2017 saw a record number of security breaches. From healthcare organizations to telecommunications giants, cyber villains took no prisoners in striking victims across the industrial landscape. According to the Identity Theft Resources Center (ITRC), the recorded number of security breaches in the U.S. reached 1293 by December 20th — 21 percent higher than the number reported around the same time in 2016. ITRC expected that number to surpass 1300 by the end of the year.
If history is any indication, IT security threats will continue to grow in both number and sophistication. Let’s take a closer look at the trends that are wrecking havoc in 2018.
1. Attack on IoT
Business owners are steadily realizing the benefits of the Internet of Things (IoT) technology and its value to real-time data. Unfortunately, cybercriminals are right behind them. According to IDC, 46 percent of IT executives reported to experiencing security incidents related to attacks on IoT devices. The survey revealed that 93 percent of respondents called upon third-party IoT security specialists to deal with the conflicts. Consequently, 71 percent of respondents found that IoT attacks are more expensive to resolve than traditional security incidents.
The lack of viable security makes smart devices vulnerable to the most basic security exploits. By gaining backdoor access, hackers can compromise IoT systems in various ways, with DDoS attacks being the biggest concern. Imagine an army of zombie refrigerators, toothbrushes, and automobiles launching coordinated attacks on corporate networks. It’s a frightening thought when coupled with the existing crop of devices commonly used in DDoS attacks. Targeting sensitive IoT data via ransomware is another possibility that has security experts on alert.
Speaking of ransomware, security researchers predict that it will continue to be a significant threat in 2018. In its Annual Cybersecurity Report, Cisco estimates that these extortion-based attacks are growing at an annual rate of 350 percent. What’s more, that growth has come at the expense of countless paying victims. Security software firm BitDefender approximates that ransomware is currently a $2 billion global industry.
Ransomware-as-a-Service (RaaS) has played a significant role in the growth of ransomware. Originating from the deepest corners of the dark web, RaaS provides novice hackers with tools that make it possible to execute surprisingly sophisticated and lucrative attacks. These platforms operate a lot like original software distribution services, offering full-access licenses, monthly pricing plans, and even dedicated tech support. With RaaS slowly making its way onto the open web, you can expect this trend to further evolve in 2018.
3. Cloud-based Malware
The bigger the cloud grows, the bigger target it becomes for attackers. While the major cloud vendors represent a larger score for cybercriminals, the lesser known companies may be the most vulnerable. Smaller service providers typically lack the infrastructure and resources which industry powerhouses, like Amazon, Google, and Microsoft, employ to thwart security threats. These vulnerabilities could also make those smaller providers more likely to give in to ransomware demands. That is the opinion of MIT Technology Review, which predicts that ransomware will aim at the cloud in 2018.
4. AI Threats
Artificial intelligence has been lauded for its ability to analyze data, recognize speech patterns, and perform various other tasks that typically require human intelligence. The sky is the limit, but that untapped potential applies to malicious usage as well. Armed with AI, hackers could potentially execute high-level attacks that not only cripple corporate networks but also turn automobiles and drones into dangerous weapons. According to a Webroot survey, 91 percent of IT security professionals expressed concerns about AI being used to attack organizations.
5. Insider Attacks
Most security solutions are designed to neutralize threats emitting from outside of the company. However, research suggests that there should be greater emphasis on insider threats. Infosecurity reported that internal incidents were responsible for 43 percent of data breaches — half intentional, half accidental. Another report found that 74 percent of organizations believe they are vulnerable to insider attacks. The same study suggested that these inside attacks are among the costliest to resolve, with 53 percent of respondents estimating remediation costs at $100,000 or more.
Hackers are a determined bunch. Organizations at every level must be equally persistent, resilient, and diligent in minimizing their effectiveness. With all the threats in 2018, IT security professionals need to realize that a culture built on prevention, early detection, and rapid response is the way forward.