Uncovers Range of Security Threats for 2018; Risks posed by data aggregators, cryptocurrency systems and ransomware can be overcome via a focus on behavior-centric security
Global cybersecurity leader Forcepoint launched its 2018 Security Predictions Report, with security experts providing guidance on the threats facing organizations in the months to come. Adding to the constantly shifting environment which security professionals face is a perfect storm of drivers influencing debate around privacy. This mega-trend will cause tectonic shifts in the privacy landscape and influence the ways in which organizations collect and manage data.
Forcepoint believes that the security industry has been focusing on the wrong things. Traditional security perimeters are eroding or becoming obsolete, and so, rather than focus on building bigger walls, the industry needs better visibility. Understanding how, when and why people interact with critical data, no matter where it is located, is crucial. Critical data continues to move to the cloud, malware is constantly evolving, and despite growing investments in defensive technologies traditional security controls prove ineffective.
“At the heart of our predictions is a requirement to understand the intersection of people with critical data and intellectual property,” said Dr. Richard Ford, Chief Scientist at Forcepoint. “By placing cyber-behavior and intent at the center of security, the industry has a fighting chance of keeping up with the massive rate of change in the threat environment.”
“We know that data leakage and ransomware will continue to be the focus for remediation and prevention, but behavior-centric risks are now behind a multitude of security incidents,” Ford continued. “People’s behavior should not be set in opposition to security: the two are not mutually exclusive. Users have the potential to unintentionally compromise their own systems in one minute and be the source of innovation in the next, but we can only empower users if we truly understand the ways they interact with critical business data.”
This year Forcepoint has made eight predictions. A preview can be found below:
Privacy Fights Back
Users’ perception of privacy has changed in recent years, with a steady erosion of the line between “personal” and “public.” There are tensions between individual rights and security for all as legal, technological, societal and political drivers combine to kick off what Forcepoint is calling “The Privacy Wars,” pitting technologists against the ordinary person on the street, and splitting opinion in government, at work and at home.
Prediction: 2018 will ignite a broad and polarizing privacy debate, not just within governments, but between ordinary people.
Data Aggregators: a Goldmine Waiting to be Tapped
The Equifax breach rocked the security industry, and the full impact of this breach has not yet played out. Forcepoint believes that this was the first of what will be many breaches on hosted business applications: those that contain information on a sales force, prospects and customers, or those which manage global marketing campaigns. Attackers seek the path of least resistance, and if they can find a weak link in a system which already contains the crown jewels of personal data, they will exploit it.
Prediction: A data aggregator will be breached in 2018 using a known attack method.
The Rise of Cryptocurrency Hacks
As cryptocurrencies grow in importance, including as a method of extracting revenue from cybercrime, Forcepoint predicts that the systems surrounding such currencies will increasingly come under attack. We expect to see an increasing amount of malware targeting user credentials of cryptocurrency exchanges, and that cybercriminals will turn their attention to vulnerabilities in systems relying on blockchain-based technologies.
Prediction: Attackers will target vulnerabilities in systems which implement blockchain technology.
Disruption of Things: It’s Going to Happen
The wide scale adoption of IoT devices in consumer and business environments, coupled with these devices often being both easy to access and unmonitored, has made them an attractive target for cybercriminals wishing to hold them ransom or obtain a long-term, persistent presence on the network. While ransomware of these connected things is possible, it remains unlikely in 2018. However, a new threat that will emerge in 2018 is the disruption of things. As the IoT offers access to both disruptive possibilities and massive amounts of critical data, we will see attacks in this area, and may also see the integration of a man-in-the-middle (MITM) attack.