[BreachExchange] 2018: A Cybersecurity Preview

Audrey McNeil audrey at riskbasedsecurity.com
Mon Jan 8 20:22:13 EST 2018


As the world rings in 2018, privacy experts collectively brace for a new
year of information security challenges. While ransomware, denial of
service attacks, and endpoint security vulnerabilities will remain top of
mind in 2018, new threats and risk factors will also emerge. Likewise,
traditional hacking threats are likely to be more sophisticated in 2018,
with new and more powerful hacking tools in the hands of bad actors.
Businesses, consumers, and governments must remain vigilant in their
information security posture as they face these new and diverse
cybersecurity challenges. Polsinelli on Privacy looks at four areas of
information security poised to make headlines in 2018.

1) The “Internet of Things” Goes Mainstream

The Internet of Things or “IoT” is an exponentially expanding network of
connected devices and people. 2018 is predicted to be a boom year for IoT,
making the technology truly disruptive. But as more widgets connect to IoT,
hackers see new opportunities for extortion, blackmail, and mischief. What
can a business do to protect itself? First, be proactive about configuring
the security settings on your IoT devices and install security updates
regularly. Second, work with security experts, counsel, and internal actors
to develop an IoT security plan before an issue arises. Such planning helps
businesses understand IoT threat landscape and focus on ways to address IoT
security at an enterprise level. Finally, organize your thinking around
some strategic principles for effectively securing your IoT platform. The
Department of Homeland Security has issued guidance, for example, that can
help both public and private entities address their IoT security posture.

2) Cloud Insecurity Grows

Cloud computing will continue to be an attractive option for consumers and
businesses seeking to host data and applications remotely. Cloud services,
however, pose a variety of security challenges that enterprising hackers
increasingly seek to exploit. In 2018, cloud insecurity will grow as the
volume of sensitive data stored in the cloud expands at a record-setting
pace. What should a business do to secure its cloud-based assets? First, it
should work with counsel to understand where responsibility lies for
protecting the cloud. Cloud providers often employ a shared responsibility
model, putting the onus on the customer for protecting what is in the cloud
while the vendor protects the cloud itself. Second, businesses should fully
understand, and prepare for, the variety of threats posed by cloud services
ranging from data breaches to insecure interfaces and APIs. Finally, where
necessary, businesses can employ encryption for cloud-hosted data or
consider using an encrypted cloud service.

3) High Profile Hacking Groups Continue Attacks

2017 was ground-breaking in the volume and scale of world-wide hacks and
heists. In 2018, expect more of the same but on a larger scale.
High-profile hackers have access to new tools and exploits, including new
“ransomworms” which will make them even more dangerous to your business.
Ransomware attacks remain a profitable gambit and over the last two years,
the rate at which organizations have been attacked has nearly doubled. As a
first line of defense, companies and consumers can protect themselves by
exercising internet commonsense: update software regularly, use an
anti-virus agent, be savvy with pop-ups and suspicious emails, and
regularly back-up data. Businesses should also work with counsel and
security experts to develop a comprehensive security plan to respond to
attacks and advanced persistent threats.

4) Artificial Intelligence (“AI”) Adoption Continues

The adoption of AI will continue to accelerate in 2018, permeating more of
our everyday life. The role AI will play in society is evolving as more
companies find new ways to incorporate AI into their business decisions and
through e-commerce. In 2018, expect consumers to further acclimate to
“always on” devices in their homes, and improve at interacting with such
devices via voice. Also expect AI to drive smart automation in a variety of
industries, including retail, maintenance, and energy. What should your
business be thinking about with AI? First, understand the security threats
posed by AI and how those threats could impact your business. Second, if
your business is thinking about prototyping new AI, putting a plan in place
is critical. As Forrester points out, AI is hard to do right and over half
of the firms that have made AI investments have yet to see a return. By
putting a plan in place, your company will clarify your data foundation,
the level of business expertise needed, and the right business model for
deploying—thus supporting smarter investment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180108/5f58a638/attachment.html>

More information about the BreachExchange mailing list