2017 was a big year for cybersecurity. For 2018, we’re predicting more of the same.
Key Statistics that Shaped 2017
- Less than two-fifths of business had segregated wireless networks or data encryption in place.¹
- Only one-third of businesses had policies around cybersecurity. These tended to be medium to large organisations.¹
- Fraudulent emails topped the list of cybersecurity breaches. 72% of respondents in a survey by the Department for Culture, Media and Sport had received fraudulent emails in 2016/2017. A further one third were affected by viruses, spyware or malware.¹
The Biggest Hacks of 2017
There were dozens if not hundreds of attacks this year. Some of the high profile attacks are listed below.
- Equifax – the attack saw personal data pertaining to 145 million people being stolen. This was considered one of the worst breaches of all time.²
- Yahoo – an announcement in October stated that 3 billion Yahoo accounts were hacked in 2013. The company is not sure who was responsible, although a Canadian hacker pleaded guilty to his role in a separate Yahoo breach.²
- Shadow Brokers – the anonymous group leaked a set of hacking tools allegedly belonging to the National Security Agency. These tools were eventually used in the WannaCry attack.²
- WannaCry – the ransomware attack targeted more than 150 countries. The NHS was a high-profile victim that was forced to closed temporarily.²
- NotPetya – the attack targeted Ukranian businesses via a popular tax software that had ‘known vulnerabilities’. FedEx reportedly lost $300 million to the attack.²
- Bad Rabbit – the attack posed as an Adobe Installer on websites that had been hacked. The software scanned for user credentials contained within the network.²
2018 Cybersecurity Predictions
All evidence points to a number of key developments this year. We’re likely to see attacks continue for the foreseeable future. As a result, there will be more emphasis on cybersecurity prevention. Key players will continue to dominate the cybercrime space and new players are also likely to emerge to exploit opportunities. What’s clear is that cybersecurity will be a serious threat and a moving target – a trend that isn’t likely to change soon.
Past Suspects Likely to Drive Further Attacks
Key players like Russia and China are likely to continue with targeted attacks. Both countries have recently been involved in some high-profile cyber breaches, a trend which won’t likely stop in 2018 (3).
China allegedly focuses on stealing intellectual property despite political pressures from the countries like the USA. The stats say they are likely behind anywhere from 20 – over 40% of all cyber attacks. While Russia is less prolific, they far more skilled, executing successful attacks on ‘extremely secure’ networks.
Both countries deserve a mention due to the allegedly state-sponsored nature of their attacks. Their governments are actively condemning attacks originating within the countries, which is likely to mean that attacks will continue for the foreseeable future.
Multi-Factor Authentication to Increase
People are waking up to security and quickly realizing that passwords alone cannot be relied on. This trend will drive multi-factor authentication, and we’re likely to see the prolific adoption of 2-factor authentication and identify access management tools. Growing adoption will likely lead to further price drops, broadening the affordability of these tools and driving further implementation. Even a few years ago this technology was far behind its current position. With smartphones becoming the norm, multi-factor authentication via mobile devices is set to boom in 2018.
With this in mind, it’s highly likely that mobile security will get more focus in 2018. While it’s easy for organisations to secure in-house devices, mobile ones present a bigger challenge. Data leakage, social engineering, Wi-Fi interference, out-of-date devices and physical device breaches are all key concerns in this area. Could this suggest that 2018 will be the year of the mobile device?
The General Data Protection Regulation (GDPR) will come into force this year. There will be a huge push for compliance, most likely close to the May deadline. Companies are being forced to make privacy and tighter regulation a more integral part of their business technologies. We’re likely to see this become a big focus for most organisations operating in the EU. GDPR may also encourage extortion, whereby cybercriminals will attempt to bribe companies they attack.
Despite the deadline in May, we are likely to hear the first penalties being issued this year. This will make 2018 a landmark year for Data Protection and data subject rights in Europe.
Healthcare A Key Target
The healthcare sector took a big knock in 2017. The NHS was targeted in the high-profile WannaCry ransomware attack, which brought many systems to a complete standstill. We’re likely to see further attacks of this type in 2018. Attacks will be driven by increased adoption of IoT technologies within the sector which provider cybercriminals with more entry routes into the network.
Given the intense pressure the NHS is under, attacks caused by user error are also likely to become more prevalent. Don’t forget that user error is directly involved in more than 90% of cybersecurity attacks, so increased pressure on public sector healthcare staff will likely lead to more mistakes.
Reports of Cyber Crime will Rise
The Office for National Statistics reported on cybercrime statistics for the first time in 2016-2017. This is likely to drive awareness of cybercrime and will result in more cases being reported in 2018. Fraud and computer misuse made up half of all crimes recorded by the ONS, however, the true figure is said to be closer to 20.5 million (4).
We’re likely to see cybercrime receiving even great publicity in 2018, especially in high-tech countries like the UK. This will drive consumer recognition and inevitably lead to more reports being filed.
Mobiles Will be Targeted More Frequently
Mobile platforms will become a bigger priority for cybercriminals in 2018. We’re therefore likely to see a greater emphasis on mobile security from both mobile providers and from users themselves. This will grow the market for mobile security and drive consumer demand for secure mobile devices.
UK Government to Announce Further Investment in Cybersecurity
In 2016/2017, the UK Government showed commitment to make the UK a secure and resilient digital nation 3. This was followed by the launch of the National Cybersecurity Centre on 14 February 2017 (5). Further investment is likely to follow in 2018, and we wouldn’t be surprised to hear of further initiatives coming from the Government. In tandem, cybersecurity will likely form a major part of many Parliamentary discussions.
More Countries to Become Threats (and Victims)
Internet usage in regions like Asia, Africa, and the Middle East is rising rapidly. As more and more countries become computer literate, we’re likely to see more nations get involved in cyber attacks. The rising cost of cryptocurrencies like Bitcoin will also make hacking opportunities more lucrative. 2018 is therefore likely to be the year we see new players emerge, while older players will continue to dominate the cybercrime scene.
1 Gov.uk. 2017. Cyber Security Breaches Survey 2017. [ONLINE] Available at: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/609186/Cyber_Security_Breaches_Survey_2017_main_report_PUBLIC.pdf. [Accessed 4 January 2018].
2 CNN Tech. 2017. The hacks that left us exposed in 2017. [ONLINE] Available at: http://money.cnn.com/2017/12/18/technology/biggest-cyberattacks-of-the-year/index.html. [Accessed 4 January 2018].
3 Security today. 2017. Top 5 Countries Where Cyber Attacks Originate. [ONLINE] Available at: https://securitytoday.com/articles/2017/03/03/top-5-countries-where-cyber-attacks-originate.aspx. [Accessed 4 January 2018].
4 SC Media UK. 2017. 3.5 million cyber-crimes recorded, true figure could be 20.5 million. [ONLINE] Available at: https://www.scmagazineuk.com/35-million-cyber-crimes-recorded-true-figure-could-be-205-million/article/701515/. [Accessed 4 January 2018].
5 National Cyber Security Centre. 2017. The cyber threat to UK business. [ONLINE] Available at: https://www.ncsc.gov.uk/content/files/protected_files/news_files/The%20Cyber%20Threat%20to%20UK%20Business%20%28b%29.pdf. [Accessed 4 January 2018].