The state of cybersecurity in 2017 has been less than ideal. From the string of global ransomware outbreaks to the Equifax data breach fiasco, hackers seem to find more creative ways to break into computer networks every day. And, unfortunately, there are even more dangerous threats just around the corner.
Given the increasing popularity of new technologies like machine learning and the Internet of Things (IoT); hackers will undoubtedly have even more opportunities to produce even more diverse attacks in 2018.
But despite this worrying possibility, Australian businesses still have the upper hand. All they need to do is to be prepared for what we predict will be the top cybersecurity threats in 2018.
Ransomware will continue to flourish
Ransomware, a type of extortion that uses software to lock down computers’ files until a ransom is paid; has gained a lot of traction in 2017. It is usually distributed via email attachments and links; but hackers changed the game when they developed self-propagating ransomware such as WannaCry and Petya, which affected hundreds of thousands of users around the globe.
We don’t expect these attacks to slow down anytime soon. In fact, we believe attackers will continue to use a combination of phishing scams and self-propagating techniques to deliver ransomware in bulk and to disrupt entire industries; similar to how WannaCry affected the UK’s National Health Service.
Even more disturbing is the increasing prevalence of ransomware-as-a-service. Black markets are putting more ransomware products up for sale, allowing criminals without technical ability to carry out highly advanced attacks. This almost guarantees we’ll be seeing more ransomware incidents throughout 2018.
The chances of ransoms being paid will likely increase as well; especially when the new data breach notification laws come into effect. That’s because noncompliance leads to massive fines and reputational damage; giving cybercriminals opportunities to bribe companies by “promising” that they’ll keep quiet about the breach.
In any case, it’s unwise to give in to the hackers’ demands. Using a combination of anti-phishing software, behaviour monitoring tools, and intrusion prevention systems will help you stop ransomware attacks early. Cloud backups are also recommended in case your local systems and files are taken hostage.
Losses from BEC scams will reach record highs
Business Email Compromise (BEC) scams involve hackers sending fake emails from high-level executives to accounting departments and tricking them into making unauthorised wire transfers. What makes these scams so appealing is that although they’re simple; as they require only some social media scouting and virtually no programming skills; yet they can still yield massive payouts. In 2016, reports found that BEC scams net an average of $140,000 (USD).
Because these scams are so lucrative, more cybercriminals are likely to utilise them in 2018.
Training your executives and employees to spot the tell-tale signs, such as misspelt email addresses and “urgent” requests for large sums of money; can help you avoid BEC scams. Your company must also set strict limits on larger transactions and enforce stringent verification procedures; whereby those making wire transfer requests must confirm their identity over the phone with a passcode.
IoT threats will increase
The Mirai malware in 2016 demonstrated how hackers can use unsecured IoT devices to launch full-scale distributed-denial-of-service (DDoS) attacks to shut down major websites. Less than a year after the incident; researchers found a similar programme called Reaper that could potentially be as dangerous as its predecessor.
Aside from DDoS, we’re likely to see cybercriminals use IoTs as a means to spy on their targets and gather sensitive information. Even more worrying is that medical devices like heart rate monitors and pacemakers can be hijacked; putting patients’ lives at stake.
We expect more IoT attacks to come in 2018; because so many manufacturers are rushing to get smart devices to market with minimal consideration for security. IoT devices are also not built like computers; they have no user interface, so it’s much harder to install security updates on them.
Because some IoT devices lack hardened security measures, you will have to carefully consider which devices you introduce into the workplace, which requires thorough security evaluations from a professional. When setting up devices, you should also set strong passwords and regularly install firmware updates as soon as they’re released.
Cybercriminals will challenge machine learning
Computers that can autonomously interpret massive sets of data, make decisions, and perform repetitive tasks have become our reality. In fact, machine learning already enhances business intelligence and workflow automation.
Moving forward, it will certainly be a core component in security apps, but since it’s still underdeveloped; the probability of false positives and false negatives can be incredibly high. For instance, machine-learning-powered security apps may be able to detect common ransomware; but if the hacker packaged the code to look harmless, there’s a good chance that it will get through.
And although security experts are already looking at the practical applications of machine learning; it’s not too crazy to think that hackers are studying the technology themselves and looking for blind spots to exploit.
Machine learning will definitely enhance cybersecurity, but it should not be considered a substitute for a multi-layered defence strategy. This means you should still have firewalls, anti-malware, email security, and behaviour-based intrusion detection systems working alongside machine learning apps.
There is no denying that Australian businesses will face plenty of security challenges in 2018. But now that you know what to expect throughout the year, you can focus on implementing technologies that ensure business security and longevity.
Looking for holistic security solutions and support? Empower IT has all the tools and expertise you need. What’s more, we offer comprehensive IT assessments to make sure you’re fully prepared for the future. Call us today!