1. Viruses will become smarter and have more impact.
Ransomware, zombies, phishing payloads and other malware will use artificial intelligence to make decisions once they penetrate defenses. New, sophisticated "fileless" malware can run only in memory (RAM) and uses Windows registry entries instead of writing files to hard drives.
What you can do: Add another layer of protection with a second, advanced antivirus program.
2. Major breaches of millions of records will continue.
Hundreds of millions of records on containing private information were stolen through security holes at major corporations and organizations in 2017. Watch for more of these in 2018.
What you can do: Use different passwords for every account you have. Store them safely in a password service like LastPass. Thieves who steal your information from one account will use your email address and password (and password variations) to break into other, more sensitive accounts.
3. Attacks that defeat biometric security will make the news.
New smartphones, tablets and laptops allow you to rely on a fingerprint swipe or facial recognition to unlock your device. Hackers are hard at work on methods to break these security technologies.
What you can do: I don't expect widespread incidents of defeatng fingerprint and face locks. If you use them, keep an eye on the latest news and an eye on your devices.
4. Widespread worms will attack mobile phones with ransomware.
Thieves use text messages to trick people into opening links or viewing photos on smartphones. As a result, your phone can be locked up by ransomware that demands payment for an unlock password.
What you can do: Run a security app on your phone.
5. Ransomware will mutate and spread more rapidly.
This year I expect ransomware to become more effective and much more frequent. Criminals made escalating profits using ransomware in 2017. They'll want more. Ransomware kits - Ransomeware as a Service (RaaS) - let inexperienced thieves get started. New strains will attack Windows Remote Desktop Servers via brute force password cracking techniques. Timebomb variants will gradually encrypt files over time so that a simple restore from yesterday's backup won't bring back all your files. Network-aware ransomware will seek out and lock up backup files stored on NAS boxes and other network drives.
What you can do: Make sure you keep multiple days of backups that ransomware cannot reach. Cloud backups, properly designed, fit this bill. For onsite backups, make sure your NAS devices and network backup drives are effectively invisible to malware.
6. More threats of leaking stolen secrets will be used for extortion.
Hackers will use a variety of attacks to penetrate firewalls and steal valuable materials including unreleased movies, sensitive client documents, photographs and financial data. They will extort money based on threats of publishing these private materials.
What you can do: Big companies are not the only targets. Medium and small law firms are seen as easy targets. They stored highly confidential information and typically don't employ advanced cybersecurity defense. Subscribe to a cybersecurity service that blocks suspicious uploads to the internet.
The continuing advance of security threats can trigger a "head in sand" approach: "It won't happen to me." I sincerely hope it won't. Take action on what you can do about these threats! You will be much more likely to avoid the consequences of ever-evolving efforts of cyber-criminals.