The Symantec 2018 Cybersecurity Predictions Part 2/3

The Symantec 2018 Cybersecurity Predictions Part 2/3

Supply Chain Attacks Will Become Mainstream

Supply chain attacks have been a mainstay of the classical espionage and signals-intelligence operators, compromising upstream contractors/systems/companies and suppliers. They are proven to have a high-level of effectiveness, with nation-state actors using a mix of human intelligence to compromise the weakest link in the chain.

These attacks are moving into the cybercriminal space, becoming mainstream. With publicly available information on suppliers, contractors, partnerships and key-people, cyber criminals can find victims in the supply chain and attack the weakest link. With a number of high profile successful attacks in 2016 and 2017, cyber criminals will focus on this method in 2018.

 

File-less and File-light Malware Will Explode

2016 and 2017 have seen consistent growth in the amount of file-less and file-light malware, with attackers capitalising organizations that lack in preparation against such threats. With fewer Indicators of Compromise (IoC), use of the victims’ own tools, and complex disjointed behaviours, these threats have been harder to stop, track and defend against in many scenarios.

Like the early days of ransomware, where early success by a few cyber criminals triggered a gold-rush like mentality, more cyber criminals are now rushing to use these same techniques. Although file-less and file-light malware will still be outnumbered by orders-of-magnitude as traditional style malware, they will pose a significant threat and lead to an explosion in 2018.

[adrotate group=”1″]

 

Organisations Will Still Struggle With Security-as-a-Service (SaaS) Security

Adoption of SaaS continues to grow at an exponential rate as organizations embark on digital transformation projects to drive business agility. This rate of change and adoption presents many security challenges as access control, data control, user behaviour and data encryption vary significantly between SaaS apps. While this is not new and many of the security problems are well understood, organizations will continue to struggle with all these in 2018.

Combined with new privacy and data protections laws adopted by regulators across the world, these will pose major implications in terms of penalties, and more importantly, reputational damage.

 

Organisations Will Still Struggle With Infrastructure-as-a-Service (IaaS) Security – More Breaches Due to Error, Compromise & Design

IaaS has completely changed the way organisations run their operations, offering massive benefits in agility, scalability, innovation and security. It also introduces significant risks, with simple errors that can expose massive amount of data and take down the entire system.

While security controls above the IaaS layer are customer’s responsibility, traditional controls do not map well – leading to confusion, errors and design issues with ineffective or inappropriate controls being applied, while new controls are ignored. This will lead to more breaches throughout 2018 as organizations struggle to shift their security programs to be IaaS effective.

Next Page > The Symantec 2018 Cybersecurity Predictions Part 3/3

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!