Cybersecurity technology company McAfee has released the top 5 trends and challenges in the security market in 2018.
McAfee Labs 2018 Threats Predictions Report focuses
# the evolution of ransomware from traditional to new applications
# cybersecurity implications of serverless apps
# consumer privacy implications of corporations monitoring consumers in their own homes
# implications of corporations gathering children’s user-generated content
# emergence of machine learning innovation race between defenders and adversaries
Steve Grobman, chief technology officer for McAfee, said: “Though technologies such as machine learning, deep learning, and artificial intelligence will be cornerstones of tomorrow’s cyber defenses, our adversaries are working just as furiously to implement and innovate around them.”
An adversarial machine learning “arms race” will develop between defenders and attackers.
Machine learning can process massive quantities of data and perform operations at great scale to detect and correct known vulnerabilities, suspicious behavior, and zero-day attacks. But adversaries will certainly employ machine learning themselves to support their attacks, learning from defensive responses, seeking to disrupt detection models, and exploiting newly discovered vulnerabilities faster than defenders can patch them.
To win this arms race, CIOs and organizations must effectively augment machine judgment and the speed of orchestrated responses with human strategic intellect. Only then will organizations be able to understand and anticipate the patterns of how attacks might play out, even if they have never been seen before.
Ransomware will pivot from traditional extortion to new targets, technologies, and objectives.
The profitability of traditional ransomware campaigns will continue to decline as vendor defenses, user education, and industry strategies improve to counter them. Attackers will adjust to target less traditional, more profitable ransomware targets, including high net-worth individuals, connected devices, and businesses.
The pivot from the traditional will see ransomware technologies applied beyond the objective of extortion of individuals, to cyber sabotage and disruption of organizations. This drive among adversaries for greater damage, disruption, and the threat of greater financial impact will not only spawn new variations of cybercrime “business models,” but also begin to seriously drive the expansion of the cyber insurance market.
Serverless apps will save time and reduce costs, but they will also increase attack surfaces for organizations implementing them.
Serverless apps enable greater granularity, such as faster billing for services. But they are vulnerable to attacks exploiting privilege escalation and application dependencies. They are also vulnerable to attacks on data in transit across a network, and potentially to brute-force denial of service attacks, in which the serverless architecture fails to scale and incurs expensive service disruptions.
Function development and deployment processes must include the necessary security processes, scalability capabilities must be made available, and traffic must be appropriately protected by VPNs or encryption.
Connected home device manufacturers and service providers will seek to overcome thin profit margins by gathering more of our personal data—with or without our agreement—turning the home into a corporate store front.
Corporate marketers will have powerful incentives to observe consumer behavior in order to understand the buying needs and preferences of the device owners. Because customers rarely read privacy agreements, corporations will be tempted to frequently change them after the devices and services are deployed to capture more information and revenue.
Corporations collecting children’s digital content will pose long-term reputation risks.
Corporations will become more aggressive in enabling and gathering user-generated content from younger users. In 2018, parents will become aware of notable corporate abuses of digital content generated by children, and consider the potential long-term implications of these practices for their own children.
Many future adults will suffer from negative “digital baggage,” user content developed in a user-app environment where socially appropriate guidelines are not yet well defined or enforced, and where the user interface is so personally engaging that children and their parents do not consider the consequences of creating content that corporations could use and potentially abuse in the future.
McAfee predicts that the May 2018 implementation of the European Union’s General Data Protection Regulation (GDPR) could play an important role in setting ground rules on the handling of both consumer data and user generated content in the years to come.
The new regulatory regime impacts companies that either have a business presence in EU countries, or process the personal data of EU residents, meaning that companies from around the world will be compelled to adjust the way in which they process, store, and protect customers’ personal data.