Argus Cyber Security Collaborates with Renesas to Secure Connected and Autonomous Vehicles Against Cyber-Attacks

Argus Cyber Security, a global leader in automotive cyber security, today announced the integration of two of its solution suites with Renesas Electronics Corporation (TSE: 6723), a premier supplier of advanced semiconductor solutions, to protect vehicle infotainment and telematics units, potentially the most vulnerable attack surfaces in connected and autonomous vehicles, against cyber-attacks. Argus Connectivity Protection and Argus Lifespan Protection have been integrated with Renesas’ R-Car H3 system-on-chip (SoC), an automotive computing platform solution for advanced driving support systems and in-vehicle infotainment systems.

The joint solution will be on display January 9-12th during CES 2018 at the AGL Showcase located in CES Tech West in The Venetian. It will also be on display at the GENIVI CES 2018 Networking Reception* in the Bellagio Hotel on January 9th.

Argus Connectivity Protection prevents malware installation, detects operating system anomalies, isolates suspicious activity and stops attacks from spreading to the in-vehicle network. Argus Lifespan Protection enables automakers and fleet managers to continuously monitor the cyber health of their vehicles in the cloud, provides big data analytics to identify patterns and emerging attacks and future-proofs vehicles through over-the-air security updates. By combining the two companies’ technologies, the integrated solution will enable automakers to seamlessly embed crucial cyber security measures without impacting production cycles or increasing project risk.

“We’re excited to integrate our cyber security solutions on Renesas R-Car H3, as it forms a key component in driving forward connected and autonomous vehicles and marks another milestone on our mission to protect all vehicles on the road from cyber-attacks,” said Yoni Heilbronn, Chief Marketing Officer of Argus Cyber Security. “With vehicles becoming increasingly connected and the age of autonomous vehicles rapidly approaching, it is crucial that all stakeholders in the automotive supply chain prioritize cyber security and provide automakers with the ability to protect connected vehicles against cyber-attacks throughout their lifespan, regardless of the attack vector.”

“We are thrilled to be able to provide automotive system suppliers with the benefits of the Renesas R-Car H3 SoC, including powerful automotive computing performance and functional safety support, and the cyber security solutions of Argus Cyber Security. The integration of Argus’ best-in-class cyber security solutions into the Renesas R-Car H3 SoC ensures that automated platforms are secure by design and remain protected from dynamic cyber-attacks while they’re on the road,” said Yoshiyuki Matsumoto, Vice President of Automotive Information Solution Business Division, Renesas Electronics Corporation. “Cyber security is imperative if we are to realize the huge benefits of advanced driving systems, and this partnership will play a major role in achieving that goal.”

* Pre-registration is required to attend GENIVI CES 2018 Networking Reception.

Wombat Security Reveals Top Security Predictions for 2018

Wombat Security Technologies (Wombat), the leading provider of cyber security awareness and training, reveals their 2018 security predictions. As 2017 comes to a close, a look back on some of the biggest cybersecurity breaches of the year — including WannaCry, NotPetya, KRACK, and the Equifax breach — shows no organization is immune to security risks. Looking ahead, the Wombat team concludes there is no sign of slowing down for these attacks, and phishing is predicted to continue serving as a key access point. This supports Wombat’s long-standing belief that end-user security awareness and training initiatives are vital to an organization’s last line of defense against devastating attacks.

Below are the top 2018 predictions from the Wombat Security team:

