The State of Cybersecurity in 2018

We’re still at the front end of 2018, and there’s already been a major security threat exposed. It affects most computers built in the last 20 years, and it’s very scary.

That makes it an appropriate time to broaden the discussion to the larger issue of cybersecurity threats facing us in the new year, and where we might be the most vulnerable.

A recent article in the MIT Technology Review does just that, and it’s worth an examination. The article lists six of the top threats facing organizations now, and is a useful overview of the state of the IT security industry. Here are some of the main takeaways I got from it.

First, cloud companies are becoming more vulnerable to ransomware as they get more popular. “One big target in 2018 will be cloud computing businesses, which house mountains of data for companies,” the article states. It goes on to say that the big guns like Google, Amazon and IBM may be less susceptible, while smaller companies are more at risk.

First of all, I’m not so sure that the bigger players – a list that should have included Microsoft, the clear No. 2 vendor in the public space – are especially secure. True, they have more folks devoted to cybersecurity, but they also have massive footprints with lots of attack vectors. But the overall point is true: that as more data is put in the cloud, the risk goes up. The environment is much more target-rich than in the past. And the WannaCry ransomware virus proved incredibly potent and disruptive, offering a kind of proof-of-concept study for the bad guys. (Scott Lowe wrote about ransomware and the issue of liability last year.)

Another interesting nugget in the article was the explosion of cryptocurrency and what it could mean for security. The aspect of this that hasn’t been heavily explored is the stealing of compute power for cryptocurrency mining operations. Turning your network into a army of zombie computers doing the work of hackers is something every admin should be worried about. Keep an eye on those performance and usage metrics; if you’re seeing spikes that shouldn’t be there given normal workloads, it may be a signal that you’ve been enlisted by the hacker’s botnet.

The final thing that caught my eye as especially relevant as we move forward is a new set of security regulations that are likely to have a massive effect on companies. “On May 25, the General Data Protection Regulation will come into effect in Europe,” the article reminds us.

The General Data Protection Regulation, or GDPR, is almost here. Forbes calls it “… the most important change in data privacy regulation in 20 years.” The GDPR affects business that store or process data; in other words, most businesses. How many of those companies are ready for it is an open question, but if your company falls under the GDPR, and you haven’t yet figured out how you’ll bring your data into compliance, you’re very late to the game. It’s time to get this set up now; May will be here before you know it.