As the world looks forward to saying goodbye to the crazy year that was 2017, security experts are chiming in about what to expect in 2018, and the news is not good: insider attacks, tax scams, election hacks, and holes created by the Internet of Things lead the list of threats that cyber security teams can expect to be most prominent in the coming year.
Probably not the Christmas gift list they had in mind.
Given what we saw in 2017, there's no reason not to believe the experts. With organizations as varied as Equifax, Uber and the Securities Exchange Commission having revealed significant breaches, it's clear no one is safe. And as the IoT, in particular, spreads through the business world, we can expect industries that typically haven't been an attractive target — manufacturing, for instance — to find themselves in the crosshairs.
In a recent post for the Security Boulevard bloggers network, Alan Kessler, CEO of Thales e-Security, wrote that he expects IoT-based breaches to have a wider-ranging impact on customers in 2018, in large part because he believes the securing of IoT devices has not been a high enough priority.
"Right now, the approaches to securing IoT devices are unacceptable and outright dangerous," wrote Kessler. "IoT manufacturers need to have a new approach that does not make security an afterthought in a rush to market, but instead integrates it early into the product vision and design process."
But the IoT isn't the only area in which security efforts are falling short. All that outrage over the Russians hacking our election systems to manipulate the 2016 Presidential election? It looks like a whimper now if one considers the continuing vulnerability of the systems that will be relied upon for the 2018 mid-term elections.
Christopher Skinner, CEO of security firm SpiderOak, recently wrote that those systems need to be shored up now if they're going to be ready to fend off attacks as election days approach.
"The move to prevent election meddling is far behind where it needs to be," Skinner wrote. "There are vulnerabilities everywhere, from the storage of voter rolls to easily hackable electronic voting machines."
Conversely, Skinner argues that there's little anyone can do to prevent the Equifax breach from leading to an unprecedented wave of tax scams between now and April 15.
"Fake tax returns will likely explode this year given all the social security numbers now exposed," he wrote.
And it's not just new threats that has Skinner concerned headed into 2018. He warns that the personal data of millions upon millions of people that's been stolen in recent years continues to be in play. The bad guys, he points out, have gotten very patient, waiting months, or even years, for victims to let their guard down.
"One of the most frightening things about the breaches at Equifax, Target and elsewhere is what we haven't seen — yet," Skinner wrote. "Your data can just be sitting out there on the dark web, waiting to be sold or used, well after you think you're safe."
As if anyone really thinks they're safe anymore.
Just as hackers might be hiding on the Dark Web with reams of consumer data, so can insiders be lurking in your network, waiting to take advantage of a momentary lapse in your security diligence.
In a release predicting the hottest security trends for 2018, Michael Fimin, CEO and co-founder of risk mitigation firm Netwrix, said he believes that insider attacks will be among the biggest threats InfoSec teams will face in 2018. Fimin suggests that emerging security technologies such as blockchain and advanced analytics, combined with employing contact risk and trust assessment practices, can help organizations become more proactive in preventing such incidents.
"Rogue or negligent employees and intruders with stolen credentials may pose a bigger risk to security than outside hackers," wrote Fimin. "Organizations will likely do their best to minimize insider risks—by keeping a closer watch on user activities, analyzing user behavior, and regularly assessing risks to proactively spot weaknesses and improve their security posture."
Vulnerabilities exposed by the IoT. Another round of election hacks. Confidential data being sold on the Dark Web. The constant threat of insider attacks. It sure sounds like 2018 is going to be a busy year on the security front. And let's be clear: No one is going to stop breaches from happening. But with a little extra thought, InfoSec teams can minimize the damage.