As another year draws to a close, it’s the perfect time to look back at the 2018 cybersecurity landscape, review the fraud trends that dominated the headlines and make some educated predictions on what lies ahead.
IBM Security Global Executive Security Advisor Limor Kessem joins this podcast episode to do just that — all in under 8 minutes!
Cybercrime attack patterns vary annually. In some years, malicious actors leverage similar threats worldwide. In others, they specialise based on geographic region. This year, Kessem asserts, it was the latter, with attackers “adapting schemes to local security landscapes.”
Kessem ranks increasingly sophisticated social engineering attacks as the top cyberthreat for 2018, followed by remote-access Trojans (RATs) used across Brazil and Japan to gain user account access. Last but not least, she highlights the refocusing efforts of cybercrime gangs. While these groups largely went after global targets with impunity in 2017, this year saw them focus on cryptocurrency theft, especially in the U.K.
Kessem’s prediction is simple: 2018 cybersecurity trends suggest that in 2019, “every organisation needs to focus on their security landscape and their geography.” Enterprises need to recognise who is attacking them and why they are attacking and create threat actor profiles to find ideal security controls for their specific needs.
In addition, Kessem points to the varying skill level of cybercriminals. She describes their expertise like a pyramid: At the bottom are unskilled attackers targeting enterprises in bulk with automated tools, in the middle are malicious actors with some technology knowledge and access to malware support networks, and at the top are sophisticated cybercrime groups.
Kessem’s advice is to watch out for the middle tier. These attackers often target banking data, finding success through collaboration with other groups and the use of social engineering tactics. Their priority is to “hack the humans,” which is far easier than defeating robust security controls.
With so many companies now prioritising digital transformation, bringing security into the process as early as possible. This allows security professionals to “collaborate with all teams, understand the risks and plan for proper security controls. The earlier these tools are introduced to the security environment, the better, since they will help build out user context, identify legitimate access and frustrate potential fraudsters.
The state of cybersecurity as we leave behind 2018 directly impacts the outlook for the coming year. In 2019, security and business must go hand in hand to protect critical data, empower digital transformation and drive better business outcomes.