Today in the Evolve IT Lab, Lachie sits down with Ben from Sophos and discusses some of the cybersecurity predictions for 2018. In 2017 we had such a big year in cybersecurity with: increased phishing, identity theft, and ransomware.
Lachie: Good day guys and welcome back to the "Evolve IT Lab." My name is Lachie and we've got Ben back from SOPHOS. Welcome, Ben.
Ben: Thanks for having me again.
Lachie: Guys, today we're going to be talking about 2018 predictions for cybersecurity and Ben is here to help us with that. Obviously 2017 was a massive year for cybercrime, they earned a lot of money, but what are some of the predictions for 2018, Ben.
Ben: Absolutely. So, I guess it's good to know that at the end of every year we have a look at what we've seen in the labs and the trends that we are seeing and then try and predict what we are going to see in 2018. It is a really really difficult task. We are expecting to see more ransomware. Ransomware is everywhere and it's making people a lot of money, and it's really really easy to do.
One of the sad things I guess is it's become so easy to become a ransomware author essentially. You can jump online with a prepaid credit card and start a ransomware campaign. It's the same with, like, phishing as a service. It's again really really easy to do. Download a targeted list and start spamming people with really, really nicely crafted emails.
On top of that as well we are expecting to see a lot more DIY kits. So we've seen the success for ransomware as a service and phishing as a service. We are expecting to see more DIY kits. So just let the bad guys make money by selling their skills as a service essentially.
Lachie: Wow. Really freelancing some of their skills.
Ben: Absolutely. And on top of that as well, one thing that nobody saw coming was the cryptocurrency mining. It's everywhere at the moment. So I haven't seen any hard figures on how it's grown but based on the reports we are seeing online, if you have a look on on Twitter and a few online forums and things like that, people are going crazy about this crypto mining.
Lachie: Yeah, right. Well, it's worth a lot of money now. I suppose the market crashes and rises within hours, but it is very popular.
Ben: Absolutely. The other thing is, too, they're not just, say, trying to mine Bitcoin. They are looking at these new cryptocurrencies that are really really easy to mine, then using that to then, say, go and buy Bitcoin.
Lachie: Yeah, right. Wow. What are some of the things people can do to help build their cybersecurity up for some of the predictions that could happen?
Ben: Absolutely. So always antivirus. There are people out there who say antivirus is dead but it stops a lot of malware and and we've got the telemetry to prove that, but antivirus and firewall, and turning on your firewall as well. A lot of people turn off their home firewall on each device. That should always be on. It's really just following the basics, implementing password managers and things like that as well.
Lachie: Yeah, right. And maybe also implementing an education strategy for your employees and everything as well.
Ben: Absolutely. We've seen a rising popularity of phishing your internal users as well, so actually going out to users to say, "Here is a phishing campaign, who can actually spot the phish, who's going to fail the test, who's going to sacrifice credentials, who's going to download a potentially malicious attachment?" So those kinds of awareness trainings that are quite interactive are becoming very popular.
Lachie: That's a really cool idea to actually send a phishing email out and see who clicks on it, and then maybe educate those people that do click on it.
Ben: Absolutely, yep.
Lachie: Fantastic idea. All right, Ben. Well, thank you very much.
Ben: No worries. A pleasure to be here.
Lachie: And thank you everyone. We'll see you next time.