Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Cyber Trends Defenders Can Expect to See in 2018

The high-profile attacks of 2017 saw cyber defense rise to the level of boardroom concern. However, a look back to the past year reveals more than just a slew of headlines, but a number of trends which we can expect in 2018.

The high-profile attacks of 2017 saw cyber defense rise to the level of boardroom concern. However, a look back to the past year reveals more than just a slew of headlines, but a number of trends which we can expect in 2018.

Businesses are becoming more cognizant that the threat is often already inside their networks. And as cyber-attacks become more sophisticated and new threat vectors lead to an expanded attack surface, CIOs and CISOs need to arm themselves – both with a knowledge of the threat landscape and with the security tools that can defend their businesses from the inside out.

Based upon my work with organizations across the nation and in every vertical, I anticipate seeing these 5 trends in 2018’s threat landscape: 

1. Attacks by nation states and APT threat groups are on the rise 

2017 left us with little doubt that nation-state attacks are real. 

As we move into 2018, with the midterm elections upon us, we have to presume that we will see nation-state attacks on the rise. In late 2017, the U.S. government issued a rare public warning that sophisticated threat-actors are targeting industrial firms – it is almost a certainty that we will see an uptick in sophisticated campaigns against national critical infrastructure in the next year.

Additionally, Advanced Persistent Threat groups are acting more covertly than ever by leveraging legitimate administrative tools and processes that make subtle and unusual behaviors nearly impossible to identify. Early threat detection powered by machine learning must be integral to organizations’ security initiatives if companies want to stand a fighting chance against these silent and stealthy threats. 

2. Insider threat will remain a blind spot for most corporations 

Advertisement. Scroll to continue reading.

Despite nation state attacks and sophisticated hackers, one of the greatest threats to any organization or government has an access card for the building and a password for the network. 

Insider threats, whether malicious or accidental, are notoriously difficult to detect. Many organizations still lack the ability to identify when a user deviates from his or her normal ‘pattern of life’, and some of the most sophisticated attacks have started with an insider gone rogue. 

3. The use of tools from the NSA and CIA leaks will lead to more sophisticated and machine-speed attacks 

An underground economy has been created on the Dark Web to buy, sell, and repurpose new exploits from NSA and CIA leaks. Everyday hackers are now capable of launching sophisticated and large-scale attacks on corporations – from ‘worming style’ attacks like WannaCry and NotPetya, to advanced spear-phishing that mimics victims’ writing style and behavior to trick them into inadvisable actions. 

As sophisticated and machine speed attacks become more common with the proliferation of these advanced tools around the cyber-criminal community, it will become an even greater challenge for security teams to keep up. Cyber security will no longer be a challenge that can be addressed by humans alone. The focus will shift from who is behind an attack, to how to use AI to become more resilient to attacks, irrespective of their source or threat vector. 

4. Supply chains will continue to be a vulnerability for most organizations

The NotPetya attack of 2017 is an important reminder that our global economy isn’t just connected via the public internet, but is also directly connected by a private network of business-to-business direct connections across the supply chain. 

While security teams think hard about defending their business with firewalls and sandboxes from the “outside world” with mixed results, business partners are often seen as trusted, and are protected by contractual clauses rather than significant technical defenses. This reveals a global digital hygiene problem where self-spreading attacks can migrate from business to business at incredible speed. Monitoring the actions and interactions of partners in our businesses isn’t a sign of reduced trust, it is a vital component of herd immunity for the global economy. A shift in mindset will be essential to containing the spread of attacks.

5. Artificial intelligence will become a common feature in the toolkit of cyber-criminals

We’ve already seen early warning signs of attackers using their own forms of AI to launch targeted and advanced campaigns. 

Imagine a highly intelligent piece of malware that can autonomously glean insights from victims’ calendar appointments and mimic their email writing styles to trick them into inadvisable actions. Will you download an email attachment if it allegedly contains a map of directions to your next meeting? The future of cyber defense will be machines fighting machines for network control and the battleground will be within corporate networks. Defenders need to be ready to fight back.

Organizations still using the legacy approaches from a year ago to five years ago are consistently outpaced and forced to play catch-up. Attackers adapt and change their methods almost daily, making an approach that uses machine learning to identify never-before-seen threats absolutely critical to staying one step ahead of tomorrow’s attacker. 

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.