Cybersecurity trends 2018: Cyberattacks will continue to surge

Cybersecurity trends 2018: Cyberattacks will continue to surge

To predict what will happen in 2018, let’s take a look at what happened in 2017. In the first six months of 2017 alone:

  • There were 918 data breaches that compromised 1.9 billion data records in the first six months of 2017, which is an increase of 164% compared to 2016.
  • Of these 918 breaches, 500 breaches had an unknown number of compromised records, while 22 of the largest data breaches involved more than one million compromised records.
  • Almost 2 billion data records around the world were lost or stolen by cyberattacks in the first half of 2017 and the number of breaches reported by companies looks set to rise.
  • Governments around the world are introducing legislation that will force more companies to disclose data breaches.

Take a look at just a few of our top predictions for cybersecurity trends in 2018:

Companies will feel more pressure to be transparent and reveal data breaches

New regulations such as the U.K. data protection bill, the European Union’s General Data Protection Regulation (GDPR), and Australia’s Privacy Amendment (Notifiable Data Breaches) Act are set to come into force in the coming months and years and will push firms to disclose hacks and security breaches.

Hackers will move to more profitable targets

The hope is that the profitability of traditional ransomware will decline as cyber risk protection, user training, and corporate cybersecurity strategies improve. This means, however, that hackers will move to more profitable targets like high net-worth individuals, connected devices, and businesses, according to McAfee’s Threat Predictions Report. 

There is no easy fix for cybersecurity. It’s important to create a “Zero Trust” mindset in your organization – including all employees, contractors, board members, and C-suite members – that hackers are constantly trying to access your data. It’s important to be vigilant. A dedicated, well-financed actor who is after something in your enterprise is going to get it, even if they use the weakest link–people–to do so. This means adapting your security setup to focus on detection, response, and remediation.

Companies will be judged based on their Cyber Score

After the largely publicized breaches in 2017, consumers and organizations alike will lean on a company’s cybers score to determine its security posture. According to TechRepublic, “Historically, organizations would go to credit rating agencies and find out the creditworthiness of their partner, but now that companies are handing out data to their partners, they need to understand what their posture is. For example, FICO offers an Enterprise Security Score for an objective measure of cybersecurity risk.

Tools like Artificial Intelligence (AI) and machine learning will become mainstream

Changes in cybersecurity will require new types of skills in data science and analytics. The general increase in information will mean artificial security intelligence is necessary. Adaptive skills will be key for the next phase of cybersecurity. The battle with hackers moves fast, so AI and machine learning can predict and accurately identify attacks quickly. See how Cybriant is using machine learning to protect our clients. 

Cybersecurity skills shortage will continue

If the trend continues as it is today, we have a global shortage of two million cybersecurity professionals, “The fastest growing job with a huge skills gap.” Security Analysts are the blockers or tacklers of cybersecurity. Many companies are finding ways to automate and outsource this skill. Cybriant has the best of the best when it comes to Security Analysts.

Here are a few trends that we hope will happen:

Companies will develop a common cybersecurity foundation

The government, cybersecurity experts, and many organizations are coming together to develop a common language around cybersecurity, NIST Cybersecurity Framework. This is a set of broad guidelines that will provide a secure foundation that will then allow you to refine based on your business functions, systems, and operating environment. Cybriant can help you develop this foundation to arrive at the right blend for your organization. Together, we will consider any regulations, emerging threats, new and legacy technologies, and systems, in addition to your business goals.

Managed Patching

Many data breaches in 20107 were the result of forgotten/failed/slow patches. This is an often ignored problem that has reaped a lot of damage in the past.Cybriant offers a patch management service which includes detecting and deploying missing patches on your system. This service will simplify patch management across your organization—even on remote and mobile endpoints.

Continuous Monitoring

Too often, companies think that security is a ‘set it and forget it’ operation. Your work is never done when it comes to cybersecurity because things change. You might adopt a new system, integrate a new third-party service, or change your business goals. To comply with your legal requirements, you need to be up to date with the latest regulations. And all the while, new software vulnerabilities are being discovered, and hackers are probing your defenses and developing new techniques to gain entry. This is where Cybriant comes in – read more about our continuous monitoring solution. 

