Virtualization Technology News and Information
Proficio 2018 Predictions: How Hackers will use Destructive Cyberattacks to Turn a Profit in 2018

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual series exclusive.

Contributed by Brad Taylor, CEO at Proficio

How Hackers will use Destructive Cyberattacks to Turn a Profit in 2018

In 2017, cybercriminals targeted nearly every industry in their attacks. The Equifax breach exposed the financial and credit data of 145 million people, one billion Yahoo! email accounts were found to be hacked, Shadow Brokers leaked government hacking tools, and the WannaCry ransomware attack impacted computers in 150 countries.

The wave of cyberattacks shows that no sector or organization is immune to pressing cybersecurity issues and everyone should be prepared for even more high-stakes hacks in 2018. For enterprises with strapped IT teams, it can be difficult to keep up with the fast-evolving threat landscape.

How Cybercriminals Are Changing Their Tactics

The proliferation of ransomware attacks, including the one against the popular ride-sharing app Uber, where executives paid hackers $100,000 to destroy stolen data, have signaled that cybercriminals are turning to havoc-causing methods to solicit payments from their targeted victims. However, many companies have been proactively making efforts to thwart data compromises through steeper investments in their cybersecurity programs. In fact, Gartner projects that cybersecurity spending will reach $93 billion in 2018. Due to this, most organizations should be able to detect and respond to traditional malware meant to encrypt and lock away sensitive corporate information. This has certainly upped the ante for hackers looking to make money with their unusual skills.

Historically, cybercriminals would threaten to damage a victim's secure network but stop short of carrying out the threatened attack in exchange for payment to prevent it. In the year to come, we can expect more hackers to inflict a "sample" of their threat for a limited time (to show what they're capable of carrying out) then demand payment under the threat of a sustained attack. The possibility of total data loss, a prolonged denial of service (DDoS) attack, or an attack on internet of things (IoT) devices may force organizations to dip into their pockets to make it stop.

How Enterprises Can Be Better Prepared

Even though we can expect hackers to become craftier in their approach, enterprises aren't out of luck. Increasing investments in technology, and adding in managed security services to supplement the shortcomings of limited, in-house staff, can help ensure organizations aren't left vulnerable to even the most sophisticated cybercriminals.

A managed security service provider (MSSP) can help IT security teams update and build uses cases and correlation rules as new attack scenarios surface. This way, an enterprise's security information and event management (SIEM) system knows what indicators of attack and indicators of compromise it should be looking for. If teams are incapable of identifying the correct indicators, they won't be able to identify which alerts are relevant attacks and which ones are not. A qualified MSSP can help maintain and fine tune a SIEM so security teams can receive only accurate alerts and provide recommendations on what steps to take next.

IT security teams should also continually assess their level of preparedness. At a minimum, they should perform an annual vulnerability assessment with ethical hackers to mimic a real attack scenario. To truly test the effectiveness of your cybersecurity, it needs to be as real as possible. Running attack drills on a regular basis can provide clarity into the areas a company needs to improve (whether it be detection, incident response, or remediation), and can inform teams on whether they're strong enough to handle incoming cyberattacks on their networks.

Achieve Cybersecurity Posture in 2018

The widening threat landscape in 2018 will require enterprises to be increasingly vigilant about their cybersecurity practices. Every company, regardless of industry or location, needs to be taking proactive steps to make sure they're ready. MSSPs can be a valuable ally to stressed IT security teams and can help companies implement best practices throughout the entire organization.


About the Author

Brad Taylor 

Brad Taylor is currently the CEO of Proficio. He has 20+ years of experience in the enterprise software, security, and networking industry as a senior executive in sales, marketing, business development, acquisitions, operations, and venture capital. 

Published Wednesday, January 17, 2018 7:20 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2018>