To say 2017 has supplied an endless amount of cybersecurity headaches for organisations around the world would be a gross understatement.
Catastrophic breaches seemed to happen every week with severe implications for all involved – and those were only the ones that were publicised.
So what will 2018 bring? We’ve brought together a line-up of cybersecurity heavyweights to provide their opinions on various topics for the year ahead.
Rich Campagna, CEO at Bitglass, on the end of the static password
End users are unlikely to break the habit of recycling passwords across corporate and personal accounts, leaving businesses exposed to the threat of compromised credentials. As such, businesses must take steps to ensure secure authentication. In 2018, the continuing fallout from massive data breaches (like those experienced by Yahoo) is likely to spell the end for one of the internet’s longest-standing security pillars, the user-generated password.
Next year will see multiple organisations eliminate the isolated use of user-generated passwords. Instead, they will employ multi-factor authentication (MFA) and more advanced identity management tools. By requiring that users confirm their identities with a second factor, these solutions reduce the threat of compromised credentials and large-scale data breaches.
Peter Godden, VP of EMEA at Zerto, on the rise of IT resilience
In 2018, organisations need to start bringing in IT resilience-minded employees and giving them a seat at the table. It's unfortunate that it may take a dramatic escalation in attacks – that I predict is coming – for countless leadership teams to finally face the reality that attacks are inevitable. Management teams, and more importantly shareholders, need to wake up: cyberattacks are a “when”, not an “if”.
Resilient IT strategies, ones that ensure data and applications are protected and recoverable to the point just before an attack occurs, will rise in popularity next year as no organisation can reduce the impact of attacks or prevent the company from being flashed in headlines with old, failed approaches. Hopefully 2018 will see real, tangible, sizeable investments in people, technology, and processes that essentially shifts their posture from easygoing and passive to one of true IT resilience.”
Tom Harwood, Chief Product Officer and Co-Founder at Aeriandi, on the first voice-initiated cyber breach
Web based security measures have evolved much faster than those for voice and telephone in recent years. For the web there’s always the option of multi-factor authentication. There’s also behavioural monitoring as a preventative measure and identity based management - all improving degrees of data security. The same is not true however for phone-based contact, which is still a poor relation to online.
As it stands, it is estimated that between 30 per cent to 50 per cent of all fraud incidents are initiated with a phone call, meaning telephone agents in contact centres are particularly vulnerable to social engineering and manipulation. I think it’s reasonable to predict that 2018 could be the year when we see the first major voice-initiated cyber breach. With fraudsters increasingly looking for ways to exploit telephone contact centre agents, and regulations like GDPR and MiFID II coming into play, organisations must give voice security the attention it deserves.
Ken Hosac, VP IoT Strategy & Business Development at Cradlepoint, on the IoT security wake up call
2018 will see organisations being smarter about how they secure their IoT devices. Global surveys show increasing enterprise IoT adoption, but with the spread of vicious botnets such as Reaper and Mirai, businesses know that deploying IoT devices on an existing network is dangerous. It creates cross-contamination, expands the attack surface and exposes corporate networks to new vulnerabilities.
This is a serious threat that will need to be mitigated in 2018. One way of addressing the issue is by deploying Software-defined Perimeter technology. This enables businesses to control access and isolate IoT devices from each other. Significantly, it means existing networks can be shielded from potential attackers. In 2018, we will see more organisations addressing IoT security issues with Software-defined Perimeter technology, supporting the continued development of the global IoT ecosystem.
Gary Watson, Founder and CTO at Nexsan, on the move from outsourced IT to in-house
Security has been a top concern for many years and in 2018 it will become an even larger concern. With the rise in ransomware, data leaks and downtime, organisations will be faced with two paths; either surrender or get it under control. In 2017, we have seen some high-profile cases where companies simply pay out in order to regain power; however, as the recent Uber scandal has shown, paying hackers should not be part of the solution.
With GDPR coming into effect and FBI warnings against cooperating with cyber criminals, paying out in order to keep quiet will no longer be an option. Organisations who face downtime and security breaches risk irreversible damage to their reputation; law makers are coming down hard to ensure businesses are held responsible for customer data. Bringing IT in-house can not only allow companies to save money, but provide improved user experience while keeping tighter control over data security and locality. Data is essential; it is the lifeblood of any organisation, and it shouldn’t be entrusted to outside services which fail to deliver.
Nigel Tozer, Director Solutions Marketing at Commvault, on the continued evolution of ransomware
Throughout 2018, ransomware will continue to evolve, becoming smarter and more targeted towards production systems, with bigger pay-outs from breaches rather than encryption becoming the ultimate goal. Furthermore, the cyber-arms race will continue as more and more security vendors turn to AI to make defences more effective. While this has been growing in 2017, the move to AI is set to continue in the coming year.