Let's Talk

In The News: Cybriant’s PREtect Combines People, Processes And Technologies To Deliver An Effective Cyber-Security Program

In The News: Cybriant’s PREtect Combines People, Processes And Technologies To Deliver An Effective Cyber-Security Program

Cybriant CTO, Andrew Hamilton, was recently interviewed about PREtect. Read the full article here.

UPDATE: PREtect has been rebranded to CybriantXDR. Read more here: https://cybriant.com/cybriant-xdr/

Cybriant’s PREtect Combines People, Processes, And Technologies To Deliver An Effective Cyber-Security Program

Cybriant provides cyber risk management and cybersecurity services to companies of any size. They have recently released a new PREtect product suite, an integrated stack of managed security services designed to reduce exposure to the most common and voluminous cyber threats. The PREtect service provides a comprehensive solution incorporating people, processes, and technologies to deliver a solid foundation for an effective cyber risk management program in an affordable manner.

Below is our interview with Andrew Hamilton, CTO at Cybriant:


Q: What was your inspiration for creating PREtect?

A: Over and over, even in the most resourced enterprises, we see security failures arising from what we dub poor environmental hygiene; unpatched systems, poorly informed personnel, slow response to known vulnerabilities. The Equifax breach and the Wannacry attack are two classic examples of the consequences of these failures, and the type of incidents PREtect is designed to thwart.

PREtect accomplishes this by addressing five key fundamental elements. Continuous training of employees to strengthen awareness and skills in identifying malicious behavior. Continuous vulnerability management to minimize the time to discovery of technical vulnerabilities within the environment. Consistent patch management to responsively eliminate technical vulnerabilities once they are identified. Continuous monitoring and management of endpoint security to stop attacks from spreading to the enterprise. Vigilant security monitoring of critical assets to detect persistent threat actors before they can do harm. Combined and effectively performed, these services can greatly shrink the threat landscape any and every business faces.

Cybriant PretectRecommended: Premier Legal Marketing: On The Cutting-Edge Of Any New Technologies To Help Law Firms Grow

Q: Who is your ideal client and why?

A: Any company that is connected to the internet and needs to properly implement a cyber risk management program, or at minimum reduce its risk of becoming the victim of an attack.

Cybriant_ProcessRecommended: QuanticMind Raises $20M Series B Funding To Fuel Its Product Development In The Future

Q: What size business could benefit from PREtect?

A: Business size is somewhat inconsequential. The question is how can a business most effectively and affordably address this business need? For most businesses utilizing a service delivered by experienced professionals will be more functionally effective, and will cost less in time and money then trying to build, manage, and maintain these capabilities in-house.

Find out more about PREtect: https://www.cybriant.com/pretect/


Cybriant announces PREtect®; New Integrated Cyber Risk Management Service

Cybriant announces PREtect®; New Integrated Cyber Risk Management Service

UPDATE: PREtect has been rebranded to CybriantXDR. Read more here: https://cybriant.com/cybriant-xdr/


Five essential cyber risk management services integrated into an affordable, flexible, subscription-based model


Alpharetta, GA – November 15, 2017 – Cybriant, a leader in cybersecurity services, today announced an integrated service offering called PREtect.  PREtect managed security services are designed to optimize the protection of data assets and the detection of malicious events by addressing the most common vulnerabilities in the enterprise.

“As we see in many highly publicized breaches, most result from the poor practice of fundamental processes or poor response to identified vulnerabilities.  Pretect is designed to address these weaknesses,” said Jeff Uhlich, CEO of Cybriant. “The integration of these practices and technologies in the hands of experienced professionals can deliver more responsive functional value to organizations.  Especially those with limited technical or security resources.”

Utilizing leading technologies and seasoned security expertise, Cybriant delivers an affordable solution which addresses the most common yet challenging structural and operational security vulnerabilities. These services harden client computing environments and help reduce the risk of loss due to breach.  PREtect ensures a sound security posture as well as compliance with government regulations and industry best practices for effective information security.

