March 26, 2018
Top 8 2018 Cyber Security Trends & How to Respond
Cyber Criminals are not standing still and 2018 is rolling. What are you doing to move the ball forward in response to
2018 cyber security trends and the resulting threats? 2018 cyber security threats
require an appropriate response on how to deal with insecure IoTs, Crime-as-a-Service, AI driven attacks, creeping
regulations and securing systems and data as it moves to the cloud.
Attacks that worked in 2017 are being repurposed to new devious objectives like mining crypto currency
using your servers and PCs. Social engineering continues to be an open
door to attackers as they exploit your employees lack of training providing a means to financial fraud, and login access
to your data.
2018’s Top Cyber Security Trends
- Ransomware continues to grow as an attack
method- Crime-as-a-Service makes creating attacks easy and cost effective for criminals. Successful ROI for
these attacks means more attacks in 2018 using even more targeted messaging.
- Crime-as-a-Service makes creating attacks easy and cost effective for criminals. Successful ROI for
- Attacks on the IoT insecure ecosystem
- Using IoTs to drive DDoS attacks, zombie attacks from IoTs, and taking down corporate IoT devices should
be expected in 2018. IoT devices come from many vendors and are frequently insecure and hard to monitor
and control by companies. IoT devices, mobile Apps, and IoT cloud service providers are all points of
vulnerability.
- Using IoTs to drive DDoS attacks, zombie attacks from IoTs, and taking down corporate IoT devices should
- Social Engineering Attacks
- AI will be increasingly weaponized by cybercriminals to customize and target social attacks
against users- Use of AI based security to protect and detect is increasing. In 2018 expect AI to be used to
bypass your AI defenses and to create more focused phishing, customized malware and attack
methods. Now we need AI to fight AI… the battle of the machines.
- Use of AI based security to protect and detect is increasing. In 2018 expect AI to be used to
- Business Email Compromises (BEC)
- Phishing is still a top cyber security threat. New innovative (AI based) phishing messaging and
targeting techniques make these inexpensive attacks more successful than ever.
- Phishing is still a top cyber security threat. New innovative (AI based) phishing messaging and
- Business Process Compromises (BPC)
- Compromises of corporate business processes for financial gain using social engineering
knowledge
continues to power exploits like CEO Fraud.
- Compromises of corporate business processes for financial gain using social engineering
- AI will be increasingly weaponized by cybercriminals to customize and target social attacks
- “Regulation Level” Security Begins to Impact All Companies
- Regulations trickle down to all size companies as partners and customers require companies to comply
with NIST, HIPAA, GDPR, etc. - New all-encompassing regulations (GDPR) impact ALL companies… elevating regulation level security to
be a requirement ultimately for all companies. The U.S. is next. - Boards of Directors drive regulation level security to protect corporate assets.
- Supply chains increasingly believed to be a security weak link.
- Regulations trickle down to all size companies as partners and customers require companies to comply
- Hijacking Computers. Hijacking servers, web servers and
computers to mine cryptocurrency (Crypto-jacking), to generate advertising cash, to use as phishing sites, or as
zombies increases as a security problem. - Insecure Access Control – ID Hijacking
- Passwords are insecure and poorly controlled
- IoT Devices often have default password after deployment
- The move of Apps to the cloud makes secure access control even more important
- Most companies are moving to Multi-factor authentication
- Phone based (Soft tokens, text)
- Biometrics
- Automatic Adaptive authentication used by Web portals such as financial, HR, etc
- People (Employees) are still likely your weakest link.
Most security is designed to try to prevent outside breaches. Yet, employees are a big risk
for companies especially when they are not properly trained on how to deal with cyber security threats. Rampant
use of social media is increasingly making corporate information available on the web.- Other people in partners, consultants, suppliers, customers also can be serious threats to your security
- Cloud Data Center and Cloud Application Security.
- Breaches of cloud infrastructures is likely to be a big negative surprise to many companies in 2018. As
more and more of our infrastructure moves to trusted 3rd party providers who host
our systems and data in the cloud, can we expect adequate security without taking personal
responsibility for our data?
2018 Cyber Security Trends Response Checklist
Your response to 2018’s cyber security trends should include the following cyber security solution
areas.
- Independent Risk Assessments. A complete look at your
goals, security controls, and needs can reveal the best way to utilize your budget. Over-spending on one area
and ignoring another key area can result in exploits of the “weakest link”. Companies that ignore areas like
employee training, SIEMs, advanced malware solutions or multi-factor authentication feel secure, but are setting
themselves up for some type of security breach. - Employee training is key. Having great security tools
can’t negate employee risks from being improperly trained. - Gateway security. Advanced email security, web security,
and firewalls are needed to protect against malware, phishing, and hackers. Integrated Next-Gen solutions are
recommended. - AI machine learning cyber security. AI based network and
endpoint security is an important addition to your traditional security. Just know that this security alone is
not sufficient by itself and the hackers are using AI to attack holes in your security. - Multi-factor authentication. Both human process
authentication and MFA digital security solutions are required to combat credential theft, CEO fraud and
phishing attacks. - Integrated intelligence. Solutions that integrate
information from endpoints, networks, real-time security data feeds is important to correlate and analyze
information looking for indications of compromise. Solutions include APT,
SIEM, Threat feeds, and AI data collectors. - Backup and Disaster Recovery (BDR). A good backup
that can instantly recover your servers and data makes up for a lot of other sins. Onsite, offsite, data,
systems, and frequent testing are all key elements of a good BDR policy. - Cloud Security Solutions. Data center and cloud
application security needs to be treated as seriously as firewalls and endpoint security. These are potentially
weak spots and can result in lost, compromised or corrupted data, websites, or servers.
Contact us to discuss how eSecurity
Solutions can help you with your security assessments, strategies,
products, implementation and management.