Looking back, 2017 had all the twists and turns of a good disaster movie. Hackers steal and leak the NSA’s powerful exploit kit that’s then unleashed on the world through a Dr. Evilish ransomware-worm hybrid. Later, a top U.S. credit reporting agency discloses a breach involving the social security numbers of 143 million Americans. Meanwhile, a $1.8 billion legal battle is being waged between two tech giants over stolen software for self-driving cars. In the trial, a letter comes to light that claims the defendant was “responsible for acts of corporate espionage, the theft of trade secrets, the bribery of foreign officials and various means of unlawful surveillance.”
Sounds like Lex Luthor had a busy year. While you can make a good case that data security predictions should be made by Hollywood scriptwriters, we decided to put on our wizard’s cap yet again to come up with the following predictions for 2018.
Get the Free Pen Testing Active Directory Environments EBook
Blended Attacks Will Force More Critical Systems Offline
As bad as WannaCry was – and because many who were hit may have kept quiet – we may never truly know the full extent of the damage. The characteristics involving the payment of the ransom were haphazard, suggesting that these attacks were meant to test the NSA’s exploits’ power and reach when “blended” with other attack vectors, like phishing and ransomware. In 2018, we should expect more blended, crippling attacks in more countries, and they may well be longer and more severe. As we saw in 2017, expect them to throw a wrench into the daily lives of millions — affecting anything from transportation to shopping to using an ATM.
The IoT Will Bring More Bad News
Brands have been quick to jump on the IoT bandwagon, but they will have their hands full. In 2017, we saw KRACK and BlueBorne exploit WiFi and bluetooth, opening fresh holes in our already battered perimeters. Hackers will continue to leverage unprotected devices to spy on their users and break into home and corporate networks. Multiple botnets exploiting vulnerable IoT devices will be new minions in DDOS attacks, and threaten to take down news and government websites. Millions of consumers will remain unaware that their IoT devices and home networks are being exploited until they finally get to the bottom of why Stranger Things is so slow to download, and unplug their internet-connected toothbrush. Manufacturers will start to address these security faults or risk losing to the companies that bake-in security from the start. GDPR may save the day in the long run–forcing businesses to reconsider personal data collection via IoT, but we won’t see this effect until at least 2019.
Fear the Wiper
A recent survey revealed that 45% of organizations think they will be breached in the next year. In 2018, more organizations will be hit by ransomware, or worse. While ransomware is a scary thought for the C-Suite to consider, the unlucky organizations — those that haven’t prepared and without adequate backups in place — will be hit by wipers that will destroy information and systems with no hope for retrieval. Other unlucky organizations will realize they’ve been hit with APT’s, or Advanced Persistent Threats, that have been siphoning out valuable information for months or longer, like Intellectual Property, public filings, M&A plans, and other trade secrets. The unluckiest probably won’t realize they’ve been hit in 2018 at all, as attackers access their information as if it were their own. In 2018, a widespread wiper at tack, likely driven by political motivations, will hit at least one government agency and many other organizations. Companies will rethink how they’re protecting their critical information as they continue to realize how porous their perimeters have become.
You’ve Got Mail: Buckle up for a Wild Political Season
All 435 seats in the House and a third of the seats in the Senate will be up for grabs in November 2018. With so much at stake, expect a series of revealing leaks affecting candidates in key congressional districts. At least one candidate will drop out of the race based on the contents of old emails. Multiple incumbents will also be forced out of office.
The Rise of Cryptocurrencies
We’ve seen bubbles before: From dutch tulips in the 1600s to dot-com high fliers at the turn of the 21st century, unbridled enthusiasm drives up prices to unrealistic and unsustainable levels. Bitcoin is enjoying such a bubble. Could this be the year for a correction? China is cracking down and other nations appear to be seeking to regulate Bitcoin and their exchanges. If cryptocurrency continues to be associated with monetizing cybercrime and other illegal activity, it will become stigmatized, and its use for legitimate purposes may decline.
“A Treasure Trove for Hackers” : The U.S. Gets GDPR Envy
“Consumers don’t have a choice over what information Equifax… or Transunion or Experian have collected, stored and sold,” said Illinois Congresswoman Jan Schakowsky, during the House Energy and Commerce Subcommittee Hearing on the Equifax data breach, one of the biggest consumer breaches in history. “What if I want to opt out of Equifax?” Ms. Schakowsky asked. “I want to be in control of my information. I never opted in, I never said it was OK to have all my information, and now I want out. I want to lock out Equifax. Can I do that?”
In May 2018, a sweeping set of data-focused privacy rules for EU citizens will go into effect — they will get a choice. As GDPR takes effect, we’ll see GDPR envy in the U.S. and consumers will demand the same kinds of privacy rights that EU residents receive under GDPR. With the deadline looming, organizations are going to go through an adjustment period — especially ones that collect and leverage user data in innovative, and sometimes controversial, ways, like credit bureaus.