  • 2018 will undoubtedly see a big increase in cyber-attacks on critical infrastructure worldwide, with phishing continuing to be a key point of entry. Therefore, end-user training on how to recognize these risks is a considerable factor in the fight against cybercrime.
  • The GDPR and NIS Directive will bring shockwaves as cases of non-compliance are revealed, with organizations facing significant fines and public scrutiny. Some companies — including those based in the US but with European customers or suppliers — will fail their mission to comply with the GDPR, and the results will be very public and very expensive. In 2018, global enterprises will need to revise their cyber missions to dedicate themselves to improved cyber defense. As it has always been, quality, targeted end-user awareness training will be pivotal.
  • Phishing will remain by far the most dangerous method for a cyber-attack. In our 2017 State of the Phish™Report61 percent of infosec professionals reported experiencing spear phishing attacks. The ideal strategy against these threats, because technology often doesn’t catch spear phishing attacks, is a proactive, comprehensive training program that helps users defend against this increasingly pervasive threat. Smishing will become a more successful and prominent vector for cyber-attacks, but the very prevalent and dangerous email phish – which comes in many forms – will persist as the most common vector for cyber-attacks. We will see more ransomware attacks, more identity theft, and more large (and even multi-national) data breaches that will begin with a simple phish. Though it wouldn’t be surprising to see the overall volume of phishing emails decrease, the increasingly sophisticated nature of these attacks will result in higher failure rates with uneducated users.
  • The IoT will further complicate — and compromise — cybersecurity. All verticals and companies that rely on internet connectivity to conduct business will see their cyber risk grow in 2018. Financial services, retail, and healthcare verticals will be primary targets, because of the significant monetary gains and because previous attacks against these verticals have been so successful. Also, the greater reliance on the Internet of Things (IoT) will present new vectors for attacks. Managing vulnerabilities with IoT devices in the mix will prove more difficult than managing vulnerabilities inside a typical enterprise data center operation.
  • Attackers will seek opportunities to not just steal data, but to undermine data integrity. In 2018, we may see the very first attack that attempts to disrupt the integrity of patient care laboratory results or alter financial statements for a financial services company. We think about the impact of identity theft as a primary purpose, because identities have financial significance. But we rarely think as well about the potential for attacks directly against data integrity. A complete breach of confidence may result, and then we will all need to rethink how and why we connect to the internet and compute.
  • The use of Facebook and other internet-based vectors to promote particular agendas will continue to increase in 2018. The use of social media to advance a particular (even nefarious) agenda has been so wildly successful that we can readily expect its continued use and expansion for other causes and from other national sources in 2018. This activity is still in its infancy, and we have yet to see the full impact of cyber propaganda upon our politics, governments, and cultures worldwide.

Silicom Expands Penetration of Cyber Security Leader: Customer Shifts to Use of Silicom’s Encryption Solutions

Silicom Ltd. (NASDAQ: SILC) today announced that one of its existing customers, a world-leading Cyber Security player, has selected Silicom’s encryption solution over the competitor’s solution that it is currently using, and plans to deploy it in a number of its new platforms.

To date, the customer has confirmed that it has designed in a Silicom encryption card into two of its new platforms and that it plans to deploy it in additional platforms over the year ahead. Once all of these platforms are launched and complete sales ramp up, Silicom expects related volumes to reach approximately $2 million per year.

Commenting on the news, Shaike Orbach, Silicom’s President & CEO, said, “This important win over an entrenched competitor demonstrates that our encryption solutions are becoming the mainstream standard for Cyber Security, one of our primary target markets. We are delighted to continue deepening our relationship with this industry leader, achieving a privileged position that brings us new opportunities and gives us unique insight into industry needs. As such, we believe we are ideally positioned to ride the Cyber Security’s expansion as one of our major future growth drivers.”

RiskSense Webinar to Expose 10 Year Weaponization Pattern of Apache Struts Vulnerabilities

 RiskSense®, Inc., the pioneer and market leader in cyber risk management, today announced that it will present a webinar on Dec. 14 that uses research findings on Apache Struts vulnerabilities over a 10 year period to illustrate the shortcomings in traditional approaches to vulnerability detection and assessment. The presenters will also outline best practices for identifying and remediating the most hhigh-riskthreats to prevent attacks.


Anand Paturi, Vice President of Research and Development

Barry Cogan, Senior Security Analyst


The recent Apache Struts vulnerability was responsible for several high profile data breaches. In this webinar, two leading RiskSense researchers will present findings based on the analysis of Apache Struts-related vulnerability weaponization patterns over the past decade, including the fact that scanners are still unable to detect nearly 15 documented Common Vulnerabilities and Exposures (CVEs).

The webinar will include a live demonstration of Apache Struts exploits, and present best practices for using intelligence about attack patterns to identify and prioritize the highest risk threats so they can be remediated first to prevent attacks and security breaches.


Thursday, Dec. 14, 2017 at 2:30 PM EST


Webinar, delivered to your digital device.


To schedule a conversation with RiskSense, contact Marc Gendron at or +1 781.237.0341.  For more information, visit:


RiskSense Platform Overview:
White Paper on Operationalizing Cyber Risk:
Webinar on Cyber Risk Management: What’s Holding Us Back?

WatchGuard Uncovers Surge in Script-based Attacks Amid Spike in Overall Malware Volume

 WatchGuard® Technologies, a leader in advanced network security solutions, today announced the findings of its quarterly Internet Security Report, which explores the latest computer and network security threats affecting small to midsize businesses (SMBs) and distributed enterprises. The research revealed massive increases in scripting attacks and overall malware attempts against midsize companies throughout Q3 2017. The findings reinforce expectations of continued growth of new malware and various attack techniques in the coming months, further emphasizing the importance of layered security and advanced threat prevention solutions.

“Threat actors are constantly adjusting their techniques, always looking for new ways of exploiting vulnerabilities to steal valuable data,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies. “This quarter, we found that script-based attacks – like the fake Python library packages discovered in September – appeared 20 times more than in Q2, while overall malware attacks shot through the roof. Staying vigilant regarding these developments is half the battle. Every business can better protect themselves and their stakeholders by employing multiple layers of protection, enabling advanced security services and monitoring network logs for traffic related to the top threats mentioned in this report.”

The ever-growing mob of constantly evolving security threats can seem overwhelming to the average small business with limited staff and resources. WatchGuard’s Internet Security Report examines the modern threat landscape and delivers key data, educational guidance and in-depth research to help readers understand the latest attack trends and update their defenses. Major findings from the Q3 2017 report include:

  • Scripting threats account for 68 percent of all malware. WatchGuard’s Gateway AntiVirus (GAV) solution uses signatures that block various types of JavaScript and Visual Basic Script threats, such as downloaders. The sum total of these script-based attacks accounted for the vast majority of the malware detected in Q3.
  • Malware quantities have skyrocketed; a trend that will likely continue. Total malware instances spiked by 81 percent this quarter over last. With more than 19 million variants blocked in Q3 and the holiday season approaching, malware attempts will likely increase dramatically in Q4 as well.
  • Cross-site Scripting (XSS) attacks plague web browsers, spreading internationally. XSS attacks, which allow cyber criminals to inject malicious script into victims’ sites, continue to grow at a measured pace. Previous reports detailed XSS attacks against Spain alone, but in Q3, XSS attacks broadly affected every country.
  • Legacy antivirus (AV) only missed 24 percent of new malware. Over the past three quarters, signature-based AV has missed malware at increasing rates, peaking at almost 47 percent in Q2. But this quarter was a marked improvement with only 23.77 percent of new or zero day malware able to circumvent AV. While this data is encouraging, behavioral detection solutions are still the most effective way to block advance persistent threats.
  • Suspicious HTML iframes surface everywhere. Attackers are continuing to evolve how they leverage the HTML iframe tag to force unsuspecting victims to suspicious, and often malicious sites. While potentially malicious iframes showed up everywhere, including the U.S. and Canada, their numbers jumped significantly in both the UK and Germany.
  • Authentication is still a big target. Though not as prevalent as in Q2, attacks targeting authentication and credentials (like Mimikatz) returned in a big way this quarter. Aside from Mimikatz, brute force web login attempts were also highly visible, proving that attackers are continuing to target the weakest link – credentials.

WatchGuard’s Internet Security Report is based on anonymized Firebox Feed data from nearly 30,000 active WatchGuard UTM appliances worldwide, which blocked more than 19 million malware variants and 1.6 million network attacks in Q3. The complete report includes defensive strategies for responding to the latest attack trends, based on analyses of the quarter’s top malware and network threats. The report also examines the growing trend of supply chain attacks by evaluating the most notable instances from Q3 – NetSarang, Ccleaner and fake Python packages.

WatchGuard Threat Lab’s latest research project – a detailed analysis on Q3 phishing trends – is highlighted in the report as well. This project features email spam and malware data captured by the team’s “Artemis” honeynet, which is now publicly available on GitHub for download and use.

For more information, download the full report here.

Drive Trust Alliance Announces Free Fix for Lurking Ransomware Threats

There are many millions of computer hard drives, from every hard drive maker, that are especially open to devastating ransomware attacks.  These drives are known as a TCG Self-Encrypting Drives (SEDs).  If they are not properly initialized, there can be trouble with ransomware attacks.  If these are properly initialized, there is little or no danger of these ransomware attacks.

Most Solid State Drives or SSDs and many hard disk drives in laptops, desktops, and servers worldwide fall into this uninitialized category.  People worldwide use these SEDs today for boot drives, USB attached storage, and server storage.  Very few even know the danger.

And ransomware is not a thing of the past.  It continues.  An unsuspecting victim clicks on an email attachment, or something on the web, and his data is encrypted by the attacker. The attacker then demands a ransom payment to unlock his data.  Nobody is safe from a successful ransomware attack.  As one government official has remarked, it is not a question of “if” it is a question of “when.”