PREtect integrated managed services include:

  • Security Awareness Training
  • Real-time Vulnerability Management
  • Responsive Patch Management
  • Endpoint Detection and Response
  • 24×7 SIEM with Security Monitoring

Cybriant offers these services individually but recognized the enhanced value both in performance and cost efficiency an integrated stack of these services could provide its clients. To learn more about Cybriant PREtect and for pricing information, please go to www.cybriant.com/pretect.


About Cybriant

Cybriant assists companies in making informed business decisions and sustaining effectiveness in the design, implementation, and operation of their cyber risk management programs. We deliver a comprehensive and customizable set of strategic and adaptive cybersecurity services which address the entire security landscape. These services include assessment and planning, testing and hunting, SIEM management and security monitoring, perimeter and endpoint protection, and secure cloud networking. We make enterprise-grade cybersecurity services accessible to the Mid-Market and beyond.

Q3 2017 Top Clicked Phishing Emails

Q3 2017 Top Clicked Phishing Emails

KnowBe4, our security awareness training partner, recently released the Top 10 Global Phishing Email Subject Lines for Q3 2017 report.

The Top 10 Most-Clicked General Email Subject Lines Globally for Q3 2017 include:

1. Official Data Breach Notification – 14%
2. UPS Label Delivery 1ZBE312TNY00015011 –12%
3. IT Reminder: Your Password Expires in Less Than 24 Hours – 12%
4. Change of Password Required Immediately – 10%
5. Please Read Important from Human Resources – 10%
6. All Employees: Update your Healthcare Info – 10%
7. Revised Vacation & Sick Time Policy – 8%
8. Quick company survey – 8%
9. A Delivery Attempt was made – 8%
10. Email Account Updates – 8%
*Capitalisation is as it was in the phishing test subject line

“Phishing attacks are responsible for more than 90 per cent of successful cyber attacks and the level of sophistication hackers are now using makes it nearly impossible for a piece of technology to keep an organization protected against social engineering threats,” said Perry Carpenter, chief evangelist, and strategy officer.”

Your users are your last line of defense. Interested in how you can strengthen your human firewall? Learn more about our training services. 

Free Security Training Tools

Red Flags of Phishing Attacks

Red Flags of Phishing Attacks

Back in the early days of the Internet, phishing emails were full of typos and laden with obvious clues—appeals from faraway princess or rich relatives you never knew you had. These were very easy to spot. But cybercriminals have upped their game since then. For example, some cybercriminals go to great lengths to match the branding, color schemes, and logos associated with the companies they are trying to impersonate.

Phishing emails may be more difficult to identify these days, but there are some important steps you can take to avoid becoming a victim. If you answer “yes” to any of the questions below, there’s a very good chance that you’re looking at a phishing email.

  1. Does the message ask for personal information?
    Always remember that reputable businesses do not ask for personal information—such as social security and
    credit card numbers—via email.
  2. Does the offer seem too good to be real?
    If it seems too good to be true, it’s a fake. Beware of emails offering big rewards—vacations, cash prizes, etc.—
    for little effort.
  3. Does the salutation look odd?
    Reputable companies will use your name in the salutation—as opposed to “valued customer” or “to whom it
    may concern.”
  4. Does the email have mismatched URLs?
    If you receive an email from an organization that includes an HTML link in it, hover your mouse over the link without clicking and you should see the full URL appear. If the URL does not include the organization’s exact name, or if it looks suspicious in any other way, delete it because it’s probably a phishing email. Also, you should only visit websites that begin with “https” because the “s” at the end indicates advanced security measures. Websites that begin with “http” are not as secure.
  5. Does it give you a suspicious feeling?
    Trust your instincts when it comes to email. If you catch yourself wondering whether it’s legitimate, and your instinct is to ignore and delete it—then pay attention to that gut check.

As email scams become more sophisticated, it is more likely that an employee at your company will fall victim to a phishing technique.

Cybersecurity Awareness Training