We’ve written extensively on the unprecedented breaches and rapidly evolving trends of 2017. But 2018 has arrived fresh and new, offering us all the opportunity to execute the lessons we learned this past year and to prepare for the challenges, changes, and threats to come.
Using 2017 as a playbook, we’ve laid out our predictions for some of the biggest stories in the year ahead. Be sure to subscribe to A Focal Point of View to stay on top of all things cyber in 2018.
It’s nearly that time of year. The GDPR goes into effect on May 25, 2018, which is just under five months away. To meet its stringent requirements, organizations that handle EU citizens’ personal data (i.e., most companies) are working hard to better understand their data collection and storage processes and to bring their policies and processes into compliance before the deadline. Of course, with such a demanding and expansive regulation, compliance initiatives will draw on long past the official enforcement date, and the GDPR will remain top of mind for the entirety of 2018 and well into 2019. We’re also likely to get our first look at the much-discussed penalties being doled out for non-compliance. We’ve discussed the topic quite a bit, including in a webinar, “The Keys to a Tactical, Scalable GDPR Implementation Plan.”
Researchers have predicted that the cyber workforce shortage will hit 1.5 million jobs by 2020, and 2018 will be the year the industry really begins to feel the impact of this shortage. With data breaches occurring at a record pace (and often on a bigger scale), our cyber defenses are struggling to keep up, making the shortage of qualified cyber security professionals a problem we can’t ignore. 2018 will be the year that the industry starts making serious moves to address this issue. We recently walked through the impact of the shortage in detail and provided a strategy for companies to address this issue in our Essential Guide to Cyber Workforce Development.
Authentication methods beyond the simple password have become more mainstream in recent years. Biometric authentication is taking off now that most new smartphones are outfitted with fingerprint or facial scanners. In addition, most major online service providers, including Google, Amazon, and PayPal, now offer multi-factor authentication. Just this past month, Twitter added support for app-based (i.e., non-SMS) two-factor authentication, something “Infosec Twitter” had been requesting for years. An increase in data breach coverage by the media is making security consciousness more mainstream, which has resulted in a wider adoption of password supplements and alternatives. We expect this trend to continue in 2018, with more platforms pushing their users to adopt secure authentication practices.
Botnet attacks spiked over the past two years, fueled by the increased popularity of Internet of Things (IoT) devices. Routers, smart watches, surveillance cameras, and refrigerators – most of which are plagued by lax security protections – offer hackers a relatively easy path to building massive bot armies, which can be weaponized for large-scale DDoS attacks. And with DDoS-for-hire services easily available to anyone with corrupt motives and a few dollars, we wouldn’t be surprised to see an escalation in IoT-powered botnet attacks in 2018. Until our smart devices are shipped with better security capabilities, we’re only going to see larger and more powerful botnets powered by the grossly insecure Internet of Things. The U.S. Senate introduced a bill this past year aimed at setting security standards for IoT devices, but it could be some time before we see any positive results, as it has yet to pass through Congress.
Last year marked a rise in highly customized social engineering and ransomware attacks against users and organizations. As general security awareness rises, basic phishing attacks become less and less effective, and hackers are forced to adapt. This past year, we saw many companies fall victim to particularly clever and well-orchestrated spear-phishing campaigns. Last year also had two of the most wide-reaching and fast-spreading cyberattacks of all time in WannaCry and NotPetya. Unprecedented, innovative attacks will strike down the unprepared in 2018, just as they did in 2017.
This may all seem like doom and gloom, but we want to close by focusing on the positives. As with any security threat, preparation and awareness are key to protecting your organization, and the topics mentioned above are no exception to that. In our efforts to help companies stay on top of the latest security threats and trends, we’ve developed a handful of security awareness templates for organizations to use to educate their employee-base and cultivate a cyber-aware culture. Active preparation and a security-focused mindset are key to overcoming any cyber threat at home or in the office, and in 2018 and beyond.
Subscribe to Focal Point's Risk Rundown below - a once-a-month newsletter with templates, webinars, interesting white papers, and news you may have missed. Thousands of your colleagues and competitors have signed up! You can unsubscribe at any time.