printer friendly version

Cybersecurity trends 2018

Looking at the trends highlighted by physical security operators in another article in this issue, it’s clear that cybersecurity will remain a key issue in the coming year. To be fair, cybersecurity is going to be a major issue for everyone whether they are in the security business or not. To try to find some insights into what we can expect from the world of cybersecurity, we asked some experts to fill us in on their expectations for the coming cyber year.

What do you think the top three cybersecurity risks in 2018 will be?

Dragan Petkovic.

Dragan Petkovic, security product leader ECEMEA at Oracle: We are likely see the continuation of the trends of 2017. Privacy of data remains one of the most vulnerable resources and the requirement to protect personal data will only intensify with new privacy regulations being implemented in the near future. Political situations around the world are getting increasingly complicated which will cause a rise of zero-day attacks. With the hype surrounding Bitcoin, I believe we’ll see more attacks against cryptocurrency infrastructure.

Keegan Ackerman, territory account manager, ESET Southern Africa: Ransomware: As far as malicious forms of software go, this year alone we have seen a massive spike in the amount of attacks and variants of this software that are currently out there. A bit earlier in the year everyone around the world was made very aware of this fact with the release of the WannaCry and Petya variant that took down countless organisations and people around the world, suddenly cutting all access to their own important data. There was an incredible 50% increase in attacks in 2016 and with the huge financial gain possible, little risk to the attacker and the ease of which you can distribute this through ransomware-as-a-service online opening, this threat is going to grow even more.

Online privacy/the data breach: As a lot of businesses and people around South Africa learned this year that our most precious data became compromised in the largest breach of personal information in South Africa and this has been seen as a tangible threat to the online privacy of every South African. As technology is expanding and we are becoming more connected to the Net than ever before. With the IoT (Internet of Things), our social media platforms, cloud services and the amount of digital information stored on people in the cloud and by other organisations, there is a tangible reward for the ­attackers to go after this information.

Hackers around the world have seen very high success rates and witnessed extensive breaches this year and they will be looking to top in years to come.

Social engineering: As most of us know the weakest link to any security setup is the human factor. With a lack of awareness and education from the user, social engineering attacks are the easiest way to gain access to any system. Most social engineering attacks will originate via phishing attacks with email still being the highest form of infiltration, but hackers are constantly growing their skills and using methods that are even more sophisticated. With the River City media breach where 1,37 billion email addresses were stolen and the breaches close to home, the cyber criminals now have a large amount of data on every individual they can use to better target their victims.

Gerhard Oosthuizen, CIO, Entersekt: Fraud will continue to evolve, but many old techniques will linger. We will continue to see consumers directly attacked via phishing campaigns, with the aim of either dropping malware (ransomware) or harvesting credentials. We should also expect to see more spear phishing as consumers are targeted for higher amounts, and a lot more high-value account takeovers.

Financial services that still only use a username and password are vulnerable due to the fact that so many username-password values are already out there. Customers’ only protection in cases such as these is if the banks do not expose them to high-risk transactions (which, of course, is not a solution). Financial institutions that do allow high-risk actions, such as immediate payments, and still only have one-time password (OTP) tokens (hardware or SMS) will see a lot more attacks on their systems in future. Fundamentally, the recipe to bypass these protections is now well known to fraudsters, and is built into standard hacker tools.

We can also look forward to a lot more Bitcoin exchanges, as well as banks suffering from SIM-swap and SS7 attacks – for example, where the user’s phone number is hijacked and fraudsters steal the SMS OTP. On other fronts, organisations should be wary as the privileged user will be a key focus. Fraud is moving into the development and supply chains as it can impact a wider system from there. Finally, mobile will come under even more attack than ever before, as those channels and apps remain highly insecure on the consumer side.

Riaan Badenhorst.

Riaan Badenhorst, general manager, Kaspersky Lab Africa: The security landscape is always changing as threats continue to expand and evolve. As we kick-start 2018, we are likely to see the following:

• The rise in ransomware: Ransomware is growing in sophistication and diversity. In fact, the number of ransomware notifications reported by Kaspersky Lab in the META region increased by 36% in 2017 (compared to the first quarter of 2016). The chances of ransomware incidents occurring in 2018 are high – given the increased availability of ransomware as a service. Cyber criminals are increasingly well prepared and technologically sophisticated; they are also becoming specific about their attacks in terms of geography.

• An increase in high-end mobile malware: As the world has continued to rely on mobile technology for personal and business reasons, we estimate that 2018 will likely discover more high-end APT malware for mobile, as a result of both an increase in the attacks and improvement in security technologies designed to catch them. Our evaluation is that the total number of mobile malware existing in the wild is likely higher than currently reported, due to shortcomings in telemetry that makes these more difficult to spot and eradicate.

