GDPR – SMB’s will be hit the hardest due to security immaturity
As GDPR comes into force on 25 May 2018, the burden of compliance will weigh most heavily on small and midsized businesses (SMBs).
Businesses with immature security practices will likely be challenged to demonstrate their due diligence and compliance under the regulation. It’s harder for SMBs to detect advanced adversaries and respond and remediate within the parameters of GDPR. In some cases, they may need to completely re-architect their security strategy and staffing, straining their already limited budgets even further. For SMBs hit with heavy fines, this could be the balance between remaining in or going out of business.
Enterprise ransomware will become a major trend
Disruptive and destructive attacks came to the forefront in 2017 with the WannaCry, NotPetya and BadRabbit malware outbreaks that have successfully taken companies offline for days and, in some cases, even weeks. While mostly destructive and not truly ransomware in nature, these attacks highlighted the potential for criminal groups to hold entire networks hostage while demanding millions of dollars in ransom from businesses who need to get their operations back up and running. These viral ‘enterprise ransomware’ attacks will likely become a major trend amongst the e-crime actors in 2018.
North Korea – potential for attacks against the global financial sector
We’ve been worried for some time that one of the ways that North Korea may try to deter a possible military attack against their nuclear or ballistic missile facilities is through asymmetric operations, which these days also include significant cyber-attack capabilities. In particular, due to North Korea’s lack of dependence on global financial system and the importance of it to US and Western economies, as well as past history of intrusions into major banking institutions by DPRK, the financial sector is one that will likely suffer the brunt of these attacks, should the North Koreans determine that a kinetic attack against them is imminent.
Iran – ongoing attacks against Saudi Arabia, and perhaps even the US
We have observed Iran invest significant resources in advancing its cyber capabilities over the last 7 years. Continued tensions and proxy wars with Saudi Arabia over the conflicts in Syria, Yemen and the blockade of Qatar, have resulted in waves of cyber-attacks from Iran against Saudi Arabia. These attacks are likely to continue and potentially escalate into 2018. If the US pulls out of the JCPOA nuclear agreement and attempts to reinstitute financial sanctions against Iran, they may expand those attacks to include even the U.S. financial and energy sectors.
Software supply chain will be the new vector
Recent events have demonstrated that the software supply chain is becoming an attractive way for nation-state threat actors to target organizations en-masse. Compromising the update channel of a popular software package can immediately give access to thousands of victims in one fell swoop. While these software supply chain attacks are not new, the frequency with which they have been taking place are a cause for concern. As evidenced by this momentum, the software supply chain will likely become a favourite threat distribution vector for criminal groups as well in 2018.