In the first part of our overall look at 2018 predictions, we determined six of the top 11 trends that were predicted for this year. In this second installment we will look at the remaining five overall topics that are expected to shake cybersecurity in 2018.
The Internet of Things (IoT) may be the most affected sector by the Meltdown and Spectre bugs, but it’s the legislation that many determine will be the biggest game changer. Gary Hayslip, chief information security officer of Webroot, said: “Legislation will require IoT manufacturers to be responsible for producing products without known defects.”
It is also predicted that the power of IoT will be felt by businesses in a repeat of the Mirai botnet activity. Paul Barnes, senior director product strategy at Webroot, predicted a mass IoT breach spanning consumers and businesses, but this time with little ability to remediate based on the attack disabling hardware and demanding a ransom payment.
Also, the growing commercial utilization of IoT systems will mean that the value of breaching and controlling these types of systems is increasing for attackers, says Greg Day from Palo Alto Networks.
Criminals Become More Sophisticated
The advancement of cyber-criminal skills has been predicted year on year, and apart from the unsophisticated nature of WannaCry, this has proved to be true. According to ZeroFox: “Artificial intelligence will lead to more sophisticated cyber-attacks and render basic protection methods obsolete” while Lastline said that in 2018, we can expect to see a dramatic increase in sophistication among cyber-criminals as they leverage AI and ML-powered hacking kits built from tools that criminals leaked or stole from state-sponsored intelligence agencies.
Adam Hunt, chief data scientist at RiskIQ, said: “Threat actors will increase their adoption of adversarial machine learning to evade detection by infrequently trained machine learning models. Machine learning models will need to evolve quickly to keep up with these threats by incorporating instance-based approaches.”
Social Media Takeovers
Following on from the advancement of cyber-criminals, in 2018 there will be an easier ‘way in’ for attackers thanks to social media. According to Airbus CyberSecurity, social media can be used for sophisticated social engineering and reconnaissance activities which form the basis of many attacks on the enterprise.
Markus Braendle, head of the Airbus CyberSecurity business, said that from an attacker’s perspective, social media has become an easy target because of the number of non-cybersecurity savvy users, and the fact that these platforms are both easy and cost effective to use.