach over the next two years to companies for companies that have been compromised.

So what were the main trends that played out in 2017 and what are we likely to see happening in 2018?

Trend 1 - Nation states attacking more

One clear trend has been the mainstream visibility of nation states being involved in cybersecurity incidents. Countries have always been involved in cyber-espionage and in 2017, this has become more apparent. Not only that, but tools used by intelligence services have now fallen into the hands of cybercriminals. The biggest of these was the NSA Shadow Brokers release as well as the Vault 7 and Vault 8 leak onto Wikileaks.

The tools that intelligence agencies have spent millions of dollars on have become commoditised.

Trend 2 – Unknown mobile devices are on the network 

I was speaking to a CIO and he told me that on his network there were around seven or eight devices per person. Not just mobile phones, tablets and laptops, but also fitness trackers, etc. Keeping track of all of these will be a challenge for security teams as security solutions need to cover everything hitting the network.

Trend 3 – Keeping up with threats in the Cloud

Another big trend has been trying to secure everything in the cloud as organisations start to adopt more cloud services and transition more of their IT into the cloud. So how do security teams know what is happening in all their clouds? How do they know what third parties are accessing their cloud? There has been a greater focus by hackers on attacking cloud networks this year and I only see this increasing in 2018.

Prediction 1 for 2018 - Nation-state actors including Iran and North Korea are likely to increase cyber-attacks and Russia will engage in more cyber electioneering following efforts in 2016 

Malign nation state actors now have the playbook and they know what to do in order to affect elections in the west. It’s further likely that these and other nation-state actors become emboldened following the non-response from the United States. If you have a system connected to the internet, you are part of cyberwarfare in some fashion. 

Attackers won’t go straight to an organisation, they’ll use nested hacking of people to get to the data. There will also be a lot of social engineering to spread disinformation in order for them to destabilise other countries.

Prediction 2 for 2018 - Ransomware will continue to be a major problem

Ransomware will become more targeted by looking for certain file types and targeting specific companies such as legal, healthcare and tax preparers rather than the ‘spray and pray’ attacks we see now. In particular Brazil has become a hub for ransomware development. Why? They have trained a lot of college kids to write a bunch of code but they didn’t have jobs for those kids to go into, so now they have ventured to the dark side. Also, ransomware developers are refining this malware to make it more effective. To fix the problem of ransomware, the entire world has to stop paying ransoms. Also, organisations need to bolster their disaster recovery and resiliency efforts.

Prediction 3 for 2018 - IoT based DDOS attacks will have a major impact on services

These have happened in the past and will continue to do so in the future. Organisations have staff trying to cope with a thousand devices to secure and will then have to cope with securing tens, perhaps hundreds of thousands, even millions of devices. Most likely with no extra resources. This is going to be a continuing challenge.

Prediction 4 for 2018 – the rise of offensive AI

Artificial intelligence will be increasingly used by cybercriminals to carry out attacks on infrastructure. 2018 will be the year will see attacks using machine learning to outwit security systems. Some people working on AI may be tempted to go over to the dark side and use their knowledge for illicit gains.

The importance of securing the endpoint

What we have faced and what we expect for next year means that for enterprises the endpoint is the new perimeter to defend. The data lives on the endpoint, so you have to provide great security where the data is. The trends we have seen mean that our solutions need to adapt to combat these trends and the threats they bring.  With attacks on the rise we expect a sharper increase in security awareness and spending.  Evolving threats and sophistication of tools available to attackers means that 2018 isn’t the year to accept risk.  We recommend that companies are far more risk adverse than in previous years, because if we have learnt one thing it is that would be malign cyber actors are waiting to capitalise on past mistakes.

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
7 Reasons Why Social Media Marketing is Important For Your Business

7 Reasons Why Social Media Marketing is Important For Your Business

In the past two decades social media has become a crucial tool for marketers, enabling businesses to connect with potential customers. If your business has yet to embrace social media and you want to know why it is...

Sharron Nelson
Sharron Nelson 29 February 2024
Read more
B2B Marketers Need a New Approach to Lead Gen to Meet the Growing Quality Challenge

B2B Marketers Need a New Approach to Lead Gen to Meet the Growing Quality Challenge

The biggest challenge facing B2B marketers in 2024 is generating high quality leads. And the problem is getting worse.

Michael Nutley
Michael Nutley 18 March 2024
Read more
How to Create a Landing Page: The Ultimate Guide

How to Create a Landing Page: The Ultimate Guide

Learn how to make an effective landing page with our latest article. Perfect for beginners and pros alike, this article gives you practical tips to create a landing page that works for you. From picking the right...

Ravi Shukla
Ravi Shukla 19 February 2024
Read more
How to Review a Website — A Guide for Beginners

How to Review a Website — A Guide for Beginners

A company website is crucial for any business's digital marketing strategy. To keep up with the changing trends and customer buying behaviors, it's important to review and make necessary changes regularly...

Digital Doughnut Contributor
Digital Doughnut Contributor 25 March 2024
Read more
4 Tips for Building Effective Direct Response Marketing Campaigns

4 Tips for Building Effective Direct Response Marketing Campaigns

Craft irresistible offers and elevate your marketing strategy with direct response marketing campaigns.

Iulia P
Iulia P 22 March 2024
Read more