What cyber security trends should we anticipate in 2018?

As 2018 draws nearer, it can only mean one thing; New Year’s Resolutions are on the agenda!

Whether it’s starting the gym, consuming fewer alcoholic beverages, or even learning to play the Ukulele, we have the perfect New Year’s Resolution for you…To create a safer and more secure workplace.

2017 produced some notorious cyber security incidents, with organisations such as Uber, Equifax and the NHS all hitting news headlines for cyber related breaches. These victims manifest the vulnerabilities of cyber security amongst industry leading organisations, evidencing that no matter how big or small your organisation is, you are a target.

Cyber threats are not set to slow down, with the amount of attacks and breaches set to heighten throughout 2018.  In the build up to the new year, we’ve analysed some of the key cybersecurity trends to look out for and keep you and your organisation one step ahead.

1. Social engineering to persist

Social engineering won’t be slowing down anytime soon. Targeting human error has prevailed as an effortless and popular ploy for cyber criminals to fulfil their malicious acts.

There are currently 3.6 billion internet users worldwide, with this figure set to rise to 6 billion by 2022. This opens up a world of opportunities for cybercriminals to utilise social engineering practices, creating amplified insider threats and vulnerabilities for organisations.

The majority of cyber attacks involve individuals that are unaware of the issues relating to cyber security. Consequently, 2018 is likely to see a rise in investment in staff cyber security training, with organisations turning their focus to its people, as opposed to the technology.

2. Smishing on the rise

With the amount of time spent on mobile devices, it is of no surprise that mobile malware is on the rise. An average of 20 billion text message are sent daily, with more than 90% being opened within 3 seconds.

Smishing, a form of social engineering, uses SMS messaging sent to mobile handsets, usually containing suspicious links to try and obtain the recipient’s personal details and information.

In a recent report, mobile ransomware attacks increased by 253% in Q1 of 2017, with 218,625 mobile ransomware files being detected compared to just 61,832 in the previous quarter. 86% of these mobile attacks were in the form of the ‘Congur’ family of ransomware which resets or sets the device password, enabling unauthorised access to the device.

Expect to see mobile ransomware continue to rise throughout 2018, and make sure that you are checking any suspicious SMS messages cautiously.

3. Increased vulnerabilities to the Internet of Things

Although 87% of people have never heard of the Internet of Things, there are currently around 4.9 billion devices connected to the IoT with this figure set to rise to 50 billion by 2020. The Internet of Things refers to a network of connected objects that are able to collect and exchange data through embedded sensors, without the need for human to human or human to computer interaction.

The shift towards having everything attached within the Internet of things (IoT) presents extensive vulnerabilities within given networks. The increasing presence of communication endpoints, connections and burden of connectivity, means both systems and end users will need to improve IoT security levels.

With the IoT recently accomplishing substantial developments and increasing utilisation, it is expected that cyber criminals will target the systems harder, inevitably leading to increased attacks across IoT systems. The intentions and objectives of IoT attacks are due to see a shift to financial accomplishments, as opposed to intentions of causing social or political damages.

For 2018, expect to see a rise in news headlines relating to IoT system breaches and the vulnerabilities of IoT systems.

4. Facial recognition to progress

As technology develops there is a constant phenomenon of how identity authentication can be made more simplistic, convenient, yet maintain high levels of security.

Recently, technology giant Apple released their latest smartphone, providing 3D facial recognition capabilities that allows users to unlock their device and authorise payment through facial identification.

Despite facial recognition not having the levels of accuracy and assurance necessary to be used for publicly trusted digital signing, it is likely that the technology will grow in utilisation for simple authentication verifications throughout 2018. Using digital or connected cameras, facial identification has the potential to be recognised as a corresponding face-to-face identity verification procedure alternative.

Forbes predicts that by 2019 the use of passwords in medium-risk use cases will drop by up to 55% following the introduction of recognition technologies.


One of the most anticipated amendments for 2018 is the introduction of GDPR.

As of 25th May 2018, data protection regulation will experience one of its most extensive modernisations. The new legislation is set to bring data protection into the new digital era by including information such as IP addresses under the banner of ‘personal data’ and giving more rights to individuals regarding their own data.

One of the more headline-grabbing enforcements of GDPR is the manner in which data is held. Organisations will have to update their emailing lists to ensure that the data they hold is in line with the new GDPR. Consequently, individuals will have to provide consent for their information to be used for any marketing purposes, meaning less of the ‘Opting Out’ and more of the ‘Opting In’.

It is predicted that small and medium sized businesses (SMEs) are most likely to be affected by the new regulation, with businesses lacking security practices not being able to detect and respond to complex challenges within the guidelines of GDPR.

However, it is important to stress that if you are following the Data Protection Act currently, GDPR will not be the radical change that many people are making it out to be. The ICO has stressed that GDPR is “evolution, not revolution.”

Please follow and like us: