Leaving Hacks Behind - Cybersecurity Predictions for 2018

Uploaded on 2018-02-05 in FREE TO VIEW, NEWS-Cybersecurity News

While each of the last several years has been dubbed “the year of the hack,” 2017 may actually deserve that infamous title. Major breaches at large organisations like Equifax, Deloitte and Verizon have all taken place in the last year.

In fact, Identity Force reports that 43 of the worst data breaches of all time happened in 2017. We can only hope that this year will feel a bit more secure in our digital world, or at the very least avoid even more impressive catastrophes.

With the growth of security and technology today, we should be seeing fewer cyberattacks, not more. To avoid becoming this year’s disheartening statistic, organisations need to be more proactive about identifying and preventing cyber threats and heed the following predictions:

More (IoT) Data, More Leaks

As the use of IoT devices increases both by consumers and across industries, people and organizations are benefitting from the additional features and increased data gathered from these connected devices. The market is growing by leaps and bounds, yet a number of IoT interfaces do not have robust security.

Botnets like Reaper and Mirai may just be the beginning, and we expect to see an increased number of data breaches in IoT devices this year.

With this in mind, organisations should conduct thorough research before purchasing new IoT technologies. If a device has a hidden administrative account with a hard-coded password, or runs an older framework with known vulnerabilities, it may be impossible to correct.

When purchasing such devices, make sure you can upgrade the firmware, or consider devices that automatically update their own firmware. Review your environment on a quarterly basis and keep these devices up-to-date to avoid possible security issues. If a device in your environment is fundamentally flawed, you may need to turn it off to mitigate a serious risk.

Regulation will prompt action

Regulations such as NIST 800-171 and the upcoming GDPR will prompt companies to examine their overall security strategy and mitigate risks to their private information. Some companies will do this, some will not.

Data privacy is more important than ever and ensuring that companies abide by these standards will ultimately strengthen a companies’ business. Many US organisations will use a standard such as GDPR to incentivise putting a holistic plan in place.

While undergoing the compliance process, it’s important for organisations to ensure they are enforcing authorisation into systems and networks, while protecting content behind firewalls, and having a plan of action for how to respond in the event of a potential breach. These three areas are key: authorisation, protection, and response.

Business as usual

Despite the growth of data breaches impacting major companies in 2017, a number of organisations still do not take security seriously. After all, how many companies go out of business because they mishandle customer data?

We expect to see two or more major breaches in 2018 that impact millions of consumers. To reduce the risk of a breach, organisations should monitor security updates impacting their systems, and teams should hold a monthly review to make sure they are up to date.

In addition, expand beyond simple perimeter security by using rights-management software. This actively protects data stored within and leaving the network to add another level of security.

A good rights-management solution protects content in transit, at rest, and while in-use. Employing a data-loss protection (DLP) or a cloud access security broker (CASB) to actively monitor network traffic can also add a layer of protection for information leaving your internal network.

Cybersecurity Culture

In 2018, more companies will adopt “security-first” thinking and begin to develop a more robust cybersecurity culture. A company is much like a castle, and security is the strength of the moat surrounding a castle, protecting the king, queen, and other residents from invaders.

Except in this case, instead of people you have Personal Identifiable Information (PII), proprietary files, intellectual capital, medical information, legal documents, and other information that should only be seen and shared with those people and organisations who have received authorisation.

Adopting security-first thinking means strengthening the moat as the primary line of defense for the castle and its inhabitants.

For organisations to adopt such a culture, people need to be educated on the importance of security with regular awareness campaigns, which includes training procedures such as simulated security attacks with phishing and other attack vectors.

Additionally, companies need to enforce improved record keeping policies to manage and encrypt key organisational data.

Information- Management:

You Might Also Read: 

The Top 5 Tech Trends For 2018:

Offensive Security, Cyber Insurance & Cryptocurrencies: 2018 Predictions:

 

 

« Cybercrime: £130bn Stolen From Consumers In 2017
Ethical Hacking Is A Great Career Option »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

SI-CERT

SI-CERT

SI-CERT (Slovenian Computer Emergency Response Team) is the national cyber scurity incident response center for Slovenia.

CionSystems

CionSystems

CionSystems provides identity, access and authentication solutions to improve security and streamline IT infrastructure management.

Nation-E

Nation-E

Nation-E offers innovative cyber security solutions for industrial installations, critical infrastructure and smart grids.

SKKU Security Lab (seclab)

SKKU Security Lab (seclab)

SKKU Security Lab supports research and education in information security engineering. The lab is a part of the College of Software, Sungkyunkwan University.

BELAC

BELAC

BELAC is the national accreditation body for Belgium.

Rigado

Rigado

Rigado's mission is to enable commercial IoT success by providing high-performance secure and scalable wireless edge connectivity and network infrastructure.

Utility Cyber Security Forum

Utility Cyber Security Forum

The Utility Cyber Security Forum offers a focused venue in which utility executives can network one-on-one with colleagues facing issues in protecting against cyber attacks.

BAI Security

BAI Security

BAI Security is a Nationally Recognized Leader in IT Security. Keeping your data safe and your business compliant is our singular focus.

Dashlane

Dashlane

Dashlane puts all your passwords, payments, and personal info in one place that only you control. So you can use them instantly. Securely. Exactly when you need them.

VeriClouds

VeriClouds

VeriClouds is a password verification service that helps organizations detect compromised passwords and stop account takeover attacks.

Nassec

Nassec

Nassec is a Cyber Security firm dedicated to providing the best vulnerability management solutions. We offer tailor-made cyber security solutions based upon your requirements and nature of business.

Cloud4C

Cloud4C

Cloud4C is a leading automation-driven, application focused cloud Managed Services Provider.

Aegis Cyber Defense Systems

Aegis Cyber Defense Systems

AEGIS is a powerful cybersecurity tool that can help protect your devices and networks from cyber threats, and increase performance.

Box

Box

Box is the Cloud Content Management company that empowers enterprises to revolutionize how they work by securely connecting their people, information and applications.

Applied Insight

Applied Insight

Applied Insight work closely with government agencies and industry to overcome technical and cultural hurdles to innovation, empowering them with the latest cloud, data and cyber capabilities.

AI or Not

AI or Not

AI or Not - Leverage AI to combat misinformation and elevate the landscape of compliance solutions.