According to the 2018 Thales Data Threat Report, which was compiled based on responses from over 1,200 senior security executives, 46% of U.S. companies experienced a data breach last year, nearly double the amount reported in 2016. After analyzing cybersecurity predictions and reports by CSO, MIT’s Technology Review, Infosecurity, Thales Security and 451 Research, we’ve compiled what we consider the top five threats to data security that cybersecurity professionals should monitor in 2018.
Source: 2018 Thales Data Threat Report
1. Complexity
The 2018 Thales Data Threat Report compiled in conjunction with 451 Research found the top barrier to adopting data security is complexity. This is a result of the wide adoption of multi-cloud infrastructure strategies and cloud-based business applications. The survey found that 84% of the 1,200 respondents are using more than one IaaS vendor (with 15% using more than five) and 34% are using over 50 SaaS applications. According to the survey, encryption and tokenization are currently the most commonly implemented security measures for protecting data in multi-cloud environments.
Source: 2018 Thales Data Threat Report
2. Jumping the Gun
Many companies have jumped the gun when it comes to deploying new technologies, and they will continue to do so. Companies employ and deploy new technologies as early as possible in order to remain competitive and to begin turning a profit, and they do so without a full analysis of the security vulnerabilities these new technologies pose. Two-thirds of respondents to the Thales/451 Research survey said organizations are deploying new technologies, such as IoT, blockchain or cloud before being able to secure them. “63% of survey respondents in 2017 said their organizations were deploying one or more of these nascent technologies ahead of their organization’s ability to properly secure them.” As long as companies put immediate profit ahead of security, they are leaving themselves and their customers vulnerable.
3. Large-Scale Data Breaches
MIT’s Technology Review and Infosecurity Magazine both predict that large-scale data breaches, such as those endured by Equifax and Verizon, will continue in 2018. CSO reported the average cost of a data breach in the U.S. in 2017 was $7.3 million. (To see how much it would cost your business, use IBM’s data breach calculator.) MIT’s Technology Review quotes cybersecurity expert Marc Goodman in saying that other types of companies that hold massive amounts of data, but are less regulated, are likely to become targets this year. These include search engines or other types of apps that hold personal browsing information. With a combination of personal identification information and browsing habits, hackers could build comprehensive profiles on individuals.
4. Hijacking for Mining
The same Technology Review article mentions another noteworthy threat that will likely gain traction in 2018 — the hijacking of processing power for cryptocurrency mining. The article notes a couple of recent examples where miners hijacked computers on a Starbuck’s network and computers from a Russian pipeline company to use them for mining. Miner-hackers are likely to start targeting companies and organizations that have significant processing power. The scariest scenario is if these miners were to hack into hospitals or airports to harness processing power, exhausting resources and leaving them unable to conduct mission critical operations.
5. Using AI for Sophisticated Attacks
While AI and machine learning mean advancements in data security, they also mean more sophisticated cyberattacks. The Thales Data Threat Report, mentions malicious self-learning attacks such as hivenets and swarmbots, which are, “potentially massively scalable and much more damaging than botnets, able to control an attack without the central command control instruction that standard botnets require.”
Like all technologies, AI and machine learning will be used for altruistic endeavors as well as self-serving and malicious ones. However, respondents surveyed for the Thales report were more optimistic than pessimistic, with around 65% saying these technologies increase data security by recognizing attacks while just 43% feel this will result in increased threats due to use by hackers.
