Each year seems to top the last when it comes to the rising threat of cyber attacks. 2017 was the year of the Equifax and Uber data breaches, the massive WannaCry cyber attack, another notable Yahoo! data breach and even a Deep Root Analytics data breach that compromised the personal information of nearly 200 million U.S. voters.
But what takes place outside of the headlines—in the world of our cyber security professionals—is even more staggering. In fact, the volume of cyber security threats has become downright overwhelming, with organizations having received an average of 17,000 malware alerts per week in 2017. With that in mind, it’s no surprise to learn that 93 percent of cyber security personnel are overcome by alert data and unable to triage all potential threats, according to Intel Security.
The cost of cyber crime damage is predicted to surpass $6 trillion annually by 2021, making it more profitable than the global trade of all major illegal drugs combined. In addition to the cost of damages is the financial obligation of supporting cyber security efforts, which is expected to exceed $1 trillion by 2021. The combination of these alarming statistics means that the impact of cyber crime has the potential to more than triple the number of cyber security job openings within that same time frame.
But are there enough cyber security hopefuls out there to fulfill this surging industry need? Where can up-and-coming cyber security professionals expect to focus their efforts as we move into and beyond 2018? And what should the average consumer know about the top cyber security threats currently on the horizon?
We canvassed an assortment of technology professionals to get their insight on those very questions. Take a look at what they had to say.
Experts predict 6 cyber security threats on the horizon
“Cyber security is always evolving, as are the threats we face,” says John Iannarelli, a retired FBI special agent executive who worked on behalf of our government for more than two decades, acting as the FBI’s national spokesperson and on the FBI Cyber Division executive staff. “To stay ahead of cyber criminals, it is important to examine the existing terrain and predict what is likely to happen next.”
From an increase in organizational data breaches and ransomware expansion to an intensifying need for cyber security talent, our panel of experts have forecasted the following six threats as belonging among the most prominent ones we’ll face in our near future.
1. Internet of Things and mobile devices remain big targets
From smart cars and voice-activated digital assistants to controlling every gadget in our homes with the press of a button on our phones, the phenomenon called the Internet of Things (IoT) has seemingly taken over our modern way of life. But it’s true that amidst the avalanche of perks enabled by IoT, there are also some notable risks many may not have considered.
“IoT security is becoming a real concern, and every device is at risk,” warns Fatih Orhan, vice president of threat labs at Comodo. “We need to be as vigilant with these types of devices as we are with PCs and servers.”
Many digital professionals recognize the potential hazards of the steep rise in popularity of such a new type of technology—one that undoubtedly has a number of kinks yet to be worked out. Lauren Hilinski, digital marketing director at Record Nations, explains that IoT is quickly entering the homes of many people through devices like the Google Home™ and Amazon Echo™. “This type of technology, still in its infant stages, is attractive to hackers, and we will probably see these types of devices targeted in 2018,” she says, adding that products will also likely offer more security measures as they develop further.
“For both individuals and businesses to protect themselves, the basics of cyber security remain the same,” Iannarelli offers. “Strong passwords—not just for the user logging on, but for all IoT devices as well, are needed.” When users fail to reset the IoT password from the factory default setting, for example, this practically acts as an invitation for a hacker to come inside.
Our rampant use of our mobile devices also puts everyone at a general level of risk, poses Keri Lindenmuth, marketing manager at KDG. “While we may think seriously about protecting our desktops, we think very little of antivirus programs for mobile devices,” she says. “There’s an app for everything and millions of users—from individual consumers to businesses—may be in danger should a hacker attempt to take advantage of them [through] a mobile download.”
2. Ransomware evolves
As hackers continue to advance, it’s becoming clear that they’re growing tired of the months it takes to profit from point-of-sale malware breaches and exfiltrating credit card data, explains Kevin Watson, CEO of Netsurion. “Cyber criminals want a quicker fix and more money. And with the impressive success of the global WannaCry and NotPetya outbreaks, they’re taking notice of what works,” he adds.
Watson suggests that ransomware is the inevitable next step. “We believe that enterprising criminals will target both large and small retailers with ransomware attacks to force large, immediate payments to restore operations,” he says. A major ransomware attack can have lasting impacts on the competitive edge and overall reputation of any large retailer, while it can put smaller retailers out of business altogether. This can translate to a large profit for cyber criminals within minutes.
Ransomware attacks, of course, are nothing new. But they will continue to evolve as we move forward—as Carl Mazzanti, vice president and co-founder of eMazzanti Technologies, suggests that ransomware’s major threat will continue as it increasingly targets new industries. “Healthcare has already seen its share of ransomware attacks, but we should look for growing numbers of incidents in the manufacturing and local government sectors,” he says, explaining that these two areas represent relatively soft targets for cyber criminals due to underinvestment in security.
