Advisory from the ECPI Center of Excellence
This year continued to be a challenge in the Information Security realm. The Equifax breach, Wannacry, and Russian manipulation of social media were just some of the highlights. How will the year pan out? Here are some cyber security predictions from your friendly neighborhood ECPI University team:
The Good, the Bad, and the Ugly: Cyber Security Predictions from ECPI University
IoT (Internet of Things). This will continue to be a point of worry. Both consumers and business will continue to implement IoT in daily life as these bring about many benefits and conveniences. However, we have seen this past year that not many vendors are baking security in or have the ability to apply patches to these different devices.
Apart from already being used for DDoS attacks and ransomware, we will see IoT devices used in consumers’ homes, being used for malicious actors to have constant access to their victim’s network. This means that no matter how many times a victim removes malware from their computers, because of the IoT entry point, the bad actors will always have the opportunity of using this backdoor to get back onto said network.
Cloud “great migration” continues. The ever-increasing move to cloud services is being called the great migration. We’ll see even more services and workloads move to cloud-based platforms. Remember all those articles that you have seen this year about misconfigured AWS buckets being found? We will continue to see more of these Cloud related spillages.
GDPR. GDPR came into effect in 2018, on May 25th. According to this new set of regulations, both U.S. and European organizations will need to show compliance in the following areas: managing, storing and sharing data–no matter how large the data sets are. Specific to breaches, organizations will have to report data breaches within 72 hours of their knowledge of them. We will see US organizations that are not within compliance facing some high fines and heavy public scrutiny. We will also see the creation of a formalized Data Protection Officer position at organizations.
Ransomware will continue. Threat actors will be smarter about which people and companies they target, so they can extort as much money as possible. We will thus see better crafted malicious emails as cyber criminals perform more research into their targets. Conversely, we will see law enforcement and the security industry join forces on a much larger scale to aggressively detect and respond to these incidents, leading some malicious groups to move away from this type of attack.
Bitcoin hacks. Despite a crash this past Friday, Bitcoin has been steadily surging in price. There are other cryptocurrencies that have had rapid gains as well in the market. This success is expected to trigger crime of grand proportions. Hacking, already a problem, will rise as attacks on investors, exchanges, digital wallets, mining companies, ICOs, and hosting providers increase. Losses here due to fraud or theft are quite unlikely to ever be recovered or reimbursed as cryptocurrency is not protected by the FDIC.
Machine Learning. This will be developed into a well-honed art. Online advertisers and vendors are becoming better and better at using data analytics in conjunction with large data sets. Malicious actors will use this same technology to target victims.