• More attacks targeted at routers and modems: This well-known area of vulnerability has been largely overlooked as a means for advanced targeted attackers. Used by both the consumers and companies, these devices cannot afford to be ignored, as they play an important role in daily business operations. Attackers may use these devices as key targets to access the company’s network and could allow them to hide their trails, given that not much attention has been paid to these devices.

What impact would these risks have on companies and individuals if they fall victim to an attack?

Petkovic: The risk in the second half of 2018 will be around steep fines imposed for loss of personal data through the GDPR (General Data Protection Regulation). Data breaches will cause loss of customer confidence, which will have a significant impact on traditional businesses and potentially fatal consequences for digital ones. We will probably see the increase of class action lawsuits and individual litigation against breached companies.

Ackerman: In the case of businesses, this is a devastating prospect as a single ransomware attack could lead to the loss of intellectual property, customer information, and more. With legislation such as PoPI coming into place, this has extended far beyond just the reputational aspect. There are steep fines of up to R10 million or a 10-year jail sentence if information is stolen from your network and you as a business don’t have the correct security solutions and protocols in place. These fines could sink any company out there if implicated in a data breach.

For the individual, if your information is to become compromised and your identity stolen, you could be in for a lot of pain. Cyber criminals can use this information to set up accounts and take out loans in your name and put you in a massive amount of debt among many other implications.

Oosthuizen: As organisations around the world enable more features on digital channels, the risks continue to increase. Firstly, consumers will be hurt, and as the cases grow, real money will be lost. For institutions, the damage will be both financial and reputational on a large scale.

Badenhorst: Ransomware and other attacks generally cost companies money. Our research shows us that an IT security incident that has the most severe financial impact on organisations in the Middle East, Turkey and South Africa, has had enterprises pay up to $1,5M for incidents involving electronic data leaks from their internal systems, and more than $1M for incidents affecting suppliers they share data with.

Meanwhile, SMBs lost $141K when employees used IT resources inappropriately and $118K when there was an incident affecting infrastructure hosted by a third-party. As a result, such incidents would have a negative impact on the company’s reputation. This is why we always advise companies to take all possible measures to ensure cybersecurity.

And from a consumer perspective, given there are over 3,8 billion users connected to the Internet today and a range of malware (such as ransomware) which can infect a user’s computer or mobile device. Encrypting sensitive data such as personal documents or photos is critical – but it shouldn’t be a frustrating and lengthy process. Education, awareness, online security and backing up however are essential.

What is the best defence to protect yourself?

Petkovic: Well-run companies realise that there is no such thing as 100% security, but still apply prudent measures to protect their assets. While perimeter security is as important as always, additional resources are required to protect data closer to the source. User security with practicing minimum privileges becomes increasingly important, especially in the cloud. Organisations on their journey to the cloud are realising that while the cloud takes some of the network and infrastructure security headaches away, the responsibility model for security is shared. Cloud Access Security Brokers (CASB) are mandatory in planning cloud security posture. Practice security inside-out and build security in every layer of your IT.

Ackerman: Businesses and individuals alike need to start taking the security of their online identity and information seriously. Without user awareness about what threats are out there, we will be left defenceless against these attacks.

As our world is moving fully into a digital realm, we need to use the best-of-breed security solutions to create a layered defensive approach against the cyber criminals. From utilising solutions such as ESET’s software technologies to defend your crucial business and personal data. Antivirus solutions with firewalling and mail security are no longer a nice to have but are an absolute necessity to every organisation.

As these cyber threats are only growing in popularity and the level of sophistication, it’s important to incorporate them into your business continuity planning efforts before it’s too late.

Oosthuizen: Use a password manager and enable two-factor authentication (2FA) wherever you can (these days, most social media and email sites support 2FA). Ensure you only use trusted websites – rather type the web address into your browser yourself than click on a link.

Always keep your mobile phone and OS updated to the latest release. Vulnerabilities are usually fixed quickly, but unfortunately, they are just as quickly exploited.

Badenhorst: If we take into consideration the harsh realities that come with being a victim of a cyberattack, such as the WannaCry ransomware attack – not to mention the highly destructive ExPetr/NotPetya/Petya attacks that occurred in 2017, individuals can follow these tips to ensure better protection against unknown attacks.

• Use the latest security software versions especially at work, and install/update the software patches released by developers.

• Ensure that security solutions are switched on for all nodes on a corporate network.

• Avoid running or opening attachments from untrusted sources.

• Always back up sensitive data to external storage – and keep it offline.

Share this article:

Further reading: