BCC Research Blog | Industry Analysis and Business Consulting

What to Expect from Cyber Threats in 2018? The Same, Experts Warn

Written by Jeff Schmerker | Dec 13, 2017 7:15:00 PM

If you thought cybercrimes were big in 2017, just wait for next year.

“2017 was a year dominated by news of data breaches and new cybersecurity threats, from major hacks affecting companies like Equifax and Verizon to ransomware attacks such as the global WannaCry incident,” reported security trends site CSO. “It stands to reason then that we will see more of the same in 2018, with corporations, governments, public bodies and even political campaigns all likely targets.”

The industry is locked in a virtual arms race with attackers, battling evolving ransomware, serverless apps, weaknesses in connected home devices and more.

WannaCry, the ransomware attack which impacted more than 200,000 computers worldwide in May, was just the beginning of that trend, the site added—though the attack prompted focused attention and proactive investment in making systems and data secure against future attacks.

A Clip From a Recent BCC Research Webinar 

 

 

Blockchain and Artificial Intelligence to the Rescue?

Blockchain, a little-understood encryption method, first gained traction in the crypt-currency arena. Now, it’s being expanded into uses such as inter-bank settlements and Internet of Things applications. It, too, will likely become a target for cyber criminals.

“Instead of attacking blockchain technology itself, cyber criminals will focus on compromising coin-exchanges and users’ coin-wallets since these are the easiest targets, and provide high returns,” noted one analysis. “Victims will also be tricked into installing coin-miners on their computers and mobile devices, handing their CPU and electricity over to cyber criminals.

Meanwhile, other touted solutions like artificial intelligence (AI) and machine learning may also become attack tools. After all, the analysis added, the factors which make AI attractive in the realm of security means they can be used nefariously, too: “Cyber criminals will use AI to attack and explore victims’ networks, which is typically the most labour-intensive part of compromise after an incursion.”

“AI can offer more firepower when it comes to cybersecurity. It can cover the lack of manpower that we see in this highly complex field,” said a report from Infosec Institute. “However, many security experts believe that AI is a double-edged sword and hence it could become dangerous at an epic level if it gets into the wrong hands.”

AI can protect infrastructure against zero-day attacks and assist personnel who are monitoring, tracking, or detecting evidence of attacks.

Predictions for 2018: More of Everything

Infosec’s predictions for 2018 included ongoing threats from ransomware, cybercriminal attacks on cryptocurrencies, joint international crime-fighting efforts, increasing attacks on Western organizations by agents in Russia and China, the growth of cyber insurance and the increasing frequency of cyber bullying.

CSO noted that many companies will struggle to comply with the General Data Protection Regulation, a rule from the European Union which explains how companies should process, store and secure the personal data of Europeans. It goes into effect May 25, and fines for non-compliance can reach into the millions of dollars.

CSO predicted that cyber criminals will use worms similar to WannaCry to spread malware since that network attack spreads faster than other methods. “If hackers can figure out how to use worms without being too noisy (a traditional downfall of this approach), this tactic can amass a large number of victims very quickly,” CSO explained.

The Information Security Forum expanded on some of those concerns in a report, saying in 2018 it is likely that the ability to protect will be progressively compromised. “As security researchers uncover vulnerabilities, manufacturers will threaten them with legal action,” the report said. “As a result, organisations will continue to use vulnerable software that puts them at risk.” Solutions include offering financial rewards to researchers who responsibly report vulnerabilities and using mediators to find satisfactory disclosure practices.

Mobile Device Security to See Double-Digit Growth Through 2022

Responding to many of these concerns, the global market for mobile device security is expected to see robust growth in 2018 and beyond, according to a new report from BCC Research.

The report Mobile Device Security: Global Markets to 2022 says the industry is forecast to expand at a compound annual growth rate of 14.7% through 2022, when it will be valued at $37 billion. Total value will be led by software security, though hardware security will see the quickest growth.

“Investments in the market will come from all parts of the ecosystem, including payers, providers and device manufacturers,” the report noted. “The goal of all parties is to implement layers of security solutions that enforce a coherent policy from the device central processing unit to the application software.”