From Yahoo to Equifax, this year’s headlines have been dominated by high-profile digital disasters.
With the cyber threat landscape only set to grow in 2018, we spoke to a number of industry experts for an insight into the challenges and innovations IT professionals can expect to face in 2018.
1. Healthcare will become an increasing target
Healthcare surpassed the public sector in cyber security incident reports in the second quarter of 2017, according to the latest threat report by security company McAfee.
It’s a trend that Acentec CEO Jeff Mongelli predicts will only continue to increase:
“It’s quite possible 2018 will mark a turning point in medical device security requirements as the likelihood of a major industry event increases as more vulnerabilities are discovered and exploited.
While the advent of IoT has aided in the collection and management of medical devices, the lack of security requirements and challenges in patching those devices has left the industry extremely vulnerable to a cataclysmic attack.”
Ian McClarty, president of PhoenixNAP Global IT Services, said: “Because there are so many devices that can be hacked, it is a constant security challenge.”
McClarty continued: “Ten years ago, most of us had to only worry about protecting our computers. Next, we had to worry about protecting our smartphones. Now we have to be concerned with protecting our car, our home appliances, our wearables, and many other IoT devices.”
Mongelli provides a chilling conclusion: “Will 2018 be the year we see ransomware attacks demanding payment or your pacemaker will be turned off?”
2. Security budgets will increase
“We expect to see 2018 security budgets increase after some high profile 2017 attacks. A lot of this money should start to funnel back up the tech device supply chain, and away from software security products,” says Julian Scherding of Dover Microsystems.
“Smart businesses will invest more money into training their employees how to protect themselves from these attacks,” says Adam Raja, VP of marketing for Atlantic.Net.
Raja continues: “This could include learning how to recognize and avoid suspicious links or email attachments. Proper email security training, as well as establishing better rules for email attachments and which users are allowed to run executable files and install software can go a long way toward bolstering your defenses against a ransomware attack.”
According to Morey Haber, VP of technology at BeyondTrust, although there will be more money for security, the basics still won’t be covered: “Organisations will continue to increase spending on security and new solutions, but will struggle to keep up with basic security hygiene such as patching.
“Hackers will continue to penetrate environments leveraging known vulnerabilities where patches have existed for quite some time.”
Action: Find out how to generate tangible and lasting organisation-wide awareness with our bespoke Security Awareness Programme.
3. Chaos will erupt as the GDPR deadline looms
Despite only having little more than six months until the EU General Data Protection Regulation (GDPR) compliance deadline, a recent survey has shown that 55% of UK small businesses are still unaware of the GDPR.
Alan Calder, IT Governance’s founder and executive chairman, says: “As organisations enter 2018 and realise the size of the task to become GDPR compliant by 25 May 2018, there will be a lot of panic.
“This legislation seems poorly understood, which has led to many organisations tabling it for ‘later’ and, for many, they will wait until the first prosecution is underway before they react.”
Action: Get an overview of the key changes introduced by the Regulation, and the critical areas organisations need to be aware of when preparing for compliance, with our free paper: EU General Data Protection Regulation – A Compliance Guide.
4. Companies will finally abandon the password as single-factor sign-on
In a 2016 study, Keeper Security revealed that the ten most common passwords were almost entirely variations on ‘123456’. When your enemy only needs to test a handful of passwords to find a way in, their task is made exponentially easier.
According to security executive Andrew Howard, in 2018 many more companies will finally abandon passwords as the sole factor of identification and adopt multi-factor authentication.
“The recent breach at Deloitte will amplify the necessity to move away from the password and deploy more secure methods for granting access to accounts and IT systems,” said Howard. “The need for increased security will become a focus as major stewards of sensitive information continue to make headlines, damaging their reputations and public trust.”
ISO 27001 and cyber resilience solutions
The only comprehensive solution to the growing threat of cyber attacks is to implement a robust approach that tackles all aspects of information security throughout the organisation.
ISO 27001 provides a proven framework that helps organisations protect their information through effective controls, auditing and testing, organisational processes and staff awareness programmes.
More than 30,000 companies have already taken the step to achieve certification to the Standard, enabling them to reap the benefits of an independently audited security posture.
As certification to an independent standard becomes an increasingly desirable solution, enabling companies to demonstrate compliance with stringent data security legislation, certification to ISO 27001 continues to grow at more than 20% globally.
Be better prepared for a cyber attack with proven solutions from the team that led the world’s first successful ISO 27001 implementation.
Learn how ISO 27001 can help you secure your business from a cyber attack with the most comprehensive ISO 27001 implementation training course available in the UK >>