Possible Challenges

Cybersecurity 2018 - Possible Challenges

In 2017, the ransomware attack WannaCry was only the tip of the iceberg and showed that cybercrime is not a fiction, but a real threat to businesses and organizations. In this year's January print edition of Chip – a German IT newspaper - the following number is mentioned: "Between September 2015 and 2017, the number of ramsomware attacks has increased by nearly 2000 percent."

In addition to the operational and economic damage for companies and institutions, the loss of customer confidence should not be underestimated.

The latter will be reinforced mainly by the many data leaks in 2017. You may also remember e.g. Uber, Yahoo or Equifax. Of particular note is Uber, which had to suffer a huge data loss of 57 million records.

At Rohde & Schwarz Cybersecurity, we are using the beginning of the year as an opportunity to make six security forecasts for 2018. At the end of this year, we will see if these predictions have come true.

Forecast 1: By the end of 2018, most websites will be protected by HTTPS

Websites that still use HTTP have long been considered unsecure. Nevertheless, some of these are still in use. Google Chrome marks all HTTP sites as insecure which contain input boxes to enter passwords or credit card information. It's only a matter of time before all HTTP sites are marked as unsafe.

For website operators, low-cost DV certificates are now available. Thus, the financial obstacle is no longer available. Conspicuous warnings from Google Chrome and Firefox on HTTP pages will also increase the acceptance rate of website operators.

Lancen Lachance, Vice President, IoT Business Unit at GlobalSign, Certification Body and Identity Services Provider: "Security is only about the weakest link, and with the widespread adoption of HTTPS, it's time to say goodbye to outdated protocols – including SSLv3 and earlier, and TLS 1.0, which have numerous vulnerabilities and should be found on all websites. Since TLS 1.2 is widely used and 1.3 "in the making", the older protocols will expire in 2018. Against this backdrop, I predict that the majority of sites will support TLS 1.2 by the end of 2018. TLS 1.0 and older protocols will nearly not be used anymore."

Despite all this: Since HTTPS only protects against man-in-the-middle attacks and cannot counteract drive-by downloads and advanced persistent threats, a secure browser is still necessary. Take a look at our solution Browser in the Box!

Forecast 2: IoT, Industry 4.0 and Co: The exploits will increase

The interconnectedness of cars, medical devices, production machines and kitchen appliances to the Internet will continue to make rapid progress this year.

The massive denial-of-service (DDoS) attacks in late 2016 and early 2017 have proven that devices with an Internet connection pose a major security threat. With billions of connected devices worldwide, it is very likely that a serious attack can take place. At this point it's clear that the security industry needs to get involved. IoT devices have a special production background: Unlike smartphones or tablets, IoT devices do not involve a team of developers who work on the security of those systems and, if in doubt, create patches when vulnerabilities occur. This is mainly because IoT appliances are typically produced at a low cost and low profit margin.

In the past, security was largely left to the market and software developers. That was not great, but it worked mostly because the effects were limited. But that will change because the attack surface and the resulting profit from criminal activity will steadily increase. Therefore, the security industry needs to take action and appropriate solutions. Especially when it comes to Industry 4.0!

Read more about Industry 4.0 and cybersecurity here on our website.

In addition, governments must introduce crucial regulations because the huge gap in security is no longer justifiable. In Europe, GDPR is the first step in this direction. If Europe begins enforcing cybersecurity regulations with penalties, we may find that IoT security improves.

Forecast 3: EU GDPR will keep companies busy - but at the same time, it is also an opportunity for the success of businesses

The two-year transitional period of the EU GDPR ends on May 25th, 2018. Already at the end of last year, organizations and companies have begun to move in order to prepare for this comprehensive ordinance. Certainly, some homework still has to be done until the law will take effect. The realization is increasingly seeping through that companies can be committed after 25 May 2018 to fines in seven- or eight-digit numbers. EU data protection officers may impose fines of up to 4% of a company's total annual profit or up to € 20 million, whichever is greater.

EU GDPR will not be completed once it is enforced. The whole thing is more a process that will continue to accompany us in the future. Thomas Ehrlich and Peter Schmitz of Security Insider: "The employment of personal data should be understood as an opportunity to generally deal with the data stored in the company and to ensure their long-term protection."

For the economy and ultimately for governments, this regulation can be seen as an opportunity. As already mentioned in the forecast about IoT, not only the security industry needs to increase the quality of the equipment. The government must also use regulations to encourage companies to ensure safety. The Internet is and will become the backbone of all business processes and critical infrastructures. It is not acceptable to treat this topic with neglect.

Preferably, Europe sets a trend for global data protection. While some countries may find it restrictive and damaging to the economy at first glance, hopefully the benefits will become clear: more data security and comprehensive IT security, ultimately leading to better protection against the ever-increasing level of cybercrime. The EU GDPR should not be understood as punitive or as punishment, but as a reminder that security is a key element. It is expected that more and more countries will be synchronizing their local laws with those of the EU.

Forecast 4: Meltdown and Specter - A blank sheet?

Vulnerabilities in processors called Meltdown and Specter can lead to the loss of passwords and sensitive data. As early as last June, Jann Horn - a research fellow on Google Project Zero - informed Intel, AMD and ARM about the vulnerability. At the beginning of January 2018, Meltdown and Specter became public. These affect almost all microprocessors. No attacks have been reported at this time. But is it all just a matter of time, will the blank page

The more complex attack Spectre will have a greater impact on the IT world. In addition, the industry has to choose between different options: either processes slow down, or they continue to be uncertain. A radical redesign of the basic CPU architecture might be necessary, comprising all compatibility and continuity implications.

Forecast 5: Negative security practices continue

Time and again, IT security experts and the trade press are warning about the following security practices:

  • Bad passwords
  • Missing patches
  • Outdated anti-virus software
  • Lack of supervision
  • Using vulnerable and legacy systems such as ColdFusion, Windows XP, outdated WordPress, and the like

However, even in 2018, it is highly unlikely that these topics will disappear. Additionally, there will be companies and organizations that continue to use obsolete technologies.

Prognosis 6: Ransomware attacks will continue to increase

Experts predict that attackers will increasingly use ransomware to extort victims and consequently double their profits in the form of the cryptocurrency Bitcoin.

"Between September 2015 and 2017, the number of ransomware attacks has risen by almost 2,000 percent." This isn’t a positive outlook for 2018. Businesses are investing more money in better protection, but this won’t be sufficient. Because the nature of the attacks will change and will be refined.

"The combination of more connected devices coupled with the now common availability of anonymous payment mechanisms has made large-scale cyberblackmail growth possible and lucrative," said Philip Reitinger, President and CEO of the Global Cyber Alliance. As outbreaks as WannaCry have shown, only a single piece of malware can have a devastating impact. "If a single malware threatens thousands or millions of businesses with a single click, then every business is a target for blackmail," says Reitinger.

"WannaCry could have been prevented if people just patched," says Avivah Litan, an analyst at Gartner. But companies are challenged by patch management. "Endpoint security is different than IT management," she says. This means that while it is easy to distribute systems, it is difficult to take maintenance systems offline or prioritize what needs to be patched.

To identify potential malicious software, you need good network analysis tools. Take a look here and find out more about our DPI solutions. Likewise, you need powerful firewalls and web application firewalls.

In order to properly protect your data in your respective storage systems, whether in the cloud or locally (the keyword here is data-at-rest), you need an appropriate solution. TrustedGate is the right solution when it comes to this matter. Here you can find more information.

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

I want to receive information from Rohde & Schwarz via

Marketing permission

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to news@rohde-schwarz.com. Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.