For over a decade these SED drives have been in distribution.  All too often, software does not properly initialize the drives to prevent ransomware attacks.  The hacker can then instantly employ the strong hardware drive encryption to encrypt the data on it.  As Dr. Robert Thibadeau of DTA remarks, “Notably, even Microsoft Bitlocker often does not detect the Self-Encrypting Drive, and will use Software Bitlocker.  Bitlocker then leaves the drive open to a ransomware attack that the guy didn’t expect.  The same is true for virus checkers and other security software.”

The Drive Trust Alliance (DTA) has introduced a small Windows program, for free, SEDProtect.exe.  This software will detect any vulnerable TCG Opal Self-Encrypting Drive connected to a computer.  SEDProtect is based on DTA Open Source which can also be downloaded for inspection.  See .  The protection is simple and easy as typing an owner password for the drive.  This need be done only once for the life of the drive.

To put these SEDs to safe use in USB Attached storage, DTA has introduced full featured software in DTA’s Personality Series of USB SEDs.  The USB Personality Series includes personal, small IT shop, family, archival, and forensic drives at the same low price. They are available on Amazon under “DTA hardware encrypting.”  Like SEDProtect, Personality Series USB software can also detect any other vulnerable USB drive that happens to be a TCG Opal SED, and will permit the owner to secure and manage that drive as well.

DTA urges everyone to check and protect their machines for TCG Opal SEDs.  DTA ( has an educational and technical mission to improve the adoption of hardware-encrypting storage.   Protected, the real owner of the drive can benefit from the self-encrypting drive’s amazingly strong privacy and security assurances.  Unprotected, ransomware wins.

Preempt Finds Flaw in Office 365 with Azure AD Connect Which Could Result in Domain Compromise

 Preempt, a leader in adaptive threat prevention that helps enterprises eliminate insider threats and security breaches, today announced its research team has uncovered a vulnerability with Microsoft Office 365 when integrated with an on-premises Active Directory Domain Services (AD DS) using Azure AD Connect software that unnecessarily gives users elevated administrator privileges, making them “stealthy”  administrators. Preempt provided responsible disclosure to Microsoft which has issued a customer security advisory today regarding the vulnerability.

Preempt discovered this surprising issue was occurring when customers were installing Microsoft Office 365 with Azure AD Connect software for on-premise AD DS integration (hybrid deployment). Preempt customers have been protected from this flaw since October by providing the in-depth defense with both alerting on stealthy administrators and real-time prevention when suspicious behavior is detected.

“Most Active Directory audit systems easily alert on excessive privileges, but will often miss users who have elevated domain privileges indirectly through domain discretionary access control list (DACL) configuration,” said Roman Blachman, CTO and co-founder at Preempt. “We refer to these users as stealthy admins. The majority of our customers’ have Office 365 hybrid deployments and almost every one of them were vulnerable to this because Azure AD Connect was installed in express settings and created this flaw.”

This discovered vulnerability points to a much larger issue as more companies move to the cloud. This vulnerability piles on to previously detected issues, including Microsoft Advisory 4033453, that has discovered an issue with writeback feature – granting Azure AD administrators complete control over on-premises AD DS infrastructure. Privileged users are often overlooked and are not managed correctly when synchronized with the cloud, due to limited toolset in comparison to the on-premises solutions. With the introduced cloud identity management, new management and security challenges are introduced.

By identifying stealthy administrative accounts through not-so-obvious delegation, Preempt helps enterprises ensure that privileged accounts are used consistent with corporate security policies. Unlike privileged identity management (PIM) or privileged access management (PAM) solutions that lack support for behavioral policy and adaptive response, Preempt is able to understand the full relational context of user identity and behavior allowing enterprises to not only identify such risks as MSOnline (MSOL) privilege escalations, but also detect and proactively prevent compromise of such accounts. Without Preempt’s real-time discovery, detection and enforcement, the possibility of a malicious attacker being able to gain domain administrator privileges through such vulnerabilities and cause damage, is significant for enterprises.

For organizations who need to determine if they are at risk of stealthy administrators in their organization either from cloud environments such as the Azure AD Connect account flaw or for other reasons, Preempt has developed a free tool, Preempt Inspector, that can provide a free enterprise health assessment for passwords, stealthy administrators and more.

