An Outlook on the Cybercrime Epidemic - What Will 2018 Bring?

2017 was a year of firsts for the cybersecurity industry. For one, cybersecurity spending exceeded $86 billion, according to Gartner Research. We also experienced several cybersecurity disasters we had never seen before – think WannaCry, NotPetya, Wikileaks, Equifax – that made organizations around the world concerned for the state of their infrastructure’s security. These were not run of the mill, small breaches either, but rather viral leaks and full-blown campaign hacks exposing confidential customer information and government data. It was a year that elevated the topic of security to the very top across every industry.

While companies are racing to protect their organization’s data from future attacks, it is important to keep in mind that hackers are only getting smarter and more sophisticated. This year’s breaches and cyberattacks provided us with insight and understanding into the potential ramifications of such attacks, however as the landscape continues to evolve at a rapid pace, it’s going to be difficult for CSOs to stay a step ahead in 2018.

To help organizations and business leaders plan their security strategy in the coming months, here are 6 specifics to consider when making a plan to protect company data.

1. Increase of cybercrime epidemic – The global cybercrime epidemic is expected to double in the next two years. Zero day threats are growing at an exponential rate while advanced persistent threats (APTs) are no longer the only concern of nation state organizations. As hackers continue to become more sophisticated, cybercrime as a service will grow, turning into one of the biggest challenges organizations will face in the coming decades.
2. Preferred attack vectors are changing – We expect to see a continued change in hackers’ favorite attack vectors. The use of documents (Office, PDF and others) will not disappear but is expected to continue losing ground to other methods and attack surfaces such as archive files containing malicious content, browser extensions, social media campaigns and cross platform attacks. 
3. Ransomware sophistication and formats – Despite surpassing most other forms of cybercrime in 2017, ransomware has yet to reach its peak. We expect to see ransomware campaigns increasing their level of sophistication and evasiveness, especially with regards to lateral movement and infection capabilities. We also predict more ransomware families will start using other methods than file or disk encryption for extorting money – like doxing, data-wiping and machine/system lockdowns. Companies will have to be overtly aware of their payment systems security, ensuring end-to-end encryption is being used to prevent criminals from obtaining credit card data from point of sale systems.
4. Fast growth in Non-Windows threat landscape – Threats to macOS, iOS and Linux based endpoints and servers will grow in number and complexity in 2018. We believe this will be the case both for state APTs and cyber-crime related campaigns. 
5. Threat intelligence in real-time – Due to limited staff resources and expertise, more organizations will use threat intelligence services to better understand the risks of external threats, such as zero-day threats, APTs and exploits. However, in order to prevent attacks, these services will need to be provided in real-time to be truly beneficial.
6. Increase of the adoption of Artificial Intelligence – More and more cybersecurity related domains will migrate from the implementation of traditional security solutions to AI based solutions due to the improved accuracy and easier automation AI brings to the table.

Looking ahead, the cybersecurity industry will continue to play catch up in 2018, as hackers become more sophisticated and the number of attacks increase against businesses, individuals and organizations. Ransomware will remain a top problem for IT leaders, gaining even more momentum in the coming months. As threats to macOS and iOS endpoints grow, the use of real-time threat intelligence to better understand the risks of threats will mature and become more commonplace. Next year will be a telling time for the future of cybersecurity – companies should look to innovative technologies as a solution to securing their infrastructure, and foster a consistent dialogue among executives to keep up with the ever-changing landscape.

About the author: Caspi is a seasoned CEO and global expert in cybersecurity, big data analytics and data science. He has 20 years of experience in implementing these domains in governmental, financial, telecom and insurance institutions. He has spearheaded companies in senior positions from start up, accelerated growth and to IPO in Nasdaq. He is a serial entrepreneur with in depth knowledge in technology combined with a strong Go2Market planning, financial and business understanding.