Think the past year was tough on your organization’s cyber security? Ransomware, DDos attacks and other exploits are only going to get worse.
Fasten your seatbelts, it’s going to be bumpy ride—but with the right preparation, you can improve your organization’s cyber security posture.
Here’s our threat forecast for 2018:
- Ransomware. Expect a decline in ransomware infections as businesses become more security-focused and aware of improvements in the quality of backup and prevention technology. In response, we are likely to see more ransomware infections embedded in common file types, such as .docx, .pdf and .xlsx, that are shared between users on networks, as well as ransomware designed specifically for mobile operating systems.
- Distributed Denial of Service (DDoS) attacks. Criminals will target midsize and large businesses with sustained DDoS attacks as ransomware attacks become less successful. The business impact and financial incentives are greater, even though attacks can be launched against fewer businesses simultaneously. Anti-DDoS technology measures remain unaffordable for most SME businesses. After the holidays, expect a spike in insecure Internet of Things devices in households.
- Wi-Fi exploitations. We expect to see an increase in hijacking of accounts or even whole networks via false or exploited Wi-Fi networks.Wi-Fi has always been inherently insecure. But now, Wi-Fi use among businesses has never been more prevalent. Many use Wi-Fi as their primary method of networking devices and, unfortunately, many devices do not have physical ports to be wired to a network.
- Smartphones. We expect to see the advent of smartphone exploits and breaches in 2018. These common devices now link into email servers, secure networks and even payment systems as a card-processing tool on a regular basis. The fact that there are so many versions of open-source Android operating systems means that there is an extremely high rate of malware development.
- Cross-border incidents and the GDPR. It is likely that the coming enforcement of the General Data Protection Regulation throughout the European Union, European Economic Area and territories with regulatory convergence on May 25, 2018, will impact the type of cyber exposures seen and the appetite for cyber insurance. It remains to be seen whether regulators will have the natural inclination to take a harder line on enforcement of the regulation. The outcome of this will ultimately determine the regulation’s impact on the uptake of data beach insurance cover. It is however clear that more data breach exposures will be seen by the public from European companies of all shapes and sizes. Global increases in regulation are likely to see a larger number of events that impact citizens of more than one regulatory jurisdiction and cross borders. Whether that be incidents in the United States that impact Canadian citizens under the Federal PIPEDA regulations or U.S. multinationals who store data on European Union citizens. CyberScout already has seen an increase in these types of events in North America. This trend is compounded by the growth in cloud based computing and web service hosting of data by businesses.