2017 was a banner year for cybercriminals and thieves with large scale breaches, bank heists, extortion scams and a proliferation of state-sponsored hacking tools. The fallout from all of those events will be felt well into 2018, along with unintended consequences stemming from the wild ride Bitcoin and other cryptographic currencies had this past year.
The bottom line: brace yourself for a rocky 2018.
1) More big data cloud breaches
2017 was peppered with major data breaches caused by failure to properly secure large data sets.
Breaches ranged from a US Army project to scrape social media posts to scour the web for potential intelligence, to Accenture's exposed S3 buckets that offered up decryption keys, authentication info and more, to 200 million detailed American voter records collected by a data analysis firm.
It's clear that there's a ton of big data that's just sitting in the open, improperly secured.
2) Bitcoin's wild ride will cause headaches for criminals and victims
You'd think that one group that benefited the most from Bitcoin's wild ride was cyber thieves who rely on the cryptocurrency for various ransomware and extortion schemes, and in the short term that's certainly true. But Bitcoin's rapidly escalating price also increases its transaction fees as well as regulatory scrutiny, pushing criminals to lesser known coin alternatives.
All of this means it's going to be more expensive and more risky to stockpile bitcoins as a strategy to deal with ransomware. The cost of not properly investing in security is rising as are the odds the criminals will demand alternative coins.
3) It's still all about the basics
We hear a lot in the security world about so-called advanced persistent threats. It's a misnomer - for the most part these groups use basic tactics - phishing, open source vulnerability scanners and exploitation platforms and more common tools to gain their initial foothold into an organization.
Many of these threats can be proactively stymied with simple steps such as deploying an effective and continuous training program for your organization and implementing two-factor authentication (or at least two factor authentication for all key IT staff and more).
4) Increased regulatory scrutiny and lawsuits
From the full implementation of the European General Data Protection Regulations (GDPR), to multiple governmental investigations of international data breaches such as Equifax and Uber, to class action lawsuits by victims, the regulatory and legal costs of data breaches will continue to rise in 2018.
5) Blockchain and better cryptography won't be silver bullets to cybercrime
There's a lot of hype about block chain technology and new approaches to cryptography and how they're going to stop hacking and cybercriminals once and for all.
Don't believe it.
Cyber isn't just a technology problem - it's a people, process, culture and technology problem. Innovative approaches to technologies will help improve defences or resiliency but cannot solve the problem on their own.
David Shipley is the CEO and co-founder of Beauceron Security Inc. David is a cybersecurity veteran who has spoken at national and global technology and business conferences across North America. David is the former cybersecurity lead at the Univeristy of New Brunswick. He frequently appears in local, regional and national media to talk about technology and cybersecurity issues.