3. Medical identity theft increases
Albeit a newer form of identity theft, medical identity theft has become quite a dangerous threat to millions of people. This occurs when a person’s medical insurance and important personal information is stolen—information that can be used to obtain medical appointments, access prescription drugs, file false insurance claims and more.
It’s also true that stolen medical data typically has a longer lifespan than financial data like credit card numbers, which can quickly be canceled if fraud is detected, explains Alayna Pehrson, digital marketing strategist at Best Company. “Medical data is also targeted because medical facilities are more likely to have a weaker security system,” she says, pointing to the fact that healthcare facilities have only recently begun transitioning to electronic health record systems.
With records for millions of people stored within our healthcare system, an abundance of medical data is made potentially accessible to hackers in one place. “Becoming a victim of medical identity theft can be devastating,” Pehrson says. She encourages people who hope to avoid this type of theft to closely monitor your health records, be cautious when sharing health information, avoid accessing medical data on public Wi-Fi, be aware of potential medical scams and stay on top of all medical charges and bills.
4. Unintentional insider threats rise
“Users are still users,” states Andy Jordan, special project lead at Mosaic451. Whether it’s serial usage of an uncomplicated password, negligence in running routine software updates or even something as simple as keeping devices unlocked, unintentional insiders will often pose one of the largest cyber security threats.
“The result of our humanity is that we all make mistakes. To combat this, we have started leveraging technology to help us make [fewer] mistakes,” Jordan continues, although he explains that when considering things like phishing attacks and unsafe browsing habits, technology cannot prevent every potential user misstep. It’s also true that the increasing number of individuals who conduct professional matters on personal devices like smartphones can pose even more risks, since a compromise to one side will inevitably impact the other.
Jordan acknowledges that in today’s technological culture, a person’s digital identity cannot be easily segmented. To better protect ourselves and our affiliated businesses, he suggests the following:
- Ensure you’ve defined your organizational policies to include restrictions for the use of personal data and identity on organizational devices.
- Create different and longer passwords for each service you use.
- Use protective controls for email and web proxies.
- Leverage software-defined network segmentation to restrict untrusted devices from accessing trusted zones.
5. Organizational breaches continue
One of the most notable cyber attacks seen in 2017 was a massive data breach at Equifax, one of the nation’s three major credit reporting agencies. This resulted in the exposure of sensitive personal information of 143 million American consumers.
“While the Equifax breach was a significant breach, it will not be the last breach we see,” Jordan ensures. “Organizations are not purposely negligent, nor do they desire to disrespect the sensitive information they use to run their businesses. The problem is that there are so many points in an organization where hidden gaps can exist.” He cites poor application design and misconfigured cloud environments as two common examples we see today.
Jordan recommends that organizations do the following to better protect themselves against potential breaches:
- Integrate application security practices into your DevOps processes.
- Perform continuous vulnerability scanning to help identify gaps in your patching and configuration programs.
- Leverage PenTests to simulate how a malicious actor could get into your network along with what sensitive data they are able to access.
- Use cloud technologies like CloudCheckr to help identify configuration issues with your cloud environments.
6. Need for cyber security professionals intensifies
It has been predicted that there will be 3.5 million unfilled cyber security positions by 2021. One of the key cyber threats we’re currently facing is a simple one, suggests Karla Jobling, international MD and founder of BeecherMadden. “There are not enough people working in cyber security,” she states, pointing not only to the potential to hire up-and-coming cyber security professionals, but also to an increased need for cyber security training across a variety of positions.
“There are some very basic cyber problems that can be addressed by communication and training,” she says, while adding that with a shortage of people working in this area, companies may want to keep an eye out for career changers looking to break into the field. While targeted, advanced attacks are always going to be a risk to businesses, Jobling maintains that many threats can be solved with having the right team in place.
“Hiring and training enough skilled security workers will continue to be one of the biggest challenges facing CISOs in 2018 and beyond,” asserts Jack Miller, chief information security officer (CISO) at SlashNext. “We first need to fill the growing shortfall of qualified security experts who have the necessary skills and experience to solve these problems for organizations of all types and sizes.”
Could you be what the industry needs?
It can feel like today’s digital landscape has become more of a virtual war zone, and businesses of all kinds are aware of the need for skilled cyber security professionals who can help them thwart threats from cyber criminals and keep their coveted data safe. If you’re interested in a robust career in technology, it may be time to set your sights toward information security.