Earlier this week, we summoned the much-updated spirits of Shakespeare’s witches of Endor to share some predictions for the upcoming year in cyber security.
And because you can’t keep a good spirit down when the topic is as hot, dynamic and potentially dire as cybersecurity is, they just keep foretelling. “Still more and still worse,” they proclaim.
Read below for additional auguries and prognostications, in the second installment of our two-part series on cyber predictions for year to come.
Ready or Not, Here Comes GDPR
May 25th is only 5 months away. That’s the day that the EU’s General Data Protection Regulation (GDPR) goes into effect. Many organizations claim to be ready but really, they aren’t. They cannot possibly comply with all the requirements such as breach notification within 72 hours. Today, the average breach isn’t even noticed for weeks. I foresee pandemonium come March and April. Who wants to be the first company hit with a steep EU fine for noncompliance? There will be many candidates, I am afraid.
Lots of Government Involvement
GDPR is just one heavy-handed attempt to control access and use of Personally Identifiable Information (PII). We can look for more national and state governments to pass legislation around cybersecurity and IoT device use. Laws will be passed, legislators will pat themselves on the back, but attacks will keep on keeping on.
Dark Data Coming to Light
2017 saw some very large-scale breaches and pretty severe data leakage. The Equifax breach alone exposed 143 million data records full of PII. I predict that this data will become available on the dark web during 2018. The stolen PII will be put to “good” use by hackers to enable massive attacks on government, financial, healthcare and other systems.
IoT is a Hacker’s Delight
Hackers will continue to leverage unprotected devices to spy on people – and worse. Smart homes will become magnets for all sorts of pranks (remote turning on of sprinklers, for example) and serious threats to privacy (using security cameras to spy). Botnets will be utilized to create DDoS attacks that will threaten government and other popular websites.
Networks on Wheels
Lots of industry analysts group connected cars with IoT devices, but I don’t. The connected car is far more complex, as a complete computer network in its own right. Today’s connected car already hosts as many as 150 dedicated Electronic Control Units (computers) that communicate over as many as 7 data buses. Such cars send out more than 25GB of data per hour – as much as 12 full-length Netflix movies streaming in HD. The news will be full of stories of innovative ways to take over car functions. Keep eyes on the road and your hands on the wheel!
Currencies from the Crypt
Every day it seems, we read about Bitcoin reaching new highs. Along with Ethereum, LItecoin and others, cryptocurrencies now claim a market cap of more than $1 billion. We can expect hackers to go after these currencies with new, audacious attacks that will roil national economies and international markets.
Multi-Factor Authentication Replaces Passwords
Passwords will become quite passé in 2018 with companies quickly adopting multi-factor authentication at many levels. Biometric solutions—voice recognition, facial and retina scans and fingerprints—will replace traditional passwords and tokens within the next few years.
Nation-State Players Raise the Stakes
In 2018, organizations will foolishly continue fighting the next wave of highly sophisticated attacks from well-funded criminal and nation-state actors with mostly the same solutions they’ve had in place for years. Current solutions cannot stand up to these sophisticated attacks, giving asymmetric advantage to attackers. I predict many “unpleasant” surprises to hit enormous companies and government institutions across the globe.
Who Controls Elections?
An attack on democracy will be forthcoming. In 2017, a researcher announced that he had discovered a publicly accessible database that contained the personal information of 198 million US voters, possibly every American voter going back more than a decade. We can look to hackers and even unethical political parties to use this data to corrupt elections like the mid-term US elections in November.
According to Forrester Research: “A hacker doesn't need the voting machine to alter results; he could modify the spreadsheet or database that tabulates precinct voting totals, or use compromised Windows machines to adjust the voting tabulation results in web-accessible software.”
Pay Attention to Your Software Vendors
Did you know that most major breaches are caused by third-party negligence? In 2017, hundreds of thousands of companies suffered at the mercy of a Microsoft vulnerability. In 2018, companies will use auditors to look into the security of 3rd-party software and establish industry security standards. Vendors will be required to pass through due diligence screening before they can make the sale. .
Smartphone Hack is the New Black
With each passing year, we significantly increase the volume of personal and business data that we hold on our smartphones. The army of company smartphones is now a tantalizing target. Hackers know this, so they are changing their priorities. In 2018, we’ll see a major switch from hacking computers to hacking smartphones. We can look for some juicy stories throughout the year.
Spamming Up the Mobile Phone
With more mobile phones in most countries than citizens, mobile phone spam will rocket with automated spam and botnet dialers. Cellular carriers will have to adopt opt-in policies to defend their turf from this menace to their survival.
Hold Onto Your Hats
2018 will be the busiest and most expensive year in cyber history to date. Hardly a week will go by without an important and bone-chilling event. CISOs will need to maintain a multi-faceted and multi-layered defense to ensure they remain ahead of the cyber curve, without falling prey to the evil spirits of malware and chaos that are ready to attack our networked world.