Eight Ways Cyber Threats & Business Security Will Change in 2018

As cyber-attacks increasingly threaten business and grow in volume and scale, companies will be forced to take new measures to address cybersecurity risk holistically, integrating it more aggressively into their enterprise risk management, according to insurance broker Aon’s cyber specialists in the firm’s 2018 Cybersecurity Predictions report.
 
The report outlines specific actions that Aon believes companies will take in 2018 to address cyber threats, as well as other cyber trends that it anticipates in the new year.
 
“In 2017, cyber attackers created havoc through a range of levers, from phishing attacks that influenced political campaigns to ransomware crypto-worms that infiltrated operating systems on a global scale. 
 
“With the growth of the Internet of Things (IoT), we have also witnessed a proliferation of distributed denial-of-service (DDoS) attacks on IoT devices, crippling the device’s functionality,” said Jason J. Hogg, CEO, Aon Cyber Solutions. Hogg said Aon’s specialists expect heightened cyber exposure due to a convergence of three trends: companies’ increasing reliance on technology; regulators’ intensified focus on protecting consumer data; and the rising value of non-physical assets.
“Heightened exposure will require an integrated cybersecurity approach to both business culture and risk management frameworks,” he said. “Leaders must adopt a coordinated, C-suite driven approach to cyber risk management, enabling them to better assess and mitigate risk across all enterprise functions.”
 
Aon’s 2018 Cybersecurity Predictions report look at the ways in which the increasing scale and impact of cyber-attacks, coupled with companies having to accept more liability and accountability over cyber-attacks, will lead to significant changes in the corporate landscape. 
 
The report predicts an expanding role for the chief risk officer (CRO), the importance of implementing multi-factor authentication, the increased threats from insiders, and an expansion of bug bounty programs in new sectors.
Here are eight ways Aon’s specialists see cyber risks and cybersecurity playing out during this year:
 
1. Businesses adopt standalone cyber insurance policies as boards and executives wake up to cyber liability. 
As boards and executives experience and witness the impact of cyber-attacks, including reduced earnings, operational disruption, and claims brought against directors and officers, businesses will turn to tailored enterprise cyber insurance policies, rather than relying on “silent” components in other policies. 
 
Adoption will spread beyond traditional buyers of cyber insurance, such as retail, financial, and healthcare sectors, to others vulnerable to cyber-related business disruption, including manufacturing, transportation, utility, and oil and gas.
 
2. As the physical and cyber worlds collide, chief risk officers take center stage to manage cyber as an enterprise risk. 
As sophisticated cyber-attacks generate real-world consequences that impact business operations at increasing scale, C-suites will wake up to the enterprise nature of cyber risk. In 2018, expect CROs to have a seat at the cyber table, working closely with chief information security officers (CISOs) to help organisations understand the holistic impact of cyber risk on the business.
 
3. Regulatory spotlight widens and becomes more complex, provoking calls for harmonisation. 
EU holds global companies to account over General Data Protection Regulation (GDPR) violation; big data aggregators come under scrutiny in the US. 
 
In 2018, regulators at the international, national and local levels will more strictly enforce existing cybersecurity regulations and introduce new regulations. Expect to see EU regulators holding major US and global companies to account for GDPR violations. 
 
Across the Atlantic, big data organisations (aggregators and resellers) will come under scrutiny on how they are collecting, using, and securing data. Industry organisations will push back on regulators, calling for alignment of cyber regulations.
 
4. Criminals look to attack businesses embracing the Internet of Things, in particular targeting small to mid-sized businesses providing services to, global organisations. 
 
In 2018, global organisations will need to consider the increased complexities when it comes to how businesses are using the IoT in relation to third-party risk management. The report predicts large companies will be brought down by an attack on a small vendor or contractor that targets the IoT, using it as a way into their network. 
 
This will serve as a wake-up call for large organisations to update their third-party risk management, and for small and mid-sized businesses to implement better security measures or risk losing business.
 
5. As passwords continue to be hacked, and attackers circumvent physical biometrics, multi-factor authentication becomes more important than ever before. 
 
Beyond passwords, companies are implementing new methods of authentication – from facial recognition to fingerprints. 
However, these technologies are still vulnerable and as such, the report anticipates that a new wave of companies will embrace multi-factor authentication to combat the assault on passwords and attacks targeting biometrics. 
 
