2017 was saturated with cyber-attacks from Petya to KRACK, and this trend has no end in sight. 2018 will likely include further cyber-attacks at an increased rate with a key point of entry resulting from phishing attacks. With both the threat of further attacks and the looming compliance change with the NIS Directive, GDPR, end user training is an organization's best line of defense in the fight against these vicious attacks.
In 2018, all organizations that rely on internet connectivity to conduct business will see their cyber risk grow. For many, there remains the dangerous notion that ‘this won't happen to me, it's the other guys problem.' Key industries that are vulnerable include the financial services, retail and healthcare. With the key point of entry for attackers found in phishing, we will see this evolve into many forms of phishing such as smishing, SMS phishing. These attacks will persist as the most common vector for cyber-attacks. Smishing will be a new danger, but phishing will remain by far the most dangerous method for cyber-attacks.
Amy Baker, VP of Marketing shares the following prediction:
"Spear Phishing Attacks: In early 2017, 61% of InfoSec professionals reported experiencing spear phishing attacks, and this year has seen a number of high profile attacks hit the press, from Amber Rudd (responsible for cyber-security in the UK) to Tom Bossert (cyber-security advisor in the US) being affected. The ideal strategy against these threats, because technology often doesn't catch spear phishing attacks, is a proactive comprehensive training program. We recommend knowledge assessments, simulated attacks, and interactive training supported by an integrated solution where technology is able to detect risky behavior and automatically deliver users relevant ‘Just in Time' training. This will help us defend against this increasingly pervasive threat."
Alan Levine, Security Advisor says:
"The NIS Directive: 2018 will undoubtedly see a big increase in cyber-attacks on critical infrastructure worldwide, with phishing continuing to be a key point of entry. Therefore, end user training on how to recognize these risks is a considerable factor in the fight against cybercrime and in ensuring compliance with the NIS Directive which is coming into play on the 9th May, 2018 and will fine relevant businesses up to £17million for non-compliance."