The Top 5 Security Threats for 2018
We are now well into 2018. Though we have left the large security breaches of 2017 behind, their lessons remain. New challenges will arise in the coming year as well. In this post, we’ll review the 5 top security threats for 2018 and how your team can respond to each.
The most prominent ransomware attack last year was WannaCry, a global cyberattack by the WannaCry ransomware cryptoworm that spread rapidly through computer networks and computers running Microsoft Windows.
This attack was not an isolated incident. The use of ransomware grew dramatically last year, increasing by over 2,502% according to SpamTitan. This was due, in part, to a phenomenon called ransomware-as-a-service, which provides kits to serve malicious code. Many in the industry expect this trend to continue in 2018.
Companies can better protect themselves from ransomware in several ways, but many are falling behind. In a joint survey by Forrester and the Disaster Recovery Journal, three quarters of companies reported having a planned and documented response to data tampering, but only one quarter test those plans more often than once a year. Testing plans, having a solid data backup capability, and email security filters are three important ways to protect your company from attack.
2. Identity Hijacking Through Web Browser
Hackers know full well that individuals enter sensitive financial, medical, and personal information in their web browsers every day – data not only connected to their personal lives but to their business lives as well. Last year hackers attacked nearly five million browser users through hijacked Chrome extensions – exposing users to potential credential theft.
For business leaders, the ability of hackers to record web browsing sessions and collect data web represents a significant and growing risk. Corporate bank account information can be lifted, business sensitive email can be read or responded to, as well as passwords that could allow a hacker to ‘hijack’ an employee’s identity to gain access to sensitive corporate documents and communications.
3. Expanding IoT Cyber Attack Surface
Technology companies churn out new Internet-connected devices, sensors and other Internet of Things (IoT)-connected products at a rapid pace. Often, this rapid pace means that security threats go overlooked. Many Internet-connected devices rely on default passwords and lack basic security features, and there is often a lack of clarity with regards to “ownership” of IoT security. Botnets also take advantage of IoT vulnerabilities and perpetrate volumetric attacks to gain access to devices. Limiting Internet-connected devices and tools in the office to those that are most secure can help to protect your business network.
4. Skills Shortage
Although not specifically a direct threat to your company’s cyber security, the shortage in qualified cyber security talent can put it in danger. Hiring and retention issues can throw budgets out of whack and cause much needed tools to be cut out in favor of providing higher salaries. Read our post on the costs of hiring and retaining an IT security staff here for more about the shortage and what you can do to make sure your company is protected.
5. Spectre and Meltdown
Any way you look at it, these two hardware security flaws are bad news because they attack the CPU hardware itself, not the operating system that runs on the hardware. While security patches have been released, Spectre and Meltdown bring to light device security vulnerabilities that researchers describe as catastrophic given the flaws affect nearly every computer chip manufactured in the last 20 years. CSOs, CISOs and IT decision makers should be vigilant in re-evaluating the security posture of devices deployed across the workforce.
Though many of these threats carry over from last year, we expect them to be top of mind in the security industry in 2018. Other factors will affect how security is provided this year as well, including the GDPR regulations in Europe and the United States and more artificial intelligence cyber security tools. Keep an eye out for these factors and others that could affect your company’s security this year.