eSecurity Solutions Articles/Blog

Cyber Security Articles to Keep your Business Secure and Compliant

Blog Categories

Top 8 2018 Cyber Security Trends & How to Respond
2018 Cyber Security Trends

Cyber Criminals are not standing still and 2018 is rolling. What are you doing to move the ball forward in response to
2018 cyber security trends and the resulting threats? 2018 cyber security threats
require an appropriate response on how to deal with insecure IoTs, Crime-as-a-Service, AI driven attacks, creeping
regulations and securing systems and data as it moves to the cloud.

 

Attacks that worked in 2017 are being repurposed to new devious objectives like mining crypto currency
using your servers and PCs. Social engineering continues to be an open
door to attackers as they exploit your employees lack of training providing a means to financial fraud, and login access
to your data.

 

2018’s Top Cyber Security Trends

  • Ransomware continues to grow as an attack
    method

    • Crime-as-a-Service makes creating attacks easy and cost effective for criminals. Successful ROI for
      these attacks means more attacks in 2018 using even more targeted messaging.
  • Attacks on the IoT insecure ecosystem
    • Using IoTs to drive DDoS attacks, zombie attacks from IoTs, and taking down corporate IoT devices should
      be expected in 2018. IoT devices come from many vendors and are frequently insecure and hard to monitor
      and control by companies. IoT devices, mobile Apps, and IoT cloud service providers are all points of
      vulnerability.
  • Social Engineering Attacks
    • AI will be increasingly weaponized by cybercriminals to customize and target social attacks
      against users

      • Use of AI based security to protect and detect is increasing. In 2018 expect AI to be used to
        bypass your AI defenses and to create more focused phishing, customized malware and attack
        methods. Now we need AI to fight AI… the battle of the machines.
    • Business Email Compromises (BEC)
      • Phishing is still a top cyber security threat. New innovative (AI based) phishing messaging and
        targeting techniques make these inexpensive attacks more successful than ever.
    • Business Process Compromises (BPC)
      • Compromises of corporate business processes for financial gain using social engineering
        knowledge
        continues to power exploits like CEO Fraud.
  • “Regulation Level” Security Begins to Impact All Companies
    • Regulations trickle down to all size companies as partners and customers require companies to comply
      with NIST, HIPAA, GDPR, etc.
    • New all-encompassing regulations (GDPR) impact ALL companies… elevating regulation level security to
      be a requirement ultimately for all companies. The U.S. is next.
    • Boards of Directors drive regulation level security to protect corporate assets.
    • Supply chains increasingly believed to be a security weak link.
  • Hijacking Computers. Hijacking servers, web servers and
    computers to mine cryptocurrency (Crypto-jacking), to generate advertising cash, to use as phishing sites, or as
    zombies increases as a security problem.
  • Insecure Access Control – ID Hijacking
    • Passwords are insecure and poorly controlled
    • IoT Devices often have default password after deployment
    • The move of Apps to the cloud makes secure access control even more important
    • Most companies are moving to Multi-factor authentication
      • Phone based (Soft tokens, text)
      • Biometrics
      • Automatic Adaptive authentication used by Web portals such as financial, HR, etc
  • People (Employees) are still likely your weakest link.
    Most security is designed to try to prevent outside breaches. Yet, employees are a big risk
    for companies especially when they are not properly trained on how to deal with cyber security threats. Rampant
    use of social media is increasingly making corporate information available on the web.

    • Other people in partners, consultants, suppliers, customers also can be serious threats to your security
  • Cloud Data Center and Cloud Application Security.
  • Breaches of cloud infrastructures is likely to be a big negative surprise to many companies in 2018. As
    more and more of our infrastructure moves to trusted 3rd party providers who host
    our systems and data in the cloud, can we expect adequate security without taking personal
    responsibility for our data?

 

2018 Cyber Security Trends Response Checklist

Your response to 2018’s cyber security trends should include the following cyber security solution
areas.

  • Independent Risk Assessments. A complete look at your
    goals, security controls, and needs can reveal the best way to utilize your budget. Over-spending on one area
    and ignoring another key area can result in exploits of the “weakest link”. Companies that ignore areas like
    employee training, SIEMs, advanced malware solutions or multi-factor authentication feel secure, but are setting
    themselves up for some type of security breach.
  • Employee training is key. Having great security tools
    can’t negate employee risks from being improperly trained.
  • Gateway security. Advanced email security, web security,
    and firewalls are needed to protect against malware, phishing, and hackers. Integrated Next-Gen solutions are
    recommended.
  • AI machine learning cyber security. AI based network and
    endpoint security is an important addition to your traditional security. Just know that this security alone is
    not sufficient by itself and the hackers are using AI to attack holes in your security.
  • Multi-factor authentication. Both human process
    authentication and MFA digital security solutions are required to combat credential theft, CEO fraud and
    phishing attacks.
  • Integrated intelligence. Solutions that integrate
    information from endpoints, networks, real-time security data feeds is important to correlate and analyze
    information looking for indications of compromise. Solutions include APT,
    SIEM, Threat feeds, and AI data collectors.
  • Backup and Disaster Recovery (BDR). A good backup
    that can instantly recover your servers and data makes up for a lot of other sins. Onsite, offsite, data,
    systems, and frequent testing are all key elements of a good BDR policy.
  • Cloud Security Solutions. Data center and cloud
    application security needs to be treated as seriously as firewalls and endpoint security. These are potentially
    weak spots and can result in lost, compromised or corrupted data, websites, or servers.

 

Contact us to discuss how eSecurity
Solutions can help you with your security assessments, strategies,
products, implementation and
management.

Click to access the login or register cheese