An AI arms race and attacks on cryptocurrency among cyber security predictions for 2018
It's the time of year when industry experts like to dust off their crystal balls, examine the pattern of tea leaves in the bottom of their cups and try to predict what the coming year is going to hold.
As far as security is concerned most commentators think we can expect the increase in numbers and sophistication of attacks we've seen in 2017 to continue, but there are some new things to worry about too.
"The scope and pace of information security threats is jeopardizing the veracity and reputation of today’s most reliable organizations. In 2018, we will see increased sophistication in the threat landscape with threats being personalized to their target’s weak spots or metamorphosing to take account of defenses that have already been put in place," says Steve Durbin, managing director of the Information Security Forum. "These days, the stakes are higher than ever before. High level corporate secrets and critical infrastructure are regularly under attack and organizations of all sizes need to be aware of the significant trends that we forecast in the year to come."
Charl van der Walt, chief security strategy officer at SecureData says, "In 2018 we may see the damaging effects of Security Debt that has been stacking up in the form of legacy code, 3rd party libraries and dependencies, and even architectures used by companies. This has been building up for the past 30 years, and may be catastrophic if the right set of circumstances come to pass. Companies have been living on borrowed security for too long, and 2018 may the year when those debts get collected."
Cryptocurrency is expected to become a target in 2018 and this could even bring down a popular currency. "As the value of these cryptocurrencies grows, they will become much more appealing targets for cyber criminals looking to make millions. We predict that hackers will find a vulnerability severe enough to completely wipe out a popular cryptocurrency by destroying public confidence in its security," says Corey Nachreiner, CTO at WatchGuard Technologies.
Malwarebytes expects security software itself to become a target. "In 2018, cyber criminals will target and exploit more security software. By targeting trusted programs and the software and hardware supply chain, attackers can control devices and wholeheartedly manipulate users. Hackers will leverage and exploit security products, either directly subverting the agent on the endpoint, or intercepting and redirecting cloud traffic to achieve their means."
Juan Andrés Guerrero-Saade, principal security researcher at Kaspersky Lab believes we'll see more attacks on the software supply chain. "Supply chain attacks have proven to be as much of a nightmare as we had previously theorized. As advanced threat actors continue to gain access to vulnerable development companies, back-dooring of popular or regionally-popular software will become an increasingly desirable attack vector. Supply chain attacks will allow attackers to successfully gain access to multiple enterprises in target sectors while flying under the radar of system administrators and security solutions alike."
The IoT continues to be a worry too. "IoT will turn to the darkside. We will see many more and expanded attacks coming from IoT devices, both from DDoS attacks and entry points into enterprise networks," says Joe Rogalski, director of solutions engineering at eSentire. "Small and medium enterprises will continue the move to cloud more than ever but will falsely trust that their data is protected by the provider, failing to realize that the end-users and endpoint machines will be targeted to compromise the cloud resources as legitimate users."
McAfee Labs expects to see an artificial intelligence arms race developing between attackers and defenders. "Machine learning can process massive quantities of data and perform operations at great scale to detect and correct known vulnerabilities, suspicious behavior, and zero-day attacks. But adversaries will certainly employ machine learning themselves to support their attacks, learning from defensive responses, seeking to disrupt detection models, and exploiting newly discovered vulnerabilities faster than defenders can patch them."
There is some optimism surrounding technology's ability to cope, however. "In 2018, we will see a new wave of security solutions that are custom tailored to ensure healthy communications to and from our IoT devices," says Holland Berry, director of solutions architecture at Cyxtera. "I anticipate that we will see growth in modern zero-trust security architectures, such as Software Defined Perimeter, which will deliver IoT-specific border controls. These tightly controlled (and monitored, of course) borders around our devices, combined with multi-factor authentication and strong encryption, will stave off the hackers and let our coffee pots and toasters keep their day jobs."
Governments are expected to become more involved in cyber security too. SecureData's van der Walt says, "Throughout 2018 and beyond, business will accept and expect that their governments will take responsibility for national infrastructure defense, and policing in the cyber realm will become an extension of your Bobbies on the beat."
GDPR and other legislation will also have an impact. Intercede CEO and chairman, Richard Parris says, "From Equifax to Uber and Yahoo, the number of companies abusing their customers' trust grew exponentially in 2017. Consumers have had enough. Expect much greater scrutiny of these digital guardians in 2018 as individuals -- empowered by sweeping new EU privacy laws -- demand to know how their data is being secured and used. Organizations that fail to meet these rising expectations will fall by the wayside."
Have the experts got it right, or will 2018 see something new and unexpected? Let us know your thoughts in the comments.