Wombat Security Technologies has given its 2018 security predictions. Phishing is predicted to continue serving as a key access point for increasing cyber attacks on critical infrastructure :
2018 will undoubtedly see a big increase in cyber attacks on critical infrastructure worldwide, with phishing continuing to be a key point of entry. Therefore, end-user training on how to recognise these risks is a considerable factor in the fight against cybercrime.
The GDPR and NIS Directive will bring shockwaves as cases of non-compliance are revealed, with organizations facing significant fines and public scrutiny. Some companies — including those based in the US but with European customers or suppliers — will fail their mission to comply with the GDPR, and the results will be very public and very expensive. In 2018, global enterprises will need to revise their cyber missions to dedicate themselves to improved cyber protection. As it has always been, quality, targeted end-user awareness training will be pivotal.
Phishing will remain by far the most dangerous method for a cyber-attack. In Wombat’s 2017 State of the Phish Report, 61 percent of infosec professionals reported experiencing spear phishing attacks. Smishing will become a more successful and prominent vector for cyber-attacks, but the very prevalent and dangerous email phish – which comes in many forms – will persist as the most common vector for cyber-attacks. We will see more ransomware attacks, more identity theft, and more large (and even multi-national) data breaches that will begin with a simple phish. Though it wouldn't be surprising to see the overall volume of phishing emails decrease, the increasingly sophisticated nature of these attacks will result in higher failure rates with uneducated users.
The IoT will further complicate — and compromise — cybersecurity. All verticals and companies that rely on Internet connectivity to conduct business will see their cyber risk grow in 2018. Financial services, retail, and healthcare verticals will be primary targets, because of the significant monetary gains and because previous attacks against these verticals have been so successful. Also, the greater reliance on the Internet of Things (IoT) will present new vectors for attacks. Managing vulnerabilities with IoT devices in the mix will prove more difficult than managing vulnerabilities inside a typical enterprise data center / centre operation.
Attackers will seek opportunities to not just steal data, but to undermine data integrity. In 2018, we may see the very first attack that attempts to disrupt the integrity of patient care laboratory results or alter financial statements for a financial services company. We think about the impact of identity theft as a primary purpose, because identities have financial significance. But we rarely think as well about the potential for attacks directly against data integrity. A complete breach of confidence may result, and then we will all need to rethink how and why we connect to the Internet and compute.
The use of Facebook and other Internet-based vectors to promote particular agendas will continue to increase in 2018. The use of social media to advance a particular (even nefarious) agenda has been so wildly successful that we can readily expect its continued use and expansion for other causes and from other national sources in 2018. This activity is still in its infancy, and we have yet to see the full impact of cyber propaganda upon our politics, governments, and cultures worldwide.