Information Security Trends and Problems in 2018
Cybercrime creates a lot of problems to ordinary users, but it also creates new jobs. According to the forecast of Cybersecurity Ventures 3.5 million new jobs will appear in the infosec sector within the next four years. It is 3.5 times more vacancies than we have now.
The security industry is experiencing a real boom. For example, in the US, the number of InfoSec vacancies increased from 209K to 350K or 67% in 2015-2017. Similar processes are taking place in other countries. Information security is definitely on the rise. Companies around the world spent $86.4 billion on information security in 2017.
But this coin has two sides. The above statistics do not mean that devices and networks will become safer and better protected, possibly vice versa. Every day, the information security industry tries to fight new threats. The number of hackers, cybercrime, malware, espionage, and data breaches is growing much faster than the number of "defenders" from the InfoSec side. Not to mention the fact that the technical qualifications of black-hat hackers often exceed the qualifications of those security professionals who study computer security at the university. Hackers creatively use new technologies and constantly come up with new attacks vectors.
What problems will IT security specialists face in the near future?
Bellow is a list of five issues and trends in information security that can be expected in 2018.
Extortion viruses are still one of the fastest growing areas of cybercrime. The number of attacks in 2017 increased by 36% and the damage from them has doubled. Experts do not predict a decrease in their activity, attacks will only increase.
Unfortunately, many companies still do not envisage the worst-case scenario. 20% of companies do not have a disaster recovery plan at all and do not make data backups on regular basis. In case of infection, they are going to lose all their data, applications, customer information, etc. They will actually have one way out - to pay the attackers and hope to get the working keys that will decrypt their valuable data.
Apart from data encrypting malware, cyber criminals launch DDoS for ransom campaigns knocking off victims' websites until they pay.
AI to defend against attacks
One of the most promising protection strategies is the usage of data mining and self-learning systems that are basically Artificial Intelligence applications.
Statista has compiled a table of the most promising AI development vectors. The "Prospectivity" in this case is determined by the volume of investments that companies have already made and plan to make in various spheres of AI by 2025.
The total investment amount across all areas of weak AI is estimated at $48.5 billion. The most promising areas are the recognition of static images, algorithmic trading, and data management in healthcare. But this list also includes "Prevention against cybersecurity threats." $2.47 billion will be spent on the development of such systems, according to the forecast. This is a considerable amount.
Traditionally, information security specialists react to attacks post factum. Automatic systems of the new generation will be able to analyze traffic and logs in real time. Theoretically, malicious programs should be blocked before they are uploaded to the server.
Of course, it is impossible to achieve the best result without the participation of a human being. The AI system is only an auxiliary tool here. Its effectiveness depends on the qualifications of the specialists who set up the system, monitor its work, and analyze the results.
Threats to the Internet of Things
The number of gadgets in the possession of people is constantly and rapidly growing. Almost every household has several smartphones and tablets, one or more computers, an Internet-connected TV or a streaming media device.
And this is only the beginning. Voice assistants that employ speech recognition like Amazon Echo or Google Home are becoming more and more popular. Such devices can order a pizza, call a taxi, play music, tell you the news, inform about the weather or traffic conditions. Even refrigerators become "smart" and can order fresh milk if it expires.
The problem is that almost all new types of IoT devices are usually worse protected from hacking than conventional computers. A few years ago, HP's research revealed that 70% of IoT devices have serious security problems. The situation has not changed much since then.
The blockchain revolution
Despite the recent price drop of popular coins like Bitcoin and Ethereum, cryptocurrencies became the main event of 2017.
Blockchain - a decentralized and secure transaction record can be used in various areas of information technology. What does this mean for information security? Experts do not answer this question clearly, but they make some assumptions. Most likely, private companies will start using blockchains to keep various records. They will combine these systems with existing solutions in the field of information security. For example, these can be decentralized access control systems and user identification management.
Another example is a decentralized threat intelligence platform based on blockchain technology. Such systems may offer threat detection in real-time. Small vendors, big enterprises, and security experts develop and improve antivirus engines that work independently and compete with each other in detecting new threats and risks.
Maybe companies will come up with other applications. In any case, the information security systems are likely to change with the wide adoption of the blockchain technology.
Vulnerabilities of serverless applications
Experts believe that confidential information is at greatest risk if it is stored not on the server, but on users' personal computers. Servers are usually better protected than serverless applications.
According to Statista, the most common use cases for serverless applications are as follows:
- Web services - 65%
- Data processing - 34%
- Internet tools - 28%
- Internet of Things - 23%
- Chat-bots - 23%
- Other - 33%
Cybercriminals are becoming more and more resourceful and smart every year. This means that the information security specialists cannot relax. They constantly must develop new protective mechanisms in this endless struggle. In 2018, experts predict the emergence of new extortion viruses, attacks on the IoT infrastructure and on serverless applications. They also predict the increased usage of AI systems and blockchain in the field of cybersecurity. Let's see how justified these forecasts are.