The last year has been a significant 12 months in the short history of cyber security, with headline security breaches such as Uber and a scramble to come up with new approaches, particularly as the European Union’s General Data Protection Regulation comes into force next May.
2018 will see further developments in this dynamic field that will affect almost every organisation on the planet. Here are some predictions for the next 12 months:
- Innovation will help overcome the continuing cyber security talent drought
The severe shortage of cyber security professionals will continue to hamper businesses trying to protect themselves. The lack of qualified staff is predicted to rise to 1.8 million in the next five years and we know that two-thirds of companies struggle to recruit staff with sufficient expertise to combat attacks from highly-sophisticated hacking groups.
In the absence of sufficient talent, the immediate imperative for businesses is to adopt more innovative security technology that will give them maximum protection available.
Emails remain the single biggest source of infiltration by criminal malware and a technology such as file-regeneration offers immediate protection without requiring a roster of in-house personnel who are experts in security analysis and investigations.
The good news is that more universities are taking cyber security much more seriously as a subject for study and in the UK the government has announced a £20 million investment in the cyber curriculum for secondary schools.
- Automation will continue to transform cyber security
It is increasingly recognised that responses to security breaches and other incidents are badly slowed down by manual processes.
As a result it is inevitable that security operations workflows will increasingly be supported within Security Information and Event Management tools and incident response (IR) platforms. We can expect to see hefty resources devoted to IR automation in particular. This will involve, for example, blocking malicious IP addresses, web domains, and URLs, using threat intelligence.
An organisation could orchestrate the workflow associated with a security investigation or patching a software vulnerability, but in 2018 we are more likely to see large organisations automating security analytics and operations, largely because security involves so many mundane tasks, whereas orchestration is complex.
Automation offers immediate gains across cyber security. With emails, for example, advanced solutions can automate the minute examination of every attachment against the manufacturer’s standard so that only a sanitised document, free of malware is admitted to an organisation’s system. Decisions on whether to click open an attachment are no longer left to the harassed employee.
- The growth of the IoT will necessitate further re-thinking of security
The Internet of Things (IoT) extends the security border of an organisation way beyond its physical boundaries. Consider how many internet-enabled devices are part of an electricity grid.
Smartphones, tablets and the new generation of electronics that users can control externally, such as refrigerators, home security systems and even home heating systems are also part of the IoT and vulnerable to compromise. By 2020 we could be looking at a trillion connected devices in the world.
The successful attack on the San Francisco MUNI transport system in 2016 is a prime example of just how vulnerable an organisation reliant on multiple internet-connected devices can be to hackers demanding a ransom to release encrypted data.
An assault on the core infrastructure of the internet could have massive effect, particularly if it is linked to terrorism. The best defence is to keep malicious code out of an organisation’s network in the first place, rather than relying on outdated anti-virus defences, which as is widely known, can never pick up the kinds of malware criminals are devising every hour of the day.
- Blockchain will be no cyber security panacea
It is tempting to think that blockchain perfectly complements internal security layers as part of a defence-in-depth approach. Implementations are starting to address blockchain’s data confidentiality and access control challenges by providing ready-made data encryption and authentication and authorisation capabilities.
But blockchain provides little utility in threat-detection or active defence, so organisations throughout 2018 will find they need other more proven and tested forms of technological innovation to protect them from hackers and the millions of different malware variants they are throwing at businesses ever year.
This has to go alongside an overall cyber security programme that includes a governance framework covering roles, processes, accountability measures, performance metrics, and a change in mindset within the entire organisation.
- State-sponsored hacking will force organisations to update cyber defences
There’s no question that state-sponsored or arms-length hacking groups are on the increase and have abundant resources in terms of time and talent. The finger is now pointing almost non-stop at Russia, China and North Korea, while Iran and Israel have joined the list of states widely suspected of dubious cyber activity. The devastating attacks on the Ukrainian power network last year were a vivid demonstration of the way state-backed hackers have disruption of national infrastructure as a target.
Intense international rivalry and instability in many regions of the world make it inevitable that cyberwarfare attacks will continue in 2018. State-resourced groups will continue to target service-providers as a backdoor to enterprise-level targets, moving sideways inside and between organisations while leaving little or no trace.
Organisations must employ far more advanced technology to protect themselves from the most common method used by the hacking groups – adapted email attachments that hide zero-day attack triggers. Relying on traditional anti-virus techniques in 2018 could be a critical error, given the sophistication and resources available to state-backed hackers.
- GDPR will wake everyone up to security requirements
Although the rush to achieve GDPR compliance is already underway, many businesses are going to be caught out as they fail to grasp their responsibilities to EU citizens whose personally identifiable data they hold.
Legal challenges about the way data is handled are likely to proliferate, with fines, substantial costs and public exposure inevitable. It is likely, however, that the regulators will not inflict the full rigour of the penalties available where organisations have failed to comply through poor implementation of new processes.
The same may not be true of organisations that are breached by hackers and seen as failing to fulfil the GDPR’s requirement for state-of-the-art technology to be in place. Fines of up to €20 million or four per cent of turnover may be levied if it is felt an example should be made to encourage everyone else to invest in effective security that protects citizens’ data.
The first half of 2018 should be when the laggards finally address their major security loopholes such as continuing reliance on anti-virus solutions.
- The small print – why innovation will trump cyber insurance in 2018
The cyber insurance market will continue to grow from a low base, but more businesses are also likely to realise that pay-outs can never cover the entirety of their losses if they are hacked. In the course of the year it will become apparent to many organisations, including SMEs, that investing in advanced security technology is a much better investment.
They will be targeted by hackers using emails just like everyone else and need innovative solutions to protect them. Relying on traditional perimeter security and cyber insurance will nowhere near protect an organisation.
Not only will substantial fines and legal costs be inflicted, the victim organisation will have to compensate individuals affected and then spend substantial amounts of time and money on rebuilding its reputation. Enterprises will see how cyber insurance will never mitigate all the damage of a successful cyber-attack.