7 Cybersecurity Trends to Watch For 2018
As we approach the close of another year, the war of cybersecurity rages on. With many data breaches in 2017, most notably for Equifax, Verizon, and Kmart. The news that the global average cost of a data breach is down 10 percent over previous years to $3.62 million, according to the Ponemon Institute. Sadly, the average size of a data breach increased nearly two percent, so there’s still plenty of work to be done.
Here are some of the trends, challenges and threats that await us all in 2018.
ArtificiaI Intelligence, (AI) and machine learning can boost cyber defenses
As artificial intelligence and machine learning gathers pace, and starts to impact more and more industries, it’s sure to play a bigger role in cybersecurity. Because the battle with cyber criminals moves so quickly, machine learning models that can predict and accurately identify attacks swiftly could be a real boost for InfoSec professionals. In the year ahead, these models need to be trained and honed. However, there is also a risk that AI and machine learning may be exploited by attackers.
Be proactive about ransomware
Ransomware has been a growing threat for the last few years, but it continues to claim high profile victims. It’s not yet clear what everyone learned from the WannaCry ransomware attacks, but we hope that it highlighted the need to back up regularly, keep patching and updating systems, and strengthen your real-time defenses. If organizations took these simple steps, we could dramatically reduce the impact of ransomware.
Handling data breaches gracefully
It may prove impossible to eradicate data breaches completely, but every organization has the power to lessen the blow by handling the aftermath correctly. Equifax gave us a masterclass in how not to handle a data breach earlier this year. By delaying disclosure, misdirecting potential victims, and failing to patch a known vulnerability, it made a bad situation much worse. We can only hope this proves instructive for others in the year ahead.
The IoT is a weak link
We’re rolling out more and more sensor-packed, internet-connected devices, but the Internet of Things remains a major weak point for defenses. All too often these devices lack basic security features, or they aren’t properly configured and rely upon default passwords that can give attackers easy access. This in turn is giving rise to botnets, which can be used for volumetric attacks, to exfiltrate stolen data, to identify further vulnerabilities, or for brute force attacks. We need to properly secure the IoT or it will continue to be a big issue in 2018.
There’s still a skills shortage
The dearth of skilled cybersecurity professionals continues to be a major problem for many organizations. Even with average InfoSec salaries soaring, there are thousands of vacant positions. This is leading many companies to engage external cybersecurity services and virtual CISOs. We expect to see more outsourcing as employers try to find a way to fill the skills gap.
Developing a common language
While the specter of multiple threats looms, there are also positive developments in the cybersecurity realm, not least the creation and adoption of things like NIST’s Cybersecurity Framework. As more organizations and cybersecurity experts come together to develop a common language, our collective defenses grow stronger.
Patching and application testing
It’s not shiny or new or exciting, but it should still be at the top of everyone's mind. The number of data breaches in 2017 that were made possible by known vulnerabilities and a sluggish approach to patching is horrifying. It’s not enough to identify problems – you must act. Application testing falls into the same bucket, in that it’s too often ignored. If you don’t test your security, then you don’t know how secure your application is. If everyone put a fresh effort into patching and app testing in the coming year, we would see a dramatic drop in data breaches.
Source: CSO online
-Allyson White, CEO Alde Security Solutions, LLC.