Trend Micro has warned that ransomware will continue to be the leading cybersecurity threat in 2018, following a sharp rise in ransom malware last year.
The security company said that there is need for more security planning and employee education and awareness around ransomware as threats continue to rise.
Ransomware tops Trend's list of security predictions for 2018, followed by business email compromise. The company said that BEC attacks currently represent one of the most pressing threats for enterprises, with employees from across the business being targeted with sophisticated, legitimate-looking emails. The FBI reported that BEC scams have cost companies $5.3 billion and losses are expected to increase as BEC schemes continue to be leveraged by attackers.
Threats to supply chain security are the third most dangerous threat, and enterprise will have to be particularly vigilant when it comes to bridging gaps in supply chain security in order to maintain beneficial relationships with suppliers, partners and customers. Hackers are also expected to ramp up the availability and deployment of Crime-as-a-Service systems which provide cyber attacks on demand. The information Security Forum (IFS) found that 2017 experienced a considerable increase in cybercrime due to Crime-as-a-Service, and that this trend will continue in the months to come.
Last in the top five threats for 2018 is lack of employee awareness and training. Trend said that employees are still the weak link in enterprise security, particularly when users are faced with more sophisticated phishing and social engineering techniques. Proper training and awareness is necessary to prevent this security gap from widening and giving hackers a route to exploit and breach the company.
Other notable threat factors in 2018 are likely to be increasing sophistication of new threats, with a high incidence of new vulnerabilities being uncovered in 2017, a greater incidence of hackers exploiting those vulnerabilities before they are detected by researchers and software vendors. Connected devices, IoT and mobile devices will also increasingly become an attack vector for hackers, particularly as connected devices gain adoption in areas such as industrial environment and personal mobiles are used for access to business applications.