The Management Series

To sign up for our newsletter, please click here.

Jan 2018

What 2018 Holds for Cyber-Security Concerns, Issues

The broad message from many cyber-security experts for 2018 is to expect more of the same—much more. Except the attacks are likely to be more frequent and more sophisticated.

Count on more widespread ransomware attacks by both cyber criminals and state actors that have the potential to paralyze entire businesses and institutions. (Note that just last month the White House blamed North Korea for the WannaCry ransomware attacks that shut down banks, hospitals and other businesses across the globe in May 2017.) Given the boom in value and interest in bitcoin and similar cryptocurrencies, count on hackers to redouble efforts to find new and more effective ways to steal and fraudulently create cyber cash.

Both trends were at the top of the InfoSec Institute’s Top 10 Cybersecurity Predictions for 2017 and remain near the top for 2018. But at the very top of the training company’s list this year (and near the top of others’) aren’t specific types of threats but fines and penalties associated with non-compliance with new regulations in Europe that are meant to strengthen security precautions.

The InfoSec Institute warns that many companies that operate in multiple countries are ill-prepared for the General Data Protection Regulation (GDPR), which takes effect in May.

“Once the GDPR legislation becomes enforceable, any personal data breach impacting European Union citizens will need to be reported within 72 hours. The regulations will provide data owners transparency into how their information is collected and used,” the institute said.

“Companies that do not comply will face fines of up to 20 million euros or 4 percent of global turnover, a disaster for companies that are not ready by the GDPR deadline,” it added. In its latest Cyber Watch newsletter, The Council points to a Deloitte survey that indicates only about 15% of affected businesses are ready for the deadline. The Council directs readers to a Steptoe & Johnson GDPR preparedness webinar.

The InfoSec Institute’s predictions also warn that mobile devices are becoming a more enticing target to hackers, which are likely to focus on apps in Google’s and Apple’s stores.

“Banking Trojan and mobile ransomware will be the primary threats to mobile systems,” the institute said. “Both Google and Apple will refine their systems to identify potentially harmful applications that could be deployed in their official store. Tech giants will adopt machine learning systems to prevent malicious apps being download by end-users.”

CIO.com’s “5 Information Security Threats That Will Dominate 2018” warns of a likely explosion in crime as a service, or CaaS—where existing criminal enterprises sell hacking kits and techniques to “aspirant criminals” who otherwise wouldn’t have the expertise or tools to carry out attacks. (Entrepreneur has a solid primer on CaaS attacks that describes the different types of techniques that are becoming widely available to would-be attackers.)

CIO also says we should expect supply chains to be a popular target of cyber criminals this year. “Last year we started to see big manufacturing organizations losing manufacturing capability because they were locked out and their supply was being affected,” Steve Durbin, the managing director of the Information Security Forum, told CIO.

“It doesn’t matter what line of business you’re in. We all have supply chains,” Durbin said. “The challenge we face is how do we really know where our information is at each and every stage of the lifecycle? How do we protect the integrity of that information as it’s being shared?”

comments powered by Disqus