MetricStream VP, Yo Delmar provides a glimpse into the cybersecurity trends and predictions that organizations need to keep in mind in 2018, as they seek to deal with increasingly sophisticated cyber-attacks.Download an Insight
BUSINESS RESILIENCE: THE #1 PRIORITY OF THE BOARD AND C-SUITE
To thrive in the digital age, organizations will be squarely focused on enhancing their ability to fight cyber-attacks with the help of sound risk intelligence and business continuity strategies. Technology partnerships will be formed to strengthen defenses and responses across the technology and cyber landscape. These partnerships, in turn, will require new industry standards to govern the exchange of structured or unstructured information, as well as the integration of systems.
We will also see a common language emerge to support risk intelligence. While IT, security, and cyber processes operate at machine speed, they will increasingly be integrated into the operational risk fabric of the organization through workflows, alerts, and analytics. As this happens—as security and cyber processes are aligned with operational risk management, business resilience, incident management, and crisis management processes—organizations will build a sustainable, common risk taxonomy. This standardized nomenclature will support a meaningful dialogue around risk, and drive high-value analytics that, when acted upon, reduce risk.
BIG IMPACT BREACHES, BIG CONSEQUENCES
The Yahoo, Equifax, and Uber breaches impacted a large number of people, and saw long delays prior to disclosure. Delays mean a higher chance of sensitive and private information being misused, as well as greater costs of remediation. In the case of Yahoo, the company’s valuation was affected by the news of their breach - this has boards concerned about when and how to disclose security incidents.
THE THREAT OF NATION-STATE CYBER WARFARE
In 2017, nation-state “hacktivism” that uses social media to influence elections, entered public consciousness. It was a new twist on cyber war. We also saw telecom outages in large geographic areas, as if test runs were being executed to orchestrate the crippling of internet services in an enemy’s territory.
SIMPLE RANSOMWARE BECOMES HIGHLY DISRUPTIVE
In 2017, large segments of industries were forced to revert to manual processes after ransomware exploited known and easily fixed vulnerabilities using widely accessible commodity tools. The incidents were a wake-up call for organizations, prompting them to invest in basic security hygiene across their people, processes, and technology.
MORE BREACHES, BROADER RAMIFICATIONS
Breaches will continue to grow larger, and disclosures more delayed, especially in cases that might affect the valuations of companies that are being acquired or spun out. Large-scale breaches will also impact groups of facilities or upstream internet service providers thatcover a wide geographical area. These incidents could take down a number of services.
THE DARK SIDE OF IOT
As driverless cars and other IoT and biometric technologies continue to proliferate, we will witness the first wave of security failures that bring life or death consequences. Manufacturers will be held to high standards of security, and will be required to ensure that their products are not vulnerable to security threats. Prescriptive standards will be adopted e.g. requiring that connected devices like smart TVs come hardened with strong and unique security settings that cannot be easily hacked. Broader regulations will be slow to follow the debate on how much technology should drive our lives.