In 2017, we saw record numbers of personally identifiable information such as social security numbers, addresses, birthdays and more be exposed through major breaches. At the same time, rapid technology innovation continued to rise across industries: according to Gartner, adoption of digital technology and IoT is not only delivering automation and efficiencies to organizations – it is also driving changes in all aspects of cybersecurity. With these developments in both security and technology, new threats have emerged.
As a result, IBM Security predicts the following five trends for 2018:
1. AI vs. AI: 2018 will see a rise in AI-based attacks as cybercriminals begin using machine learning to spoof human behaviors. The cybersecurity industry will need to tune their own AI tools to better combat the new threats.
2. Africa Emerges as New Area for Threat Actors and Targets: With its growth in technology adoption and operations and rising economy, and its increasing number of local resident threat actors, Africa has the largest potential for net-new impactful cyber events. In 2018, Africa will emerge as a new focus area for cyber threats – attacks targeting organizations based there and events originating from the continent are both expected to rise.
3. Identity Crisis: Data from the2,208,973,170 records stolen in 2017 will be used at a scale never seen before. Legislation to curb use of stolen data will move closer to reality and companies will move further away from using identifiers like Social Security Numbers.
4. Ransomware Locks up IoT Devices: We’ll see a pivot from using ransomware to lock up desktop computers to IoT devices. Ransom will be lower as hackers move to a volume play and find a price point that is less than the cost of “just buying a new one” for users.Large organizations with deployments of IoT security cameras, DVRs, and sensors will be especially impacted.
5. (Finally) Getting Response Right: 2018 will be the year that we see major companies demonstrate a fast and appropriate response to a large-scale data breach or cyberattack, including effective communications to inform stakeholders within and outside of the business of the impact. For example, with the implementation of GDPR in May 2018, organizations doing business in the EU will be facing stricter regulation around the protection of data, and must also report data breaches to regulators within 72 hours (or face steep fines; up to four percent annual turnover) and potentially notify the customer as well.
IBM Security has published these predictions along with a podcast on Security Intelligence at https://securityintelligence.com/media/2018-cybersecurity-trends-ibm-caleb-barlow