The Free Preempt Inspector tool can be downloaded here:

BlackRidge Technology and MAD Security Partner to Deliver Next Generation Cyber Security Solutions to Government and Commercial Markets

 BlackRidge Technology International, Inc. (OTCQB:  BRTI), a leading provider of next generation cyber defense solutions, is pleased to announce a strategic partnership with MAD Security, LLC., a premier provider of cyber security solutions. The partnership provides a fully managed solution that protects enterprise networks and cloud services from today’s advanced cyber threats to federal agencies and commercial industries across the United States.

BlackRidge develops, markets and supports a family of products that provide next generation cyber security solutions for protecting enterprise and government networks, systems and cloud services. BlackRidge’s patented First Packet Authentication™ technology was developed for the military to cloak and protect servers and segment networks. Network and server resources are better protected and less vulnerable to compromise with BlackRidge in place.

MAD Security serves as an official reseller and integrator of BlackRidge Technology’s adaptive trust solution for cyber defense, providing both consulting and managed security services for BlackRidge products.

“We look forward to leveraging MAD Security’s expertise and extensive experience serving the Department of Defense, Department of Homeland Security, and civilian agencies,” said Scott Armstrong, Federal Director at BlackRidge Technology. “Our customers will benefit from having MAD Security integrate, deliver and manage a BlackRidge cyber defense solution.”

“We are very excited to begin this partnership with BlackRidge Technology as we pride ourselves in delivering next generation cyber security solutions to address today’s advanced cyber threats,” said Joe Delaney, Director of Federal Sales at MAD Security. “This is a substantial step in MAD Security’s aspiration to become an industry-leading cybersecurity integrator with strong products for the public sector. Reselling BlackRidge Technology’s cyber defense solution further strengthens MAD Security’s ability to serve customers in both the public sector and commercial markets.”

Study: One In Five Emails Sent Today Are From Unauthorized Senders, Highlighting Rampant Email Impersonation

 ValiMail, the world’s only provider of automated email authentication, today released research that reveals the overwhelming majority of company domains are vulnerable to rampant email impersonation attacks. ValiMail’s 2017 Email Fraud Landscape Report shows that most domain owners have not attempted to implement fraud protection through the latest and most complete form of protection, DMARC (“Domain-based Message Authentication, Reporting & Conformance”), a widely used standard that ensures only authorized senders can use an organization’s domain name in their emails.

“Email has been weaponized by hackers as the leading way to infiltrate networks, and the vast majority of businesses are leaving themselves vulnerable by either incorrectly configuring their authentication systems or forgoing protection entirely,” said Alexander García-Tobar, CEO and co-founder of ValiMail. “Businesses are asking their employees to complete an impossible task: identifying who is real and who is an impersonator, by closely examining every message in their inboxes. The only sustainable solution is for companies to take control of their email security at the technology level and stop placing the onus on employees to prevent phishing attacks.”

Key findings from the report, which analyzed the most popular one million global domains, include:

  • Email fraud is a pervasive threat. One in five messages sent today come from unauthorized senders, indicating massive amounts of fraudulent activity.
  • Virtually all domains lack adequate protection. Just 0.5 percent of the top million domains have protected themselves from impersonation by email authentication, leaving 99.5 percent vulnerable.
  • Incorrect DMARC deployments prevent email protection. Over three-fourths (77 percent) of domains that have deployed DMARC records remain unprotected from fraud, either through misconfiguration or by setting a permissive DMARC policy.
  • The difficulty of fully implementing and maintaining DMARC leads to inadequate protection. Only 15 to 25 percent of companies that attempt DMARC succeed at achieving protection from fraud, depending on category.
  • DMARC is accessible to most domains. Over three-fourths (76 percent) of the world’s email inboxes support DMARC and will enforce domain owners’ authentication policies, if those policies exist.
  • Implementing email authentication would save the average company $8.1 million per year in cybercrime costs — $16.2 billion annually across the Fortune 2000.

“ValiMail’s research demonstrates the volume of email fraud threats faced by companies today and highlights the alarming lack of understanding of how to combat these threats,” said Shehzad Mirza, the Director of Operations for the Global Cyber Alliance. “These findings highlight that a lack of email authentication is the most prevalent security vulnerability companies face. In order to truly protect our inboxes, we must drive greater adoption of cybersecurity technologies and protocols such as DMARC.”

DMARC’s influence and adoption rates are steadily growing. In October 2017, the Department of Homeland Security announced it would begin requiring federal agencies to implement DMARC within 90 days. Currently only 38 percent of the top government agencies have DMARC records and only 14 percent have reject/quarantine enforcement in advance of the of January 14, 2018 deadline.

