Each year we put together some of our thoughts related to predictions in the cyber security and hacking realms for the coming year. So what can we expect to see in 2018?
- We’re hopeful for increased use of security basics. If individuals and devices could figure out credential security that would make a massive difference. For humans, using two-factor authentication (2FA) and a password manager would make a world of difference. For device makers (like home routers, cameras, etc), forcing owners to change default credentials, and automatically staying updated would keep our internet safer. What happens when devices are put online with unsecured services and accounts? Remember the Mirai botnet/worm? DDoS, Click Fraud, and many other types of very dangerous/criminal activities thrive in an unsecured Internet. Insecure passwords, whether human selected or insecure defaults, are something we see again and again on our penetration testing engagements, but we hope the industry will learn from these issues over the past years.
- Because of that, in 2017, we gave numerous talks on the security of embedded, industrial, and IoT systems (https://www.vdalabs.com/2017/11/22/embedded-iot-security/). We pointed out that not only could DDoS weapons be created, but creepier spying (via unsecured cameras), and potentially dangerous attacks against building controls, HVAC systems, and more are likely to happen in 2018. Malware has come a long way since being just user/desktop focused. Industry, transportation, health, financial, defense, – no business sector is free from cyber security concerns. Each vertical must ensure that the code, apps, devices, and other technologies that are being deployed so rapidly – must be launched with at least a basic security standard (which is yet to exist equally across sectors).
- Legal concerns related to e-discovery, intellectual property theft, contract law, and online privacy and safety continues to rise, as the world we live is more and more digital and connected. We helped in a number of such cases in 2017, and continue to see the importance of technical experts in the courtroom as not just a nice to have, but required. Lawyers will increasingly not be able to separate legal and technical issues, and will need knowledge and support in those matters.
- In 2017, we helped reporters understand the maturing Darknet (https://www.vdalabs.com/2017/11/14/get-darknet-safely/). There are many vile services offered there. Among them, selling breached personal and account information is active. And again, we saw plenty of mega breaches in 2017. You might recall the Equifax and Uber breaches? Because these are likely to continue, look for three things to happen: (1) Companies who cannot show due-diligence (through proper security testing, internal training, and risk assessment) in the face of breaches will be held increasing accountable. (2) Attackers will find increasingly creative way to sell and abuse your personal data. (3) Individuals will increasingly look to services that help them freeze and monitor their personal credit to avoid becoming a victim.
As always, what we truly hope for is a prosperous and peaceful new year. We see time and again, that when people put their minds together for good, creative and helpful solutions can be found. Blessings in the new year!