The Cyber Threats You Really Need To Worry About In 2018
As hacking and cyber security continues to evolve at an incredible rate, new targets and weaknesses in cyber defences are being exposed. Here are just some of the threats that we believe will be significant this year.
Yet more massive data breaches
The cyberattack on the credit reporting agency Equifax led to the theft of birth dates, Social Security numbers, and countless more data on almost half the U.S. population. It was a clear reminder that hackers aren’t afraid to think big and any company that holds sensitive information should be prepared to rebuff attacks in 2018. According to security expert and author Marc Goodman, data brokers who hold information on people’s personal Web browsing habits will be particularly popular targets. Due to the lack of regulation in the industry.
2017 was the year of ransomware, with a huge number of attacks on targets including the NHS, San Francisco’s light-rail network, and global companies like FedEx. Ransomware is a comparatively simply form of malware that breaches defenses and encrypts computer files. Hackers then demand a ransom payment in exchange for digital keys to unlock the data.
The high frequency of payouts by victims (especially if the material hasn’t been backed up), coupled with the rise of hard-to-trace cryptocurrencies, has made ransomware extremely popular with hackers. Some particularly vicious strains, such as WannaCry, have compromised hundreds of thousands of computers worldwide. The most likely targets in 2018 will be cloud computing businesses who house huge volumes of data for companies and/or run consumer services such as e-mail and photo libraries. Whilst the biggest cloud operators (Google, Amazon & IBM, we’re looking at you) have invested hugely into data security, many smaller companies are extremely vulnerable and even a modest breach could lead to a mammoth payday for the hackers involved.
Over the past few years, artificial intelligence has begun to infiltrate all aspects of our digital lives but 2018 could well be the year that we see the emergence of an AI-driven arms race. Whilst security firms and researchers are using machine-learning models, neural networks, and other AI technologies to better anticipate attacks (and to spot ones already under way), hackers are adopting the same technology to retaliate.
One of the clearest examples of this is spear phishing, which uses carefully targeted digital messages to trick people into installing malware or sharing sensitive data. Machine-learning models can now match humans at the art of crafting convincing fake messages, and they can churn out far more of them without tiring. Artificial Intelligence can also be used to design malware better equiped to fool ‘sandboxes’ (security programs that try to spot rogue code before it is deployed in companies’ systems).
2018 is also likely to see more attacks that transcend the cyber/physical divide with hacks targeting electrical grids, transportation systems, and other parts of countries’ critical infrastructure. Some of these will follow the ransomware route and hijack essential systems before threatening to wreak havoc unless owners pay swiftly whilst others will be designed to cause immediate disruption. It’s likely that during the year both researchers and hackers will uncover more vulnerabilities in the defenses of older planes, trains, ships, and other modes of transport that could leave them vulnerable.
There has been much talk already in 2018 about hackers (including some allegedly from North Korea), targeting those who hold Bitcoin or other digital currencies. Whilst this is clearly a threat, a more pressing concern is the opportunity for hackers to steal computer processing power.
Mining any cryptocurrency requires a huge amount of computing capacity to solve highly complex mathematical equations. As the value of cryptocurrencies continues to rise, hackers are becoming more incentivised to compromise millions of computers in order to use them for such work and we have already seen the hacking of public Wi-Fi in a Starbucks in Argentina and an attack on computers at a Russian oil pipeline company for this exact purpose. As currency mining grows, so too will the temptation to breach ever larger computer networks. Hospital chains, airports and countless other other sensitive locations will need to drastically improve their security systems in order to prevent this from happening.
As the risks around cyber security continue to grow, so will the penalties for companies that fail to address them effectively. When the General Data Protection Regulation comes into effect on 25th May companies will be required to report data breaches to regulators (and inform customers their data has been stolen) within 72 hours of discovering a breach. Failure to comply could lead to fines of up to 20 million euros or 4 percent of a company’s global revenues, whichever is greater.
If you have any queries or wish to discuss this matter further please contact your Account Director, call our office on 01473 727800, email us at firstname.lastname@example.org, or tweet us @atains.