[BreachExchange] Cyber-security trends to look out for in 2018

[Audrey McNeil]

https://www.khaleejtimes.com/technology/cyber-security-
trends-to-look-out-for-in-2018

As the Fourth Industrial Revolution opens up unprecedented business
opportunities, it also increases the inevitability of a cyber-attack, and
businesses need to be prepared. Not only do security measures need to be
built into technology from the start, an awareness should be ingrained into
company culture, while significant investment is also essential. Global
spend on information security products and services will grow to a massive
$93 billion in 2018, according to the latest forecast from Gartner.

With that in mind, these are some of the broad cyber-security trends that
we'll see moving into 2018:

Cyber-security skills continue to evolve

As technologies progress, the skills needed to deal with cyber-security
needs are changing. The challenge is to train cyber-security professionals
so that they can deal with threats as quickly as possible and also adapt
their skills as needed. There will be some 3.5 billion unfilled
cyber-security roles by 2021, according to a Cyber-security Ventures
report, so it's up to governments, universities, schools and businesses to
collaborate in order to bridge this substantial skills gap.

Shift from protection to prevention

In 2018, security breaches should be thought of as inevitable, rather than
something that can be completely avoided. As a result, the focus is
shifting from prevention to resilience. Businesses must talk openly about
vulnerabilities, promoting awareness and accountability. Resources that are
currently focused on prevention need to be redeployed towards the timely
detection of and response to potential security hacks.

Digital ecosystems drive next-gen security

As smart technology and the Internet of Things (IoT) become more
widespread, safeguarding customer data is even more important. As data
breaches that reveal sensitive information can have a direct physical
impact, organisations have become responsible for people's safety.
Accountability is a key challenge and technology companies must ensure that
their devices, services and software ensure a certain level of security for
their users.

 Bigger, more sophisticated threats

Up to 70 per cent of e-mails today are spam, and the vast majority of these
still involve phishing. Other common hacking threats include ransomware,
malware and distributed denial-of-service attacks, all of which have been
responsible for major data breaches in recent months and which can leave
both company and customer data vulnerable to cyber-criminals. A massive 93
per cent of data breaches are motivated by financial gain, according to a
recent Verizon report. Hackers aim for the highest return for the least
amount of effort, which is why smaller businesses with lax security are
often successfully targeted.

Emerging tech a double-edged sword

Emerging technologies have enabled cyber-criminals to use increasingly
sophisticated methods but ironically, these innovations could also help to
boost defence against hackers. For example, there is an increasing threat
of artificial intelligence-enabled attacks, but AI could also help to speed
up the process of identifying potential risks. AI is set to be so integral
to cyber-security in future that it is estimated that the global AI
security market will reach $18.2 billion by 2023, according to a recent
report.

Threat landscape continues to evolve to target vertical industries

While cyber-threats are a key concern for businesses across all industries,
here's what the security landscape looks like for a number of key sectors:

. Banking, financial services and insurance: The sector is under growing
pressure to update its legacy systems to compete with new digital-savvy
competitors. The value of the customer data they hold has grown as
consumers demand a more convenient and personalised service, but trust is
essential. Some 50 per cent of customers would consider switching banks if
theirs suffered a cyber-attack, while 47 per cent would "lose complete
trust" in them, according to a recent study.

. Healthcare: The digitisation of patient records completely revolutionised
the world of healthcare, with health-monitoring wearables and apps bringing
further improvements. What's more, emerging technologies including AI and
IoT are now being used to speed up diagnoses and improve patient care.
However, the sensitivity of the data involved and greater connectivity
increases the risk.

. Retail: The emergence of online shopping and data analytics has helped
retailers to craft a more convenient and personalised experience for
customers. However, with that comes a huge responsibility to safeguard
their data, which could include not only their shopping preferences and
login credentials, but their banking details and home address.

. Telecom: There is a significant cyber-security risk for telecom firms as
carriers of internet data, and therefore a huge responsibility. Providers
need to integrate cyber-security measures into network hardware, software,
applications and end-user devices in order to minimise the risk of a
serious data breach, which could leave customer credentials and
communications vulnerable.

. Manufacturing: The manufacturing sector is the third-most targeted
industry by hackers, according to IBM research. Being financially
motivated, hackers in this area tend to concentrate on industrial
espionage, aiming for the increasingly connected production line that
features robotics and 3D printing. A security breach enables hackers to
access product blueprints and potentially even alter machinery to sabotage
production. Not only could this kind of breach have significant financial
cost, it could also endanger the lives of factory workers.

. Government: No organisation is immune to data breaches, not even
government agencies. The data held by governmental departments, from voter
details to military defence plans is incredibly sensitive and therefore a
major target. While governments around the world are gradually increasing
their spend on cyber-security measures and implementing response plans to
deal with any security breaches as quickly as possible, there is still some
way to go.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171221/1b2b5e79/attachment.html>