Offensive Security, Cyber Insurance & Cryptocurrencies: 2018 Predictions

Cybersecurity, or rather the lack thereof, dominated headlines throughout 2017. This isn’t likely to change in 2018, with GDPR just around the corner.

Charl van der Walt, Chief Security Strategy Officer at the UK’s largest independent cyber security company SecureData, shares his thoughts on the key trends that will impact cybersecurity next year.

Businesses are living on borrowed cyber time

The 2007 financial crisis brought to light just how interconnected today’s economy really is. All areas of business were affected, with exposure to debt being shared. The cybersecurity industry is no different. Security ‘debt’ is a liability or obligation to pay or render something. Technical Debt is already a well understood concept in software development, the cost of additional rework caused by choosing an easy solution now instead of using a better approach that would take longer or cost more. 

This translates well into security; not as the potential downside resulting from a decision to compromise, but as the direct, concrete, real-time and quantifiable cost of a trade-off between the best possible approach to securing something and the more attractive, practical, convenient or affordable approach. 

Security debt, can be compared to, monetary debt. If debt is not repaid, it can accumulate ‘interest’ and grows over time until it is repaid. It sits on a business’ balance sheet in big red letters for all the world to see, speaking to the very heart of the business, its value. If business have more liabilities in the form of security and other debt than it has assets, then you’re bankrupt and eventually you must fail.

In 2018 we may see the damaging effects of Security Debt that has been stacking up in the form of legacy code, 3rd party libraries and dependencies, and even architectures used by companies. This has been building up for the past 30 years, and may be catastrophic if the right set of circumstances come to pass. Companies have been living on borrowed security for too long, and 2018 may the year when those debts get collected.

Offense is the best defence

Governments globally have been reading up on von Clausewitz, Thucydides and Patton, before settling on Sun Tzu’s teachings to inform next-generation cyber capabilities and techniques that support national and international interests. 
As a result, we’ll see a rise in offensive cyber security with ability and budget beyond civilian imagination. Eventually, these techniques will find their way into the civilian internet, where they will wreak havoc, think Stuxnet and WannaCry, but on steroids. As the threat level escalates behind the weight of massive government investment, an industry-led clarion will herald a call for governments to protect a civilian Internet that cannot be expected to defend itself against military-grade threats. 
Throughout 2018 and beyond, business will accept and expect that their governments will take responsibility for national infrastructure defence, and policing in the cyber realm will become an extension of your Bobbies on the beat.

Cyber insurance becomes big business

GDPR fines come into play next year, and business is still running around in a mad panic. Nobody wants to be fined an inordinate amount of money for a data breach. This has led to a business area blossoming out of recognition that Government can only do so much when it comes to protecting business. Cyber insurance policies will come to the fore, and businesses will lap them up in an effort to plug the residual risk. The approach promises to remove uncertainty and angst from the issue of information security. 

Unfortunately, this will mean that businesses of all sizes will seek out the minimum cyber security investment laid out by insurers, government, and regulators, rather than going above and beyond to protect their own, and their customers’ data.

Cryptocurrency will get regulated

With new technologies there is often a fear of what is not understood. As cybercrime evolves, and hackers find new ways of monetising pre-existing attack methods, suddenly we see cryptocurrency and ransomware uttered in the same breath. In 2018, we might see governments the world over adopting cryptocurrency, and therefore regulating it in order to stem the flow of cryptocurrency-driven cybercrime. This will undoubtedly be a regulatory challenge, but to ensure a safer online ecosystem for business and consumers alike, it will be one that needs to be addressed.

It’s the beginnings of a cyber bloc party

As governments battle it out in cyberspace, the question of cyber balkanisation rears its head. In 2018, we will see an escalation of the drama around Kaspersky and the US government. 

The long-term implication of this could be game-changing. As governments globally take America’s lead and start rejecting security software, and then sensitive apps and entire operating systems on the grounds of National Security, we will inevitably see cyber balkanisation levels not seen since the Cold War. 

Smaller countries that don’t have their own security vendors, or can’t afford to build their own OS stacks will be forced to align with one major power or another, creating new blocs that will spell out the state of play sooner than we realise. How this will impact enterprise security is unknown, but we won’t be able to rule it out as an area for concern.

Information Security Buzz

You Might Also Read:

Cyber Security Insurance:

Bitcoin: UK And EU Will Crackdown On Crime & Tax Evasion:

Three Cybersecurity Trends Business Should Address:

Ransomware Analysis Suggests A  Bleak Future:
 

« UK Cybersecurity Firm Sophos Is Trouncing Silicon Valley
Iran Turns Off The Internet »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Assure Technical

Assure Technical

Assure Technical offers a holistic approach to Technical Security. Our expertise and services span across the Physical, Cyber and Counter Surveillance domains.

AdNovum Informatik

AdNovum Informatik

AdNovum Informatik provides a full set of IT services, ranging from consulting, the conception and implementation of customized business and security solutions to maintenance and support.

Fastpath

Fastpath

Fastpath deliver software solutions that enable you to take control of your security, compliance and risk management initiatives.

AppSec Labs

AppSec Labs

AppSec Labs specialise in application security. Our mission is to raise awareness in the software development world to the importance of integrating software security across the development lifecycle.

Identifi Global Recruitment

Identifi Global Recruitment

Identifi Global is one of the UK's leading Cyber Security & IT Recruitment specialists.

Secure IT Disposals

Secure IT Disposals

Secure IT Disposals specialise in professional Computer Recycling, Computer Disposals, Computer Destruction, Data Erasure and end-of-lifecycle solutions.

Base Cyber Security

Base Cyber Security

Base Cyber Security is an information and cyber security talent service provider and career specialist.

KBR

KBR

To help governments and other agencies to combat cyber threats, KBR is safeguarding their most valuable systems with sophisticated tools, hardware and training.

NETRIO

NETRIO

If you are looking for a highly mature, exceptionally competent Managed Service Provider, NETRIO has solutions to keep your business running at warp speed with zero disruptions.

Cryptyk

Cryptyk

CRYPTYK CLOUD is the first complete enterprise-class cloud security solution that includes cloud storage and broad protection against all external and internal threats.

Mindsight

Mindsight

Mindsight is a technology consulting firm with expertise from cybersecurity to cloud, disaster recovery to infrastructure, and collaboration to contact center.

Raonsecure

Raonsecure

Raonsecure is one of Korea’s leading ICT security software companies – providing a variety of PC and mobile security solutions to financial institutions, government, and enterprise.

Software Diversified Services (SDS)

Software Diversified Services (SDS)

SDS provides the highest quality mainframe software and award-winning, expert service with an emphasis on security, encryption, monitoring, and data compression.

Across Verticals

Across Verticals

Across Verticals is a boutique cyber security consulting firm that specializes in holistic, deeply technical and end to end cyber security advisory services based on industry best practices.

Kodem

Kodem

Our mission is to make AppSec simple. Meet the world’s first dynamic software composition analysis platform. Only Kodem uses runtime intelligence to determine application risk.

LOCH Technologies

LOCH Technologies

LOCH Wireless Machine Vision platform delivers next generation cybersecurity, performance monitoring, and cost management for all 5G and for broad-spectrum IoT, IoMT and OT wireless environments.