This will require individuals to present several pieces of evidence to an authentication instrument. With the new need for multi-factor authentication, and consumer demand for unobtrusive layers of security, expect to see the implementation of behavioral biometrics.
 
6. Criminals will target transactions that use reward points as currency, spurring mainstream adoption of bug bounty programs: Companies beyond the technology, government, automotive and financial services sectors will introduce bug bounty platforms into their security programs. 
 
As criminals target transactions that use points as currency, businesses with loyalty, gift and rewards programs, such as airlines, retailers, and hospitality providers, will be the next wave of companies implementing bug bounty programs. 
As more organisations adopt the programs, they will require support from external experts to avoid introducing new risks with improperly configured programs.
 
7. Ransomware attackers get targeted; cryptocurrencies help ransomware industry flourish. In 2018, ransomware criminals will evolve their tactics. 
 
The report predicts that attackers utilising forms of benign malware, such as software designed to cause DDoS attacks or launch display ads on thousands of systems, will launch huge outbreaks of ransomware. 
 
While attackers will continue to launch scatter-gun-style attacks to disrupt as many systems as possible, the report predicts an increase in instances of attacks targeting specific companies and demanding ransomware payments proportional to the value of the encrypted assets. 
 
Cryptocurrencies will continue to support the flourishing ransomware industry overall, despite law enforcement becoming more advanced in their ability to trace attacks, for example through bitcoin wallets.
 
8. Insider risks plague organisations as they underestimate their severe vulnerability and liability while major attacks fly under the radar.  In 2017, businesses underinvested in proactive insider risk mitigation strategies, and 2018 will be no different. 
According to the report, a continued lack of security training and technical controls, coupled with the changing dynamics of the modern workforce, the full extent of cyber-attacks and incidents caused by insiders will not become fully public. 
 
Many companies will continue to reactively respond to incidents behind closed doors and remain unaware of the true cost and impact of insider risk on the organisation.
 
Insurance Journal:             Strozifriedberg.com / Aon:
 
You Might Also Read: 
 
Leaving Hacks Behind - Cybersecurity Predictions for 2018:
 
Cyber Insurance Report 2017 - 2018 (£):
 
Offensive Security, Cyber Insurance & Cryptocurrencies: 2018 Predictions?:
 
 
« GDPR For Dummies
The AI Lock In Loop »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IASME Consortium

IASME Consortium

IASME is one of five companies appointed as Accreditation Bodies for assessing and certifying against the UK Government's Cyber Essentials Scheme.

InteliSecure

InteliSecure

InteliSecure offer Professional Services, Security Assessments and Managed Services for data and threat protection.

Cybernetica

Cybernetica

Cybernetica is an ICT company with activities in e-government, marine comms, data analysis and research in information security technologies.

Certus Software

Certus Software

Our Secure Data Erasure solutions protect customer data confidentiality by completely erasing it from data storage devices.

DFLabs

DFLabs

DFlabs is a pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap.

DQM GRC

DQM GRC

DQM GRC are one of the UK's leading providers of data governance, e-privacy and GDPR services, to commercial organisations across all industries in the UK.

PSYND

PSYND

PSYND is a Swiss consultancy company based in Geneva specialized in CyberSecurity and Identity & Access Management.

MagicCube

MagicCube

MagicCube is a device independent IoT security platform that protects against on-device, cloud, and network attacks.

Nameshield Group

Nameshield Group

Nameshield is one of most experienced domain name registrars, trademark protection specialists and managers of online reputational risk in the world today.

Gytpol

Gytpol

Gytpol is a leader in Endpoint Configuration Security (ECS) solutions, providing validation, remediation & securing of IT Policies and IT Infrastructure on-premise and in the cloud.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.

Mainstream Technologies

Mainstream Technologies

Mainstream Technologies is an information technology services firm specializing in custom software development, managed IT services, cybersecurity services and hosting.

Ministry of Electronics & Information Technology (MeitY)

Ministry of Electronics & Information Technology (MeitY)

The Ministry of Electronics & Information Technology is an executive agency responsible for IT policy, strategy and development of the electronics industry.

ID North

ID North

ID North is a Nordic service provider offering identity security to its customers by providing world class expertise and best-in-class solutions and services.

Bores Security Consultancy

Bores Security Consultancy

Bores Security Consultancy are an established family-run business delivering expertise in security and technology.

Custodia Continuity

Custodia Continuity

Custodia Continuity manage your Security, Backup, Continuity and Compliance. You get on with your business.