Threats to cybersecurity have reached crisis proportions in recent times, with growing instances of hacker attacks, malware epidemics, million-dollar data breaches, and explosive spying. Customers, partners, government officials, internal cybersecurity experts, and leaders from both the security and research communities are expressing concern over the increasing sophistication of cyberattacks, the growing alliance between insurance and cybersecurity products, cyberthreats becoming a matter of public health, and employees being a bait for hackers.
The following are some of the predictions in the cybersecurity space for 2018:
The year will be the worst till date for cyberattacks
With 2017 being the worst year ever for cyberattacks, it is tempting to think that we may have hit rock bottom. But what we have seen so far is just the tip of the iceberg. The fundamental issues that have caused the majority of recent cyber breaches have not been resolved yet. IT departments are being tasked to manage increasingly complex networks, support new types of endpoints, and protect more and more sensitive data. Legacy systems are still rampant across most industries and cannot be easily upgraded or replaced. These systems often contain publicly known software vulnerabilities, which can be exploited to penetrate the corporate network.
At the same time, attackers are getting increasingly sophisticated. From building ransomware or mounting distributed denial-of-service (DDoS) attacks and demanding bitcoin payments to working with organised crime and even national governments, malicious hackers have numerous ways to monetise their skills and protect themselves.
Governments and enterprises are recognising these new threats and deploying modern security solutions, but it will take years to decommission all of the legacy systems. More importantly, there is a need to start planning for the future by addressing new threats posed by internet of things (IoT).
Cyberattacks will cause physical harm
Securing IoT networks is even more important than securing traditional IT networks for the simple reason that IoT attacks threaten public safety. A hacked computer or mobile device typically cannot cause direct physical harm. While it is certainly frustrating to have one’s personal information stolen, it does not compare with the impact of being involved in a car accident or having one’s infusion pump or pacemaker compromised. IoT security will literally become a matter of life and death. There is a need for stronger IoT security standards, especially as we continue to move towards smart cites.
Hackers will target employees
IT departments typically focus their spending on preventing external attacks, but the reality is that most data breaches start internally – either by sharing documents through unsecure consumer applications or clicking on increasingly sophisticated phishing attacks.
While hackers are often depicted as technical geniuses using complex algorithms to break advanced cryptography, the reality is that simpler techniques can be just as effective. As companies’ technical defences continue to improve, employees will become the weakest link and will be increasingly targeted by attackers as part of their overall strategy.
A simple advice to all chief information officers and chief information security officers is to go hack themselves. They can spend all of their time building and buying systems that they believe will stop intruders, but until they bring professional ethical hackers and let them simulate a real-world cyberattack (including phishing and other social engineering techniques), they will never know whether their systems are truly secure.
Insurance and cybersecurity products will go hand in hand
In 2018, it will not matter which system or employee is the weakest link. Major corporate data breaches will happen and insurance companies are taking notice. This is because the more harmful the attack for their clients, the more helpful it will be to their bottom line. This year, we will see firms not only add more cyber policy holders to their roster, but also seek out two strategic avenues – products and experts – to help manage risks for themselves and their customers.
Insurance companies will start selling products to help track their clients’ security posture. They will even partner with security experts to appropriately evaluate a company’s ability to protect itself against a cyberattack. Scorecards will be given and companies that perform the best will be rewarded with a lower policy amount.
