By Nigel Tan, GSI Business Development, Asia Pacific, IBM Security
CYBERSECURITY became a household name in Malaysia in 2017 due to the record number of personally identifiable information that were exposed through major data breaches.
The breaches have raised the awareness among consumers and corporations to evaluate their security practices. According to Gartner’s 2018 Top 10 Strategic Technology Trends, the rapid technology innovation has also prompted 40% of global organizations to leverage artificial intelligence (AI) to improve their defenses.
But it does not discount the rise of new and emerging threats. Here are the top 5 trends for 2018 based on research by the IBM X-Force team:
1. AI vs. AI: 2018 will see a rise in AI-based attacks as cybercriminals begin using machine learning to spoof human behaviors. The cybersecurity industry will need to tune their own AI tools to better combat the new threats. As AI software becomes more mainstream and/or open source, cybercriminals will adopt AI tools to not only automate and accelerate their current activities, but more closely mimic natural behavior for social engineering and phishing purposes. The cat and mouse game of cybercrime and security innovation will rapidly escalate to include AI-enabled tools on both sides.
2. Identity Crisis: Data from the over 2 Billion records stolen in 2017will be used at a scale never seen before. Locally there was a data breach that involved over 46 million mobile phone subscribers. Legislation to curb use of stolen data will move closer to reality and companies will move further away from using identifiers like national registration identity card (NRIC). Alternatives to NRIC could include blockchain identity solutions, smart ID cards/ecards, biometrics, or a combination of these methods. Companies will shift to more secure methods involving risk-based authentication and behavioral analytics especially with the dawn of cashless shopping or e-wallet in Malaysia.
3. Ransomware Locks up IoT Devices: We'll see a pivot from using ransomware to lock up desktop computers to IoT devices. Expect the ransom to be lower as hackers move to a volume play and find a price point that is less than the cost of just "buying a new" one for users. Large organizations with deployments of IoT security cameras, DVRs and sensors will be especially impacted by the coming wave of IoT ransomware. Like the recent rise of ransomware attacks in the healthcare industry, cybercriminals will target infrastructure that could adversely impact operations.
4. (Finally) Getting Response Right: 2018 will be the year that we see a major company demonstrate a fast and appropriate response to a large-scale data breach or cyberattack, including effective communications to inform stakeholders within and outside of the business of the impact. With the implementation of GDPR in May 2018, organizations doing business in the EU will be facing stricter regulation around the protection of data, and must also report data breaches to regulators within 72 hours (or face steep fines; up to four percent annual turnover) and potentially notify the customer as well. With these penalties in mind, organizations are placing greater emphasis to prepare their incident response plans, which we hope will lead to an overall improvement in the aftermath of a breach.
5. Africa Emerges as New Area for Threat Actors & Targets: Our IBM X-Force IRIS team thinks with Africa’s growth in technology adoption and operations coupled with rising economy and its increasing number of local resident threat actors, has the largest potential for net-new impactful cyber events. In 2018, Africa will emerge as a new focus area for cyber threats – attacks targeting organizations based there and events originating from the continent are both expected to rise.