Leading cyber-security solutions provider Trend Micro Inc. has warned of the further proliferation of digital extortion, business e-mail hacking and fake news in the coming year, escalating business risks in an interconnected world.
In a report titled “Paradigm Shifts: Trend Micro Security Predictions for 2018,” Trend Micro predicted losses from business e-mail compromise to exceed $9 billion globally next year.
“Not only will enterprises be riddled with vulnerabilities, but loopholes in internal processes will also be abused for production sabotage,” the research said.
Fake news are seen to aggravate risks faced by enterprises as these can be used to damage the reputation of companies for competitive purposes.
“In today’s increasingly interconnected environments, users and enterprises in the Philippines stand as vulnerable as the rest of the world to different forms of cybercrime,” said Myla Pilao, director for technology marketing at Trend Micro.
Digital extortion is seen to define most cybercriminals’ business model and pave the way for new schemes. Vulnerabilities in internet of things (IoT) devices such as drones, wearables and medical devices are seen to expand the attackers’ ground.
“Cybercriminals have been resorting to using compelling data as a weapon for coercing victims into paying up. With ransomware-as-a-service (RaaS) still being offered in underground forums, along with bitcoin as a secure method to collect ransom, cybercriminals are being all the more drawn to the business model,” the report said.
Attackers are seen continuing to rely on phishing campaigns where e-mails with ransomware payload are delivered en masse to ensure a percentage of affected users. They are also projected to go for the bigger buck by targeting a single organization, possibly in an industrial IoT environment, for a ransomware attack that will disrupt the operations and affect the production line.
As such, machine learning and blockchain technologies are seen to bring benefits as well as pitfalls to enterprises. A blockchain is a digitized, decentralized, public ledger of all cryptocurrency transactions. New transactions are added to the ledger in chronological order, allowing market participants to keep track of digital currency transactions without central recordkeeping. Machine learning, in particular, can enhance security solutions but comes with blind spots that cybercriminals will exploit at an increased rate, the report added.
On the regulatory front, Trend Micro expects companies to take definitive actions to comply with the European Union’s General Data Protection Regulation (GDPR) only when the first high-profile lawsuit is filed. GDPR is designed to harmonize data privacy laws across Europe to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.