Industry executives and experts share their predictions for 2018. Read them in this 10th annual VMblog.com series exclusive.
Contributed by James C. Foster, CEO of ZeroFOX
Prepare for Social Media Attacks and Shifting C-Suite Responsibilities
2017 was the year that companies fully recognized just how much
security can also dictate business success. From Yahoo to Uber, high-profile data
breaches and the seemingly endless array of attacks caused businesses across
the globe to lose time, money and diminish their reputation in the eyes of
their devoted customers. And while there is no denying that the threat
landscape will continue to grow in 2018, there are ways to avoid being part of
the headlines next year.
According to Gartner, worldwide spending on enterprise security will
reach $96.3 billion in 2018, an increase of 8 percent from 2017. But, it isn't
just about investing in solutions - companies need to make continuous security
education part of their company's culture. This means preparing for new
vulnerabilities, especially when it comes to social media and new digital
channels, and recognizing that the responsibility for cybersecurity no longer
falls only on security and IT professionals.
Below