KnowBe4: “Six Cybersecurity Trends Organisations Need to Watch for in 2018”

Share Article

New-school security awareness training company ID’s phishing, social engineering and ransomware trends as continuing to get worse in 2018

KnowBe4 CEO makes predictions for 2018

KnowBe4 CEO Stu Sjouwerman

I’d love to say that 2018 is going to be a lighter year in terms of cyberattacks and threats, but no one can afford to be that naïve,--Stu Sjouwerman, CEO KnowBe4

KnowBe4, Inc., the provider of the world’s most popular security awareness training and simulated phishing platform, shares an insider’s perspective of cybersecurity trends to expect in 2018. The list of six predictions are founded on the company’s deep insight into threats that organisations experience today and should expect tomorrow.

“I’d love to say that 2018 is going to be a lighter year in terms of cyberattacks and threats, but no one can afford to be that naïve,” said Stu Sjouwerman, KnowBe4 Founder and CEO. “The truth of the matter is that today’s world simply lives on digital data which means there is more and more for bad guys to try to steal. From our vantage point of watching how cybercriminals work and constantly “upgrade” their attacks, we felt it was important to share what we anticipate will happen in 2018. That allows organisations to prepare themselves and train their workforce to make smarter security decisions and create a human firewall as an effective last line of defence when all security software fails.”

KnowBe4 2018 cybersecurity predictions include:

1.    Exponential growth of the ransomware plague, especially the “as-a-service” strains. The massive ransomware attacks of 2017 aren’t going anywhere. Instead, they will grow exponentially and mutate to gain further traction. We’ll see a rise in ransomware attacks that also exfiltrate data, allowing cybercriminals a second way to ransom data through the threat of exposure. Additionally, ransomware-as-a service will continue to grow and will be the source of a significant percentage of attacks. Custom-made ransomware attacks will be reserved only for very high-value targets.

2.    Hybrid attacks will be used to distract organisations. We saw it happen in Ukraine last month when Bad Rabbit ransomware served as an obvious and intrusive attack while, simultaneously, a silent, hidden spear phishing campaign was carried out. We will see this as a new criminal modus operandi through 2018; ransomware infections will be used as a distraction, so the bad guys can accomplish their other more devious goals. Additionally, we should expect to see an increase in multi-vector social engineering attacks leveraging ‘smishing’ (text) and ‘vishing’ (voice) along with traditional phishing (email) social engineering techniques.

3.    Automation makes detecting attacks harder. Phishing bots and intelligent scraping of social media and the Dark Web will make automated spear phishing a very real, very hard-to-identify problem. The amount of data stolen in mega breaches over the past year—especially Equifax—makes it easy to automate mass spear phishing emails that are both highly detailed and very effective social engineering attacks.

4.    Extortion scams will have a long tail. It’s bad enough to have your data held hostage until you pay a ransom 48 or 72 hours later. As we move into 2018, scams are going to extend that timeline, creating long-term or lingering extortion situations that are an ongoing nightmare for organisations and individual internet users alike. An example of this would be a ransomware attack that demands nude photos of the victim as “payment”, opening the door for continued blackmail.

5.    Search result tampering will drive users to compromised websites. Whether you call it search “tampering” or “poisoning”, 2018 will see an increase in search results that route users to compromised sites which exploit bugs in the workstation’s software, resulting in a complete take-over of their computer. Users will have to be particularly vigilant if they work in regulated industries such as Financial Services, Insurance and Healthcare, where personal identifiable information abounds.

6.    Blame-ware and “False Flag” operations will increase. Due to the recent European Union’s declaration that a cyberattack is an act of war, we’ll see more cyber propaganda operations that are engineered to spark conflict between countries, undermine democracies, and destabilise trust globally, making attribution very hard to determine.

Organisations that are not yet leveraging KnowBe4 to train their workforce to make smarter security decisions and create a human firewall as an effective last line of defence can download a number of free tools at http://www.knowbe4.com to test their users and their network.

Live Webinar Thursday November 16th at 2pm EST

In addition, KnowBe4 is hosting a live webinar to dive further into what’s in store for 2018:
Title: “Phishing and Social Engineering in 2018: Is the Worst Yet to Come?”
Date & Time: Thursday, November 16th at 2pm EST
To Register: https://register.gotowebinar.com/register/4082941158725766914

About KnowBe4
KnowBe4, provider of the world’s most popular integrated new-school security awareness training and simulated phishing platform, is used by more than 14,000 organisations worldwide. Founded by data- and IT-security expert Stu Sjouwerman, with backing from Elephant Partners and Goldman Sachs Growth Equity, KnowBe4 helps organisations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new-school approach to security awareness training. Kevin Mitnick, internationally recognised computer-security expert and KnowBe4’s Chief Hacking Officer, helped design KnowBe4’s training based on his well-documented social engineering tactics. Thousands of organisations leverage KnowBe4 to train their workforce to make smarter security decisions and create a human firewall as an effective last line of defence.

KnowBe4 is ranked #231 on the 2017 Inc. 500 list, #70 on Deloitte’s 2017 Technology Fast 500 and #6 in Cybersecurity Ventures Cybersecurity 500. KnowBe4 is headquartered in Tampa Bay, Florida with European offices in in London and Amsterdam. For more info, visit http://www.knowbe4.com and follow Stu on Twitter at @StuAllard.

KnowBe4 Contact:

Paula Averley
Origin Communications for KnowBe4

M: +44 (0) 77 6625 7776 | T: +44 (0) 20 3814 2941

E: paula(at)origincomms(dot)com | S: paula.averley.origin | TW: @paverley

W: origincomms.com

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Kathy Wattman
KnowBe4
+1 8183980179
Email >
Visit website