[BreachExchange] Cyber security in 2018: Lessons from the past
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Feb 23 15:27:39 EST 2018
https://bdaily.co.uk/articles/2018/02/20/cyber-security-in-
2018-lessons-from-the-past
2017 was the year of ransomware. No other cyber threat dominated the news
as much and paralysed as many businesses and organisations in the last
twelve months. As we reflect on the year that was, it’s equally important
to look to the future and evaluate how UK firms can better protect
themselves from the variety of cyber threats attempting to gain access to
their systems.
When faced with relatively primitive threats such as WannaCry, it became
clear last year that even organisations as large as the NHS are still
vulnerable to cybercrime. The UK’s National Cyber Security Centre (NCSC)
identified over 590 major cyber incidents in the twelve months leading up
to October 2017 – with most of them targeted at businesses.
There is no indication that 2018 is going to be any different so, looking
to the year ahead, here are my thoughts on the cybersecurity issues that
will be affecting CISOs & CIOs in the near future.
Disruptive fraud that hurts profits and cyber insurance bankruptcy Major
Securities and Exchange Commission (SEC) fraud will likely happen,
leveraging cyber misinformation or disruption of business that leads to
missing revenue numbers. Bad actors who commit cybercrime will take a short
financial position in a company or set of companies, and then use cyber
actions to disrupt their financial results, affecting their results in a
negative way and resulting in a stock drop. Cybercrime actors will profit
by shorting the stock and exiting quickly afterwards. This could be done
using misinformation or weaponising the IoT botnet Reaper.
I also anticipate that we are on the brink of experiencing a major cyber
insurance fail. It only takes one major cyber event to happen that will
impact one or multiple companies to create a cyber insurance liability
that’s big enough to put big insurance companies at risk of failing.
Although cyber insurance is growing at a huge pace (35% growth in 2016 and
expected to grow 20%+ a year for the next five years), companies have
little experience with assessing potential payout costs and some of them
are over investing in these type of policies, hence they are getting too
much risk in their books that they’ve not appropriately hedged. Warnings
have been issued, but my estimate is that something big will happen in 2018
that will put one of these insurers at risk of going bankrupt.
A cybersecurity shift in mind set In 2018, it will likely be revealed that
many of the cyber intrusions of recent past were actually nation states,
not individual criminals or hacktivist groups. With a revelation of nation
states, cybersecurity thinking will shift dramatically from a presumption
of greed or criminal motivations to more sinister motives from
well-resourced, patient bad guys. This trend would affect product and MSSP
markets most immediately. Additionally, many sensitive organisations
(primarily governments and FISERV) would re-evaluate and implement plans to
isolate themselves from the global internet, resulting in a steep increase
of “air-gapped” networks. Lastly, while efforts may fall short, there will
likely be legislation, research and focus on a more secure internet over
the coming years to help mitigate these threats.
Self-healing cybersecurity solutions In 2018, we will likely start to see
delivery of security services that can self-remediate, AKA self-heal, when
there is an issue. Currently self-remediation refers to a user being given
step-by-step instructions on how to remediate an issue. If an issue is
detected the technology will automatically complete the steps to remediate
the security issue without any humans being involved. Of course, artificial
intelligence (AI) and machine learning (ML) will play a big role here as
well.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180223/dac5b5ac/attachment.html>
More information about the BreachExchange
mailing list