Wombat Security Reveals Top Security Predictions for 2018

Wombat Security Technologies (Wombat), the leading provider of cyber security awareness and training, reveals their 2018 security predictions. As 2017 comes to a close, a look back on some of the biggest cybersecurity breaches of the year — including WannaCry, NotPetya, KRACK, and the Equifax breach — shows no organization is immune to security risks. Looking ahead, the Wombat team concludes there is no sign of slowing down for these attacks, and phishing is predicted to continue serving as a key access point. This supports Wombat’s long-standing belief that end-user security awareness and training initiatives are vital to an organization’s last line of defense against devastating attacks.

Below are the top 2018 predictions from the Wombat Security team:

  • 2018 will undoubtedly see a big increase in cyber-attacks on critical infrastructure worldwide, with phishing continuing to be a key point of entry. Therefore, end-user training on how to recognize these risks is a considerable factor in the fight against cybercrime.
  • The GDPR and NIS Directive will bring shockwaves as cases of non-compliance are revealed, with organizations facing significant fines and public scrutiny. Some companies — including those based in the US but with European customers or suppliers — will fail their mission to comply with the GDPR, and the results will be very public and very expensive. In 2018, global enterprises will need to revise their cyber missions to dedicate themselves to improved cyber defense. As it has always been, quality, targeted end-user awareness training will be pivotal.
  • Phishing will remain by far the most dangerous method for a cyber-attack. In our 2017 State of the Phish™Report61 percent of infosec professionals reported experiencing spear phishing attacks. The ideal strategy against these threats, because technology often doesn’t catch spear phishing attacks, is a proactive, comprehensive training program that helps users defend against this increasingly pervasive threat. Smishing will become a more successful and prominent vector for cyber-attacks, but the very prevalent and dangerous email phish – which comes in many forms – will persist as the most common vector for cyber-attacks. We will see more ransomware attacks, more identity theft, and more large (and even multi-national) data breaches that will begin with a simple phish. Though it wouldn’t be surprising to see the overall volume of phishing emails decrease, the increasingly sophisticated nature of these attacks will result in higher failure rates with uneducated users.
  • The IoT will further complicate — and compromise — cybersecurity. All verticals and companies that rely on internet connectivity to conduct business will see their cyber risk grow in 2018. Financial services, retail, and healthcare verticals will be primary targets, because of the significant monetary gains and because previous attacks against these verticals have been so successful. Also, the greater reliance on the Internet of Things (IoT) will present new vectors for attacks. Managing vulnerabilities with IoT devices in the mix will prove more difficult than managing vulnerabilities inside a typical enterprise data center operation.
  • Attackers will seek opportunities to not just steal data, but to undermine data integrity. In 2018, we may see the very first attack that attempts to disrupt the integrity of patient care laboratory results or alter financial statements for a financial services company. We think about the impact of identity theft as a primary purpose, because identities have financial significance. But we rarely think as well about the potential for attacks directly against data integrity. A complete breach of confidence may result, and then we will all need to rethink how and why we connect to the internet and compute.
  • The use of Facebook and other internet-based vectors to promote particular agendas will continue to increase in 2018. The use of social media to advance a particular (even nefarious) agenda has been so wildly successful that we can readily expect its continued use and expansion for other causes and from other national sources in 2018. This activity is still in its infancy, and we have yet to see the full impact of cyber propaganda upon our politics, governments, and cultures worldwide.