Security awareness training and anti-phishing vendor KnowBe4 has identified six cybersecurity trends for 2018 that all organizations need to be aware of. The cybersecurity predictions have been made by security experts who have been monitoring the rise in cyberattacks and phishing incidents over the past 12 months.
There have been several growing threats throughout 2017 which are likely to continue to cause problems for unprepared businesses in 2018. While it would be nice to believe that we have turned the corner and will see a reduction in cyberattacks in 2018, businesses need to be realistic. As KnowBe4 Founder and CEO Stu Sjouwerman explained, “I’d love to say that 2018 is going to be a lighter year in terms of cyberattacks and threats, but no one can afford to be that naïve.”
The increase in digital data means there is even more information to steal – Information that can be used for fraud, stolen and held to ransom, or stolen or deleted to gain a competitive advantage. More available information means more cyberattacks. It is therefore essential for all businesses to prepare for the worst and ensure their digital assets are protected, employees are trained how to recognize threats, and plans are put in place to be able to respond to a cyberattack when one occurs.
“From our vantage point of watching how cybercriminals work and constantly “upgrade” their attacks, we felt it was important to share what we anticipate will happen in 2018,” said Sjouwerman.
The six cybersecurity predictions made by Knowbe4 are:
1 – Exponential growth of ransomware attacks
Not only will the rise of ransomware continue, the growth ransomware-as-a-service will see more players conduct attacks. Expect to also see an increase in ransomware attacks that encrypt and exfiltrate data, allowing the attackers to sell data if a ransom is not paid, or threaten to dump the data as an added incentive for paying.
2 – Increase in hybrid attacks
Hybrid attacks are likely to become more popular. These are dual attacks, where one cyberattack is used as a distraction while another attack takes place, as was seen with BadRabbit. Multi-vector phishing attacks are also likely to increase – such as smishing and vishing – SMS-based and voice-based phishing attacks.
3 – Increase in automated attacks
Phishing attacks will become more sophisticated and increasingly automated. The use of bots to conduct phishing attacks will increase, as will the automation of scraping of social media sites to gather information for use in spear phishing attacks.
4 – Continued rise of extortion scams
Knowbe4 predicts there will be an increase in long-tail extortion scams, such as the use of ransomware to obtain a quick payment followed by a longer-term extortion scam that will see the victim having to continue to pay money in a mafia-style extortion and protection racket.
5 – Increase in search engine poisoning
Email is likely to continue to be the primary attack vector, although we can expect an increase in search engine poisoning – getting phishing websites ranking naturally in the organic search engine listings.
6 – Increase in false-flag operations
Expect to see an increase in cyberattacks for political purposes, the continued use of fake news, and cyberattacks that aim to spark conflicts between countries and undermine democracy.