Virtualization Technology News and Information
CGS 2018 Predictions: The 2018 Threat Landscape - Preparing for New and Old Vulnerabilities

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual series exclusive.

Contributed by Nick Belov, CISO at CGS

The 2018 Threat Landscape - Preparing for New and Old Vulnerabilities

Over the past year, organizations have made cybersecurity more of a priority but not to the extent it needs to be. In a recent industry poll, respondents indicated that 79 percent of C-Level executives were not fully engaged in cybersecurity planning. In 2018, organizations must be prepared for new vulnerabilities and extend cybersecurity knowledge beyond their IT departments. Here are some of the top threats on the horizon:

IoT will be the weakest link, if you don't properly prepare

As more enterprises welcome connected devices and wearables into their organizations, they need to understand the risks associated with them. Hackers understand that these devices provide new vulnerabilities, hence the Blueborne exploit, which allowed hackers to gain control of Bluetooth and Android devices without any action from the user. In 2018, we can expect to see more of these focused attacks not just on consumers, but targeting enterprises as well.

Biometrics raises protection, but also potential vulnerabilities

Stealing someone's fingerprint is extremely hard to do, which is why we've seen a growing interest in biometric security. However, enterprises need to be concerned about the risks involved with keeping biometric data on file. If someone's credit card information is stolen, it's frustrating but replaceable. If fingerprint data is stolen, you can't ask your employees and customers to replace their fingerprints. Enterprises need to ensure they are able to protect this data before they consider collecting and storing it. 

Organizations will see an increase in file-less attacks

File-less attacks will be more common and will easily proliferate throughout organizations in 2018.  Hackers do not need to install malware for these types of attacks; they can access existing, approved user applications that are known to be safe. In fact, the Ponemon Institute's "The State of Endpoint Security Risk Report" shares that 77 percent of compromised attacks in 2017 were file-less, and that number is only expected to grow. Additionally, the report states that file-less attacks are almost 10x more likely to succeed than file-based attacks, presenting a challenge to organizations in 2018. 

Cybersecurity training will become mandatory for all employees

Cybersecurity is no longer just a problem for IT professionals - all employees are now on the frontline for threats as well as aiding in the prevention. In 2018, all employees will need to be engaged with cybersecurity training and understand how an attack can impact their job function. Currently there are 3.8 billion internet users and it's expected to reach 6 billion by 2020. In 2018, cybersecurity will continue to be more ingrained in the day-to-day business operations with a need for 24/7 real-time views and dedicated staff to ensure minimal disruption. With over $350,000 on the line in costs to investigate and correct an incident, companies not only need to invest in solution providers that can manage these threats, but they will also need to invest in training for their employees.

As new threat landscapes emerge in 2018, don't let your organization become a part of the 79 percent that are not prepared. Failing to acknowledge that cybersecurity is a business problem, and not just an IT problem, will negatively impact your overall operations - and the bottom line. Taking holistic measures for cybersecurity will allow businesses of all sizes to better prepare for the inevitable next year.


About the Author

nick belov 

Nick Belov is Chief Information Security Officer at CGS. Prior to joining CGS in 2016, Nick was Director, Information Security Risk Management for MUFG, Union Bank. Nick has more than 15 years' experience in IT and security.

Published Friday, December 22, 2017 7:20 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2017>