To view the full study, which contains a breakdown of findings as they pertain to the Fortune 500, U.S. banks, “unicorn” startups, and cybersecurity companies, among other categories, go to

Forcepoint Uncovers Range of Security Threats for 2018: Predicts the Start of “The Privacy Wars”

Global cybersecurity leader Forcepoint today launched its 2018 Security Predictions Report, with security experts providing guidance on the threats facing organizations in the months to come.

Adding to the constantly shifting environment which security professionals face is a perfect storm of drivers influencing debate around privacy. This mega-trend will cause tectonic shifts in the privacy landscape and influence the ways in which organizations collect and manage data.

Forcepoint believes that the security industry has been focusing on the wrong things. Traditional security perimeters are eroding or becoming obsolete, and so, rather than focus on building bigger walls, the industry needs better visibility. Understanding how, when and why people interact with critical data, no matter where it is located, is crucial. Critical data continues to move to the cloud, malware is constantly evolving, and despite growing investments in defensive technologies traditional security controls prove ineffective.

“At the heart of our predictions is a requirement to understand the intersection of people with critical data and intellectual property,” said Dr. Richard Ford, Chief Scientist at Forcepoint. “By placing cyber-behavior and intent at the center of security, the industry has a fighting chance of keeping up with the massive rate of change in the threat environment.”

“We know that data leakage and ransomware will continue to be the focus for remediation and prevention, but behavior-centric risks are now behind a multitude of security incidents,” Ford continued. “People’s behavior should not be set in opposition to security: the two are not mutually exclusive. Users have the potential to unintentionally compromise their own systems in one minute and be the source of innovation in the next, but we can only empower users if we truly understand the ways they interact with critical business data.”

Eight for 2018
This year Forcepoint has made eight predictions. A preview can be found below:

Privacy Fights Back
Users’ perception of privacy has changed in recent years, with a steady erosion of the line between “personal” and “public.” There are tensions between individual rights and security for all as legal, technological, societal and political drivers combine to kick off what Forcepoint is calling “The Privacy Wars,” pitting technologists against the ordinary person on the street, and splitting opinion in government, at work and at home.

Prediction: 2018 will ignite a broad and polarizing privacy debate, not just within governments, but between ordinary people.

Data Aggregators: a Goldmine Waiting to be Tapped
The Equifax breach rocked the security industry, and the full impact of this breach has not yet played out. Forcepoint believes that this was the first of what will be many breaches on hosted business applications: those that contain information on a sales force, prospects and customers, or those which manage global marketing campaigns. Attackers seek the path of least resistance, and if they can find a weak link in a system which already contains the crown jewels of personal data, they will exploit it.

Prediction: A data aggregator will be breached in 2018 using a known attack method.

The Rise of Cryptocurrency Hacks
As cryptocurrencies grow in importance, including as a method of extracting revenue from cybercrime, Forcepoint predicts that the systems surrounding such currencies will increasingly come under attack. We expect to see an increasing amount of malware targeting user credentials of cryptocurrency exchanges, and that cybercriminals will turn their attention to vulnerabilities in systems relying on blockchain-based technologies.

Prediction: Attackers will target vulnerabilities in systems which implement blockchain technology.

Disruption of Things: It’s Going to Happen
The wide scale adoption of IoT devices in consumer and business environments, coupled with these devices often being both easy to access and unmonitored, has made them an attractive target for cybercriminals wishing to hold them ransom or obtain a long-term, persistent presence on the network. While ransomware of these connected things is possible, it remains unlikely in 2018. However, a new threat that will emerge in 2018 is the disruption of things. As the IoT offers access to both disruptive possibilities and massive amounts of critical data, we will see attacks in this area, and may also see the integration of a man-in-the-middle (MITM) attack.

Prediction: IoT is not held to ransom but instead becomes a target for mass disruption

Learn More about All Predictions

  • Download the Forcepoint 2018 Security Predictions Report to read more about these and four other predictions:
    • GDPR: Procrastination Now, Panic Later
    • Cloud Security: Cloud Admin is the New Domain Admin
    • Encrypted by Default: Implications for All
    • UEBA: The Next Giant Leap for the Industry
  • See how Forcepoint did against our 2017 predictions. Our Scorecard gives a grade to each prediction from last year– and overall, we got a B.
  • Join a live webcast to review the 2018 predictions in more detail. Webcasts run on Tuesday, Nov. 21 (10:30 a.m. GMT11:30 a.m. CET4 p.m. IST) or Thursday, Nov. 30, (2 p.m. ET1 p.m. CT11 a.m. PT).