7 Cybersecurity Trends to Plan for in 2018

In the past year, it’s become apparent that cyber breaches are on the rise, and they are crippling businesses in their wake. One of the most seriously impacted companies was Equifax, whose stock price plunged 30% after they announced one of the largest breaches in U.S. history.

If the last few months are any indication, cyber threats are going to continue growing in frequency and complexity. Businesses need to take a more proactive and holistic approach in order to protect their data.

7 Cybersecurity Trends to Plan for in 2018

Here are 7 cybersecurity trends that we predict will take a front seat in 2018.

1. Third-party vendor risks — According to a survey by Soha Systems, 63% of breaches in 2016 were caused by third-party vendors. To combat the increasing risk of cyber threats and protect their sensitive data, 41% of financial services firms are expected to increase spending on third-party vendor management by the end of 2017, according to the 2017 NSCP/ACA Aponix survey. For more information on third-party vendor risks and what you can do about them, see our post Don’t Let Third Parties Be Your Downfall.


2. Fourth-party risks — Your vendor’s vendors also pose a risk to your business. As major cloud service providers (i.e., Amazon, Microsoft, Google) continue to consolidate vendors, the risk of potential system failures across vendors grows.


3. Phishing remains the most prevalent threat — Targeted phishing attacks are growing in complexity and scale. 43% of financial services firms have reported targeted phishing attacks against their firm, according to the 2017 NSCP/ACA Aponix survey. Multiple firms have fallen prey to attacks that resulted in the breach of personally identifiable information (PII), as well as business email compromise scams and the compromise of internal networks.


4. Conducting due diligence before your next investment — The Equifax breach also highlights the need for stronger cyber merger and acquisition diligence, as failures in controls at TALX (Equifax’s subsidiary) led to data loss. In addition, poor software development controls at an Argentinian arm of Equifax exposed Equifax’s employee data. The Verizon/Yahoo deal also reminds us that it’s important to look under the hood before making your next investment, as Yahoo breaches knocked off $350 million from their deal.


5. Ransomware is evolving — According to a report, global ransomware damage costs will exceed $5 billion in 2017, up from $325 million in 2015. The greatest damage often comes in lost business and operational downtime. For example, Moersk, which was impacted by the WannaCry ransomware attack, estimated $300 million in losses due to downtime.


6. Badness planting is the next evolution in ransomware — Badness planting is a new form of ransomware that occurs when the ransomware author steals data and extorts the owner on the basis of disclosing the data. This type of attack was used against HBO, in which episodes of the network's shows were released early by attackers who attempted to extort a multi-million dollar payment from HBO.


7. Leveraging artificial intelligence (AI) and machine learning toolsets to prevent and detect cyber threats — Amazon recently purchased AI firm harvest.ai to add heuristics-based detection of sensitive data to the Amazon Web Services platform. Similarly, IBM integrated Watson into its security operations platform to read through security logs to detect incidents and supplement security operation center (SOC) capabilities.

For More Information

If you have any questions, please contact your regular ACA Aponix consultant or email us at info@acaaponix.com.