Paradigm Shifts – What to expect in 2018

Skills and resources – these are the two elements that make up an attacker’s arsenal. An attacker, however, cannot set out to break security or even perform sophisticated attacks without finding weak points in a system first. Massive malware attacks, email-borne heists, hacked devices, and disrupted services – all of these require a vulnerability in the network, whether in the form of technology or people, in order to be pulled off.

Increased connectivity and interaction over insecure networks are a given. Unfortunately, poor implementation of technologies adds to the likelihood of threats being realised. Having protection where and when it’s needed will become the backbone of security in this ever-shifting threat landscape.

In 2018, digital extortion will be at the core of most cybercriminals’ business model and will propel them into other schemes that will get their hands on potentially hefty payouts. Vulnerabilities in IoT devices will expand the attack surface as devices get further woven into the fabric of smart environments everywhere. Business Email Compromise scams will ensnare more organisations to fork over their money. The age of fake news and cyberpropaganda will persist with old-style cybercriminal techniques. Machine learning and blockchain applications will pose both promises and pitfalls. Companies will face the challenge of keeping  up with the directives of the General Data Protection Regulation (GDPR) in time for its enforcement. Not only will enterprises be riddled with vulnerabilities, but loopholes in internal processes will also be abused for production sabotage.

These are the threats that will make inroads in the 2018 landscape. As such, they will serve as further proof that the days of threats being addressed with traditional security solutions are behind us. As environments become increasingly interconnected and complex, threats are redefining how we should look at security.

Trend Micro has looked into the current and emerging threats, as well as the security approaches tailored for the landscape. Read on to find out how to make informed decisions with regard to the security focus areas that will figure prominently in 2018.

Tackling Security in 2018
Given the broad range of threats the landscape currently bears and will expect to face in 2018 – from vulnerabilities and ransomware to spam and targeted attacks – what enterprises and users alike can best do is to minimise the risk of compromise at all layers.

Better visibility and multilayered security defence for enterprises
To combat today’s expansive threats and be fortified against those yet to come,  organisations should employ security solutions that allow visibility across all networks and that can provide real-time detection and protection against vulnerabilities and attacks. Any potential intrusions and compromise of assets will be avoided with a dynamic security strategy that employs cross-generational techniques appropriate for varying threats. These security technologies include:

• Real-time scanning: Active and automatic scans allow highly efficient malware detection and improved machine performance.
• Web and file reputation: Malware detection and prevention through web reputation, anti-spam techniques, and application control protect users from ransomware attacks and exploits.
• Behavioural analysis: Advanced malware and techniques that evade traditional defences are proactively detected and blocked.
• High-fidelity machine learning: Human inputs augmented with threat intelligence data allow rapid detections and accurate defences against known and unknown threats.
• Endpoint security: Security that employs sandboxing, breach detection, and endpoint sensor capabilities detect suspicious activities and prevent attacks and lateral movement within the network.

Best practices and sustained protection for end-users
Having different devices and applications to access information is becoming second nature in today’s increasingly connected world. Regardless of device, application, or network, users will be able to fill the security gaps with proper configurations:

• Change your default passwords. Use unique and complex passwords for smart devices, especially for routers, to significantly reduce the possibility of attackers hacking into the devices.
• Set up devices for security. Modify devices’ default settings to keep privacy in check and implement encryption to prevent unauthorised monitoring and use of data.
• Apply timely patches. Update the firmware to its latest version (or enable the auto-update feature if available) to avoid unpatched vulnerabilities.
• Deflect social engineering tactics. Always be mindful of emails received and sites visited as these can be used for spam, phishing, and targeted attacks.

Enterprises and users are better positioned if protections in place are able to cover the entire threat life-cycle with multiple security layers. From the email and web gateway to the endpoint, having a connected threat defence ensures maximum protection against the constantly evolving threats of 2018 and beyond.

To read Trend Micro’s full 2018 Threat Landscape Report, click here. If you have any questions, please do get in touch.