Forecast of 2018 Global Security Threat
The Information Security Forum, an independent information security organization focused on cyber security, identified the five leading global security threats it believes businesses will face in 2018.
Key threats for the coming year include:
- Crime-As-A-Service (CaaS) Expands Tools and Services
- The Internet of Things (IoT) Adds Unmanaged Risks
- Supply Chain Remains the Weakest Link in Risk Management
- Regulation Adds to Complexity of Critical Asset Management
- Unmet Board Expectations Exposed by Major Incidents
The group forecast that the number of data breaches will grow in 2018 along with the volume of compromised records, becoming more expensive for organizations of all sizes.
Costs will come from traditional areas, such as network clean-up and customer notification, as well as newer areas such as litigation involving a growing number of parties.
Angry customers will pressure governments to introduce tighter data protection legislation, bringing new costs and compliance challenges.
Along with a greater number of data breaches, the scale of data breaches will also grow, the group believes.
In some cases, sophisticated defenses will be circumvented by persistent criminal organizations that can swiftly exploit stolen data. The cost of the resulting cyber-crimes will rise steeply.
“The scope and pace of information security threats is jeopardizing the veracity and reputation of today’s most reliable organization,” said Steve Durbin, Managing Director of the ISF.
“In 2018, we will see increased sophistication in the threat landscape, with threats being personalized to their target’s weak spots.”
The most prevalent threats identified by the ISF for 2018 include:
Crime-As-A-Service (CaaS) Expands Tools and Services
Criminal organizations will become increasingly more sophisticated. Some organizations will have roots in existing criminal structures, while others will emerge focused purely on cybercrime.
Companies will struggle to keep pace with this increased sophistication, and the impact will extend worldwide.
The resulting cyber incidents will be more persistent and damaging than companies have experienced previously, leading to business disruption and loss of trust in existing security controls.
The Internet of Things (IoT) Adds Unmanaged Risks
Organizations are adopting IoT devices with enthusiasm, not realizing that these devices are often insecure by design and therefore offer opportunities for attackers.
In addition, there will be an increasing lack of transparency in the rapidly-evolving IoT ecosystem, with vague terms and conditions that allow organizations to use personal data in ways customers did not intend.
It will be problematic for organizations to know what information is leaving their networks, or what data is being secretly captured and transmitted by devices such as smartphones and smart TVs.
When breaches occur, or transparency violations are revealed, organizations will be held liable by regulators and customers for inadequate data protection.
In a worst-case scenario, when IoT devices are embedded in industrial control systems, security compromises could result in harm to individuals or even loss of life.
Supply Chain Remains the Weakest Link in Risk Management
Supply chains are a vital component of every organization’s global business operations and the backbone of today’s global economy. However, they are open to an abundance of risk factors.
Valuable and sensitive information is often shared with suppliers; when that information is shared, direct control is lost. This leads to an increased risk of its confidentiality, integrity or availability being compromised.
In the coming year, organizations must focus on the weakest spots in their supply chains.
Not every security compromise can be prevented beforehand, but being proactive now means that you— and your suppliers—will be better able to react quickly and intelligently when something does happen.
To address information risk in the supply chain, organizations should adopt strong, scalable and repeatable processes — obtaining assurance proportionate to the risk faced.
Supply chain information risk management should be embedded within existing procurement and vendor management processes.
Regulation Adds to Complexity of Critical Asset Management
New regulations, such as the European Union General Data Protection Regulation (GDPR), will add another layer of complexity to the issue of critical information asset management that many organizations are already struggling with.
The GDPR aims to establish the same data protection levels for all EU residents and will focus on how organizations handle personal data.
The additional resources required to meet these obligations are likely to increase compliance and data management costs while pulling attention and investment away from other important initiatives.
The increasing burden of compliance and legislative differences across jurisdictions will increase the burden for multi-nationals and for businesses engaging in international trade.
Unmet Board Expectations Exposed by Major Incidents
Boards will expect that their approval of increased information security budgets will produce immediate results.
However, a fully secure organization is an unattainable goal, and many boards are unaware that making substantial improvements to information security will take time – even when the organization has the correct skills and capabilities.
Consequently, the expectations of boards will exceed their information security functions’ ability to deliver.
Not only will the organization face substantial impact, the repercussions will also reflect badly on the individuals and collective reputations of the board members.
ISF Threat Horizon Reports
The threats outlined above are included in the annual ISF Threat Horizon series of reports, aimed at senior business executives and information security professionals.
These reports are designed to help organizations take a proactive stance to security risks. To access the reports, visit the ISF website. A webcase of Durbin’s presentation is also available on the ISF website.