Is it possible to anticipate what the coming year will bring us – pro and con – on the cyber-security front? Making precise predictions about one of the most dynamic sectors in technology would be a fool’s errand, but some current trends are almost certain to continue, and likely accelerate.
First, the bad news. It’s not a secret that cyber threats have multiplied, nor that successful attacks have grown in both volume and impact. The new AT&T Cybersecurity Insights report cites troubling data from a global survey AT&T sponsored. Among its findings: Nearly 80 percent of the surveyed organisations had been negatively affected by a cyber security attack in the prior 12 months.
Beneath that top-line number was the growing prominence of new forms of attack. Most notable among them were ransom ware attacks and super-charged distributed denial of service (DDoS) assaults, the latter of which marshalled hundreds of thousands of Internet of Things (IoT) devices to create huge attack bots.
When asked about the biggest cybersecurity threats they anticipated in the coming year, 46 percent of the AT&T survey respondents cited ransomware. That percentage lagged only the longstanding threats from malware, worms and viruses (cited by 60 percent) and unauthorized access to corporate data (cited by 49 percent). Nearly one-third (32 percent) put IoT-based attacks on their list of top future concerns.
Unfortunately, ransomware attacks will almost certainly become more pervasive and varied during 2018. Some attacks will adhere to the brute-force model of infect, lock and extort, while others will be more sophisticated. In some cases, ransomware assaults will serve primarily as a diversionary tactic to draw security resources and attention away from other avenues of attack.
For their part, IoT-based DDoS attacks are likely to grow in both bot size and traffic volumes as they continue to utilize poorly secured IoT devices. There will be millions of such vulnerable devices installed for years to come, with many device manufacturers only now starting to offer hardened versions of their products. Beyond specific threat types, we can expect to see attackers increasingly utilize the same technologies defenders are using for threat detection and response. For example, sophisticated attackers are already using big data analytics to scrutinize traffic patterns and search for opportunities and vulnerabilities that might not be evident without such broad and deep analysis.
Still, not every cybersecurity trend is bleak. Among the positive cybersecurity movements we’re likely to see in the coming year:
- Continuing advances in, and use of, threat analytics, machine learning and other cutting-edge security technologies.
- Expanding adoption of automated processes, not just in threat detection, but in incident response.
- Growing use of managed and hosted security services, which will also become increasingly sophisticated.
- Improved and more varied cyberinsurance offerings, some of which will be paired with risk assessment rating services.
One additional trend is gaining steam: the growth of alliances and intelligence sharing. In February, for example, AT&T and five other communications and security vendors joined forces to form the IoT Cybersecurity Alliance, which will educate on IoT best practices and raise awareness of how to better secure the IoT ecosystem.
Individual companies as well as security vendors are coming to realise that they need to collaborate and share information about attacks and effective defences if they are to have any chance of countering the escalating cyber-threats they face.
By Dwight Davis