CYBERSECURITY 2018 A Year In Preview
We have created a global society of universal connectivity, where individuals and organizations expect to have instant access to data and services across a variety of interconnected devices. It’s transforming our society. And it’s creating a rich vein of
Between ransomware attacks, remote mobile phone hacks and massive consumer data breaches, it’s very difficult to name a part of our technological framework that isn’t under assault. The current generation of cybercriminal is organized, motivated and well-funded, uncovering weaknesses and infiltrating systems at tremendous speed and scale. The cybercriminal marketplace has become adept at adopting the latest advances in technology, such as automation and artificial intelligence (AI) to create more effective attacks. And as mobile, cloud and the Internet of Things (IoT) continue to grow, new disruptive opportunities emerge for cybercriminals as the attack surface grows.
Well-known attacks and breaches from 2017 foreshadow the massive disruptions and economic impacts possible in our near future, resulting from the ransom and disruption of commercial services or intellectual property. The imminent risks will require a coordinated effort of both human and machine intelligence to combat them. Here’s a look at what you need to know now to be prepared for 2018. Cybercrime Continues To Institutionalize
Hacking is big business, on both an individual and state-actor level. There’s even a way to hire out for malware, from a growing number of so-called “crime-as-a-service” outfits that will validate exploits or deploy botnets against targets for a fee. Much like legitimate institutions, these criminal networks have started to take on characteristics of a long-term institution. They deploy (or hijack) high-power distributed computing clusters to perform research, experiment in sandbox settings and launch attacks. There is a real risk of the cybercrime economy disrupting the emerging digital economy. Basic Cybersecurity Hygiene Failures Continue Adaptive, intelligent, hive-minded malware (see the Artificial Intelligence sidebar) is a serious next-generation threat that must be taken seriously. However, the root cause of many of the most significant and damaging breaches is the same today as it was at the origins of the Internet: a fundamental failure to practice good cybersecurity hygiene. Poor passwords, unprioritized patch scheduling, end-of-life systems and improper user permissions continue to open the door to an unacceptable number of opportunistic attacks.
The mass spread of IoT devices, which tend to have wideopen access profiles by default and are often shipped to the wild with no hope of ever receiving manufacturer security updates, will further open doors to attack. This means doing more than committing to sound patching discipline and policy revision. Organizations must dedicate themselves to finding ways to purge unsustainably insecure devices whenever possible, and rigorously segment and protect those that cannot be removed.