Cybersecurity is at the forefront of concerns for CIOs and enterprise I.T. professionals, and being able to predict the next round of threats is critical to success. Looking forward to the year ahead, security experts at Forcepoint have published their "2018 Security Predictions Report," plus a look back at the accuracy of their 2017 predictions.
This year, along with other security concerns, Forcepoint predicts data privacy will be a growing source of contention. As organizations collect more and more personal data, and as breaches seem nearly impossible to stop, change is desperately needed. Businesses as well as government agencies simply need to do a better job of managing and safeguarding the data they collect.
The People Problem
Forcepoint says, "The security industry has been focusing on the wrong things. Traditional security perimeters are eroding or becoming obsolete, and so, rather than focus on building bigger walls, the industry needs better visibility." It is crucial to understand "how, when and why people interact with critical data, no matter where it is located."
Confounding the problem is that a growing quantity of data is being moved to the cloud. Malware is constantly evolving and traditional security measures simply are not keeping pace.
At the heart of Forcepoint's predictions for 2018 is the need to understand how people interact with critical data and intellectual property, according to Dr. Richard Ford, Chief Scientist at Forcepoint. "Users have the potential to unintentionally compromise their own systems in one minute."
"By placing cyber-behavior and intent at the center of security, the industry has a fighting chance of keeping up with the massive rate of change in the threat environment," Ford explained. "We know that data leakage and ransomware will continue to be the focus for remediation and prevention, but behavior-centric risks are now behind a multitude of security incidents," Ford continued.
So what are the biggest cybersecurity threats and trends expected for the year ahead?
Privacy Fights Back
First, Forcepoint predicts that we will see "a broad and polarizing privacy debate, not just within governments, but between ordinary people."
Forcepoint foresees that "privacy wars" are about to erupt, and with good reason. As businesses and government entities collect and mine more and more of our personal data, tensions are brewing between individual rights and security for all.
Think about it. Your car knows where you last went and where you may want to go next. Your phone recognizes your face, and so does Facebook. Oh, and it knows all your friends and relatives, as well as their friends and their relatives. LinkedIN knows everyone you ever worked with, even if you only sent them one email.
Your computer? Not to be trusted. It tells companies what you like and don't like, which sites you visited, and which terms you searched. Your Gmail tells Google what you mentioned in private email. Oh, and Alexa and Siri? They're listening all the time, and sometimes when you least suspect.
Yes, we can likely expect the privacy debate to turn into full-blown privacy wars in 2018.
Data Aggregators: A Treasure Trove for Hackers
Another prediction from Forcepoint: A data aggregator will be breached in 2018 using a known attack method.
OK, well that's pretty much a safe bet and sure to happen.
This past year, as Forcepoint noted, "the Equifax breach rocked the security industry, and the full impact of this breach has not yet played out." Forcepoint believes that Equifax was just the first of what will be many breaches on hosted business applications. "Attackers seek the path of least resistance, and if they can find a weak link in a system which ready contains the crown jewels of personal data, they will exploit it."
Cryptocurrency Hacks: The Next Frontier
Prediction #3 from Forcepoint: Attackers will target vulnerabilities in systems which implement blockchain technology.
As cryptocurrencies like Bitcoin grow in importance, Forcepoint predicts that the systems surrounding such currencies will increasingly come under attack, with malware targeting user credentials of cryptocurrency exchanges.
In addition to using cryptocurrency for ransomware payouts, Forcepoint expects cybercriminals will also be turning their attention to find vulnerabilities in systems that rely on blockchain-based technologies.
Disruption of the Internet of Things
Prediction #4: In 2018, the Internet of Things (IoT) will become a target for mass disruption. The "disruption of things," as Forcepoint calls it, is likely because IoT devices will be widely used and too easily breached. IoT devices in consumer and business environments are attractive targets for cybercriminals who can hold them for ransom or even to obtain a long-term, persistent presence on the network.
Forcepoint suggests that ransomware of connected devices is possible, yet unlikely to be a major concern in 2018. However, more large-scale, disruptive attacks on the network are to be expected, along with man-in-the-middle (MITM) attacks, as IoT devices leave vulnerable areas exposed.
The full "2018 Security Predictions Report" is available for download through the Forcepoint website, including other projections for the new year plus a look back at the accuracy of their 2017 predictions.