Is cybersecurity the new must-invest category for enterprises in 2018? Will businesses be ready for new regulations put in place following 2017’s headline-grabbing breaches? Will the expansion of the IoT translate to an expansion of vulnerabilities?
Consider the following predictions for 2018 from four thought-leading CEOs:
Mårten Mickos, CEO, HackerOne
- Skills Gap: The cyber security skills gap shows no sign of slowing in 2018. With every company becoming a technology company, tech, financial, retail, transportation, IoT companies will all be competing for the same limited pool of security talent. We’ve seen an influx of our top hackers being hired as security professionals by the companies they love to hack, as well as developers dipping their toes in the security pool. The skills gap will continue growing in cybersecurity and will bleed into the developer pool, creating more of a demand for talent than ever before.
- Breaches from known issues: Known security vulnerabilities that have not been patched or security misconfigurations will continue to hurt consumers like we saw with Equifax, WannaCry malware and Alteryx. Gartner predicted that 99 percent of vulnerabilities exploited through 2020 will continue to be known by security and IT professionals for at least one year. 2017 proved the reality of that prediction.
- No better time to be an ethical hacker: We’ve come a long way since hacker was synonymous with criminal and in 2018 there is no better time to be a hacker. Cybersecurity is more important than ever before with the shortage of skilled security professionals. 2017 proved that cybercrime is rampant online, but hackers are being sought after by governments and leading companies globally to protect against emerging threats. Leading government organizations like the U.S. Department of Defense, European Commission and Singapore Ministry of Defense are leading a global shift by embracing hackers as helpers not assumed criminals. Hackers are earning millions of dollars with bug bounty programs and leading security research is getting more attention than ever before.
- Cybersecurity spending expansion: Gartner predicts that the cybersecurity market will grow to $96 billion in 2018. Cybersecurity spend is the new “Marketing spend:” Everyone knows they must do it, but few know what to focus on. Half the spend is wasted; we just don’t know which half. Companies that build security hygiene into everything they do and who share threat intelligence with peers and competitors will fare better. Increasingly severe threats combined with chronic security staff shortage will lead companies to adopt emerging AI-driven technologies and new security models that encourage outside security research to augment their efforts. GDPR and other norms will drive a new level of transparency in cybersecurity.
Rotem Iram, CEO and Co-Founder, At-Bay
In the last year, we’ve seen a number of large-scale ransomware attacks impacting organizations such as Maersk and FedEx. A survey conducted by At-Bay this year found that respondents expressed the least amount of confidence in their ability to stop a significant ransomware attack compared to other types of cyber-attacks. And, one of the most significant impacts of these attacks is businesses interruption. In the survey, 69 percent of respondents stated they were very or completely concerned about the business interruption impact from a ransomware attack.
In the last year, the impact of these simple, non-targeted ransomware attacks was extremely significant in terms of financial loss and business downtime. In 2018, we expect sophisticated attackers to capitalize on this opportunity and launch targeted and meaningful business interruption ransom attacks on companies with meaningful digitized operations. We have yet to see meaningful APT ransom attacks, demanding millions of dollar in ransom, which we predict will emerge in the new year.
Many organizations will also look for ways to prepare for and implement preventative measures against these attacks. They will look outside of traditional cybersecurity measures. For example, many will turn to comprehensive cyber risk management programs that include a mix of investments in security technology, security operations and cyber insurance.
Erik Brown, CTO, GigaTrust
- More (IoT) data = more leaks We expect to see an increased use of IoT devices by consumers and across industries. People and organizations will benefit from the additional features and increased data gathered from these connected devices. However, a number of IoT interfaces do not have robust security. We expect to see an increased number of data breaches or device hacks in IoT devices next year. The best advice here is to research security before you buy. If a device has a hidden administrative account with a hard-coded password, it may be impossible to correct. Look for firmware updates for your devices on a quarterly basis and keep up to date on possible security issues. If a device in your environment is fundamentally flawed, you may need to turn it off to mitigate a serious risk.
- Business as usual With major breaches at Equifax, Deloitte, Verizon, University of Oklahoma and other major organizations in 2017, a number of companies will still not take security seriously. Expect to see two or more major breaches in 2018 affecting millions of consumers. How can you reduce the risk of a breach at your company? Monitor the security updates impacting the systems in your organization, and hold a monthly review to make sure they are up to date. In addition, go behind simple perimeter security by using rights-management software and actively protecting data leaving the network. A good rights-management solution, such as my company’s GigaCloud offering, protects content in transit, at rest, and also while in-use. For data leaving your network, employ a data-loss protection (DLP) or a cloud access security broker (CASB) to actively monitor and protect the information leaving your internal network.
- The Cybersecurity Culture We are starting see a cybersecurity culture in some organizations. In 2018, more companies will adopt this kind of security-first thinking. Imagine a moat surrounding a castle, protecting the king, queen, and other residents from invaders. Only in this case, instead of people you have PII, proprietary files, intellectual capital, medical information, legal documents, and other information that should only be seen and shared with the people and organizations you authorize. To adopt such a culture at your organization, get your people thinking about security with regular awareness campaigns, simulated security attacks with phishing and other attack vectors, and improved record keeping policies to manage and encrypt key organizational data.
Dan Kiely, CEO, Voxpro - powered by TELUS International
While recent global attacks like Wannacry and Petya/GoldenEye dominated headlines due to the sheer size of its reach and impact, thousands more acts of cybercrime are committed every single day — almost 50 percent of which target businesses. Larger mature companies are hit most often, but smaller scale-ups are hit the hardest, and it takes longer for them to recover. Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective. In today’s digital economy, winning and maintaining the trust of your customers is central to business growth, and nothing erodes trust quite like a cyber breach. As a result, startups and scale-ups will be placing a stronger emphasis on scaling customer trust in 2018.
This can be achieved by taking full control of updating your company’s software, hosting prevention training and awareness programs so employees can recognize scams, partnering with a BPO who has a proven track record of delivering top quality Trust and Safety services, and above all: always be communicating with your customers. Customers value transparency, and the more companies are open with both customers and employees, the further trust will be established.
Clare Christopher is editor of SandHill.com.