The EU's General Data Protection Regulation (GDPR) will be the single most important security factor in 2018. Unlike most security events, this one is completely predictable. It's been in the works for nearly a decade so it should come as no surprise to anyone who conducts business that impacts in any way with Europe.
Continue Reading Below
So, naturally, about half of the companies in the US that fit this description aren't ready. If they still aren't in compliance with the EU's new data protection requirements by May 25, 2018, then they can risk up to 4 percent of their global revenue in fines for failure to protect the data of people in the EU.
The GDPR requires companies that do business in Europe to protect the personal data of the people they do business with against breaches or other types of exposure, and to report breaches when they occur. While the actual amount of penalties can vary with the extent and type of breach, and whether the company took reasonable steps to protect the data, the penalty can be substantial.
In reality, most of the GDPR's requirements for data protection are what organizations should be doing anyway to protect their customers. Had companies been compliant a couple of years ago, major events such as the Equifax breach would not have happened or the loss of data would have been less significant.
When enforcement of the GDPR begins in May, you can assume that the European authorities will want to make an example of some company that fails to protect the personal data of someone in Europe. Don't be surprised if the biggest example is an American company.
Ransomware and Artificial Intelligence
If the huge penalties under the GDPR aren't enough incentive to convince companies to finally protect their data against loss, then the new security challenges that are sure to come in 2018 should be. As cyber-criminals hone their skills, you can expect to see ransomware become an even greater threat in 2018 than it was last year.
The reason the threat from ransomware will grow is because the criminals who use it will find ways to circumvent backups as a way to recover without paying a ransom. Ransomware will also be harder to detect as spear-phishing becomes more sophisticated and more accurately targeted.
Cyber-criminals will be able to focus their targeting by using artificial intelligence (AI) and machine learning (ML) to know exactly who to attack in a specific organization and what they have to do to make it effective. In addition, they will use those same capabilities to target partners of the ultimate target as a way to get past security protections.
Those same techniques, along with more traditional methods of credential stealing, will lead to a major breach in 2018—one that's going to be even bigger and more serious than the Equifax breach last year. What company will be breached? It's hard to say right now but look for a major bank with global operations or perhaps a major data aggregator. In fact, it's likely that such a breach has already happened and the victim either doesn't realize it or hopes nobody will notice.
You can also expect to see a breach of a high-profile target such as the Winter Olympics by state-sponsored attackers. While it could be some other organization, the Olympics gets the most global attention, and there are enough states with a grudge involving the event that would find satisfaction in disrupting it.
Breaches, Spoofing, and Extortion
As showy as a breach against the Olympics might be, the real damage in the long run will be through interruptions in the daily commerce of organizations and the resulting loss of revenue. Such attacks as Point-of-Sale (POS) breaches, CEO spoofing, and digital extortion will grow significantly.
POS breaches, which may include the computers used in stores or perhaps in ATM machines or in other terminal devices, frequently succeed because they use computers that run obsolete operating systems (OSes), such as Windows XP, that are rarely updated. In addition, they are frequently located where they're accessible to the public.
But the lack of updates will continue to plague organizations at all levels as IT managers continue to delay critical security updates in the belief that they may keep other features from working. Many successful breaches in 2017 happened when tools developed by intelligence agencies were used against enterprises. Those attacks succeeded even though they were against long-patched vulnerabilities because updates were delayed, sometimes for years.
Hope on the Horizon
Fortunately, there is hope. The most immediate is that passwords will begin their decline as the primary means of authentication for users. Microsoft has already begun the work of integrating biometrics into the authentication process in a form that can be used in the enterprise. In addition, the facial recognition used in Apple and Samsung phones, and the iris recognition in some Samsung phones, are leading to a freedom from passwords or as part of multi-factor authentication (MFA).
MFA is already mainstream as its use by Apple, Microsoft, and Google already demonstrates. Right now, authentication mostly uses codes sent to a mobile phone but an extension to biometrics is already underway. Organizations that invest in MFA—whether it's through biometrics, smart cards, codes sent to phones, or some other method—will reduce their risk from credential stealing software.
Another reduction in risk, at least temporarily, is the ongoing collapse of cryptocurrency. Bitcoin is already falling out of favor among criminals because of weak security in some blockchain calculations and because law enforcement is finding ways to track the transactions. Chaos in the cryptocurrency world makes it harder for the criminals to transfer money and reduces the attraction of crimes that make use of it, including ransomware.
But the good news, such as it is, does not mean that security challenges are somehow being reduced; they are not. The attacks will continue at a higher level than in previous years and the attackers will find new ways to get past your defenses. The fight will get harder. It has become more important than ever to focus your resources on prevention and on supporting the security efforts of the Chief Security Officer (CSO) and the Chief Information Security Officer (CISO) in your organization.