Leaving Hacks Behind - Cybersecurity Predictions for 2018

While each of the last several years has been dubbed “the year of the hack,” 2017 may actually deserve that infamous title. Major breaches at large organisations like Equifax, Deloitte and Verizon have all taken place in the last year.

In fact, Identity Force reports that 43 of the worst data breaches of all time happened in 2017. We can only hope that this year will feel a bit more secure in our digital world, or at the very least avoid even more impressive catastrophes.

With the growth of security and technology today, we should be seeing fewer cyberattacks, not more. To avoid becoming this year’s disheartening statistic, organisations need to be more proactive about identifying and preventing cyber threats and heed the following predictions:

More (IoT) Data, More Leaks

As the use of IoT devices increases both by consumers and across industries, people and organizations are benefitting from the additional features and increased data gathered from these connected devices. The market is growing by leaps and bounds, yet a number of IoT interfaces do not have robust security.

Botnets like Reaper and Mirai may just be the beginning, and we expect to see an increased number of data breaches in IoT devices this year.

With this in mind, organisations should conduct thorough research before purchasing new IoT technologies. If a device has a hidden administrative account with a hard-coded password, or runs an older framework with known vulnerabilities, it may be impossible to correct.

When purchasing such devices, make sure you can upgrade the firmware, or consider devices that automatically update their own firmware. Review your environment on a quarterly basis and keep these devices up-to-date to avoid possible security issues. If a device in your environment is fundamentally flawed, you may need to turn it off to mitigate a serious risk.

Regulation will prompt action

Regulations such as NIST 800-171 and the upcoming GDPR will prompt companies to examine their overall security strategy and mitigate risks to their private information. Some companies will do this, some will not.

Data privacy is more important than ever and ensuring that companies abide by these standards will ultimately strengthen a companies’ business. Many US organisations will use a standard such as GDPR to incentivise putting a holistic plan in place.

While undergoing the compliance process, it’s important for organisations to ensure they are enforcing authorisation into systems and networks, while protecting content behind firewalls, and having a plan of action for how to respond in the event of a potential breach. These three areas are key: authorisation, protection, and response.

Business as usual

Despite the growth of data breaches impacting major companies in 2017, a number of organisations still do not take security seriously. After all, how many companies go out of business because they mishandle customer data?

We expect to see two or more major breaches in 2018 that impact millions of consumers. To reduce the risk of a breach, organisations should monitor security updates impacting their systems, and teams should hold a monthly review to make sure they are up to date.

In addition, expand beyond simple perimeter security by using rights-management software. This actively protects data stored within and leaving the network to add another level of security.

A good rights-management solution protects content in transit, at rest, and while in-use. Employing a data-loss protection (DLP) or a cloud access security broker (CASB) to actively monitor network traffic can also add a layer of protection for information leaving your internal network.

Cybersecurity Culture

In 2018, more companies will adopt “security-first” thinking and begin to develop a more robust cybersecurity culture. A company is much like a castle, and security is the strength of the moat surrounding a castle, protecting the king, queen, and other residents from invaders.

Except in this case, instead of people you have Personal Identifiable Information (PII), proprietary files, intellectual capital, medical information, legal documents, and other information that should only be seen and shared with those people and organisations who have received authorisation.

Adopting security-first thinking means strengthening the moat as the primary line of defense for the castle and its inhabitants.

For organisations to adopt such a culture, people need to be educated on the importance of security with regular awareness campaigns, which includes training procedures such as simulated security attacks with phishing and other attack vectors.

Additionally, companies need to enforce improved record keeping policies to manage and encrypt key organisational data.

Information- Management:

You Might Also Read: 

The Top 5 Tech Trends For 2018:

Offensive Security, Cyber Insurance & Cryptocurrencies: 2018 Predictions:

 

 

« Cybercrime: £130bn Stolen From Consumers In 2017
Ethical Hacking Is A Great Career Option »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Bulletproof Cyber

Bulletproof Cyber

Bulletproof offer a range of security services, from penetration testing and vulnerability assessments to 24/7 security monitoring, and consultancy.

Cryptomathic

Cryptomathic

Cryptomathic is an expert on commercial crypto - we develop, deliver and support the most secure and efficient off-the-shelf and customised solutions.

ABB

ABB

ABB is a pioneering technology leader in industrial digitalization. Services include cyber security for industrial control systems IoT.

Norton

Norton

NortonLifeLock is dedicated to helping secure the devices, identities, online privacy, and home and family needs of approximately 50 million consumers.

Olfeo

Olfeo

Olfeo is a content filtering software vendor. Our proxy and filtering solution helps our customers to manage, monitor and secure their Internet traffic.

Gulf Computer Services Co (GCSC)

Gulf Computer Services Co (GCSC)

Gulf Computer Services is a major player in the field of networking & Communication solutions for emerging industries such as Internet Services and Information Technology in Saudi Arabia.

Risk Ident

Risk Ident

RISK IDENT specializes in supporting enterprises in identifying and preventing criminal activity like payment fraud, account takeovers and identity theft.

CyberFortress

CyberFortress

CyberFortress is an insuretech startup offering a new kind of online business interruption policy designed for small business.

Cynamics

Cynamics

Cynamics is the only network monitoring solution built specifically for Smart City, Public Safety and Critical Infrastructure networks.

Right-Hand Cybersecurity

Right-Hand Cybersecurity

Right-Hand Cybersecurity empowers businesses to monitor, measure and mitigate employee induced cyber risks in real-time.

Content+Cloud

Content+Cloud

Content+Cloud is a leading technology services business and Managed Services Provider (MSP) with a genuine passion for helping your organisation to succeed, whatever your ambitions.

Oman Technology Fund (OTF)

Oman Technology Fund (OTF)

Oman Technology Fund aims to make Oman the preferred destination for emerging tech companies in the region, and an attractive and stimulating destination for venture capital.

ECS Ethiopia

ECS Ethiopia

ECS Ethiopia provides Ethiopia’s leading institutions with top cyber-security expertise and technology to enable them to overcome risks and market barriers enabling them to grow their business.

Upwind Security

Upwind Security

Upwind delivers comprehensive cloud security, precisely when and where it’s most critical.

Breeze Security

Breeze Security

The Breeze Platform acts as a defense coordinator, unifying security across identities, endpoints, cloud, and data to expose real attack paths, orchestrate remediation, and detect threats.

Black Breach

Black Breach

Black Breach experts protect your organization from cyber threats with military-grade AI-tooled cybersecurity solutions.