2017 was a busy year in the realms of cybersecurity. Ransomware spread like wildfire. The cyber underworld exploited security holes in operating systems resulting from code leaked from government secret services, as well as thousands of documents pilfered from the CIA about their cyber intelligence operations and hacking tools. Hackers interfered with election campaigns, and hackers also continued their tradition of keeping a number of websites and services under fire with DDoS attacks.
Last year cyber attacks also caused more financial damage than in all previous years. The Danish conglomerate Maersk, operating in maritime and container transport, lost hundreds of millions of dollars because of the NotPetya ransomware, as did Saint Gobal. Reckitt Benckiser, the producer of brands such as Calgon, Air Wick, Cilit Bang, Durex and Vanish, put a figure on their loss to be roughly 136 million USD.
But what do these events mean for the year 2018? Those looking into the crystal ball in such a dynamic area as cyber security and offering their predictions risk having egg on their face. Despite this, I will give it my best shot. Here are five predictions that could become a reality in the cyber world - if not in the next few months then I bet my bottom dollar will come to pass in the next two to three years.
1. Most organizations will fail to comply with the new legislative changes in the EU
This year, two new legislative measures will come into force with the goal of improving data protection (GDPR – General Data Protection Regulation) and the entire national cyber space (NIS Directive), especially in the European Union. GDPR is sending shivers of fear along the spines of some supplier and consulting firms, especially when it threatens them with huge fines and other terrors. The new changes in the legislation concern virtually every business, including small e-shops. Most organizations, however, will not have to comply with the legislation immediately – and it won’t even be necessary to. It will be essential to be able to at least document the steps that lead to compliance with the legislative requirements. It will be interesting to see how, for example, public administration deal with issues of protecting personal data.
2. DDoS attacks will bring to a standstill not only the internet
So-called DDoS attacks, which overload networks and bring services to a halt, are becoming increasingly popular in the hacker community. Various statistics and information from monitoring devices, show an annual increase in double-digit rates in the growth of attacks, but what is worse is that today these type of attacks in comparison with 2015 are on average up to four times greater. New types of botnet have also arrived on the scene to control devices connected to the Internet of Things (IoT), which consequently pave the way for a DDoS attack. The result will be not only more frequent downtime of web and internet connections, but also bringing critical services, such as supplying energy, to its knees.
3. Because of cryptocurrency we will pay more to recover our data
All over the world in recent months, the media has reported more and more cases where organizations, including hospitals, had to pay a ransom to unencrypt their stolen data from so-called ransomware. The coming year will see the number of such cases increase, especially with using the popular cryptocurrency as increasingly sophisticated ransomware has become on the dark web an extremely popular and easily available moneymaking tool. Not only for criminal groups but also for some state regimes. For example, a lifetime license for the Halloween malware can be bought for 40 USD. With the growth of sophisticated ransomware, security tools based on artificial intelligence have grown in significance. These AI tools can discover malicious code much earlier than traditional antivirus programs can.
4. Businesses will finally be able to insure themselves against cyber attacks
In the world today, we can buy terrorism insurance. But if you want to buy insurance against cyber attacks, which is much more likely today than being involved a transport accident, in many countries you would look in vain. In the USA in 2017, the insurance market for cyber attacks was worth 1.5 to 3 billion USD and will grow to over 20 billion USD by 2025. Forward looking companies are starting today to take cyber threats seriously as a significant business risk, not only an IT problem. In the northern countries of the European Union and the USA, this type of insurance is used by one-third of companies. In 2018, this type of insurance will appear in other countries, and over time this market will exponentially grow with each coming year. It will be interesting to assess the money paid out by insurance companies for this type of damage to companies affected.
5. A worldwide shortfall of almost 2 million IT security experts
The new, stricter legislation with the threat of severe penalties, cyber attacks more sophisticated and more aggressive than ever before, the acceleration of business digitization, and the greater damage to businesses with the unavailability of their services – this has all led to an increasing demand for experts in IT security. According to some estimates, there is a global shortage of two million cyber security professionals who should fulfill the new roles in companies and public administration resulting from the more stringent legislation and requirements for greater security of digital technologies.