As businesses return from the holiday season and prepare to launch into a busy 2018, one thing remains certain, cybercrime will still play a major role in 2018. As Australia prepares to embark on the implementation of the mandatory data breach notification for business in less than a month’s time, it is important to navigate the cyber-sphere.
At One Identity we have predicted that 2018 will be plagued by malware, shadow IT, the end of firewalls and virus protection, and of course the era of legislation about breaches being introduced around the world.
Malware-as-a service goes mainstream
Malware is already a lucrative business, and cybercriminals have realised they stand to make even more money by turning the tools they use into a commodity and selling them through affiliate programs.
Criminals with little know-how can purchase malware kits that come with easy-to-use, single-line command scripts, making it simple for someone with just a little money and access to the cybercriminal underground to launch a cyberattack. These kits are already gaining popularity, and we anticipate they will become more sophisticated with new features like the ability to target specific groups or users and credential harvesting.
Shadow IT continues to loom
The surge in solutions being purchased and used inside an organisation without explicit approval from IT will continue. Companies will focus more on context-aware security, giving them a basis for breach prevention, as well as invest in identity and application governance solutions. Organisations will also integrate robust employee education and training programs on the dangers of shadow IT, if they’re going to have a chance at combating it in 2018.
Firewalls and virus protection officially become obsolete
In a world of cloud computing, the notion of a firewall is all but irrelevant. And with the proliferation of zero-day virus signatures, virus protection is completely ineffective. Today, all an attacker needs are the stolen credentials of your user.
To protect your organisation, traditional “defense in depth” -- firewalls, encryption, application barriers and the like -- will no longer cut it. In 2018, we’ll see more and more organisations turn to an “identity in depth” approach to security, whereby they’ll augment traditional forms of cybersecurity with modern, intelligent, and adaptive identity-centric solutions.
Legislation will become a main focus, but guidelines will lag behind
With Australia enacting its cybersecurity-related legislation on 22 February 2018, we’ll see cybersecurity and cyber protection gain significant attention among lawmakers, globally. However, because the rate of change and adoption within the industry is vastly outpacing regulation, we’ll see a significant “knowledge vacuum,” whereby there will be mass confusion around how to actually put these laws into practice. In 2018, we’ll see businesses increasingly turn to consultants to help provide the needed education, guidance and context around these new laws to ensure compliance.
Technology will no doubt have a vital impact on how organisations conduct business throughout 2018 and the risk of cybercrimes is ever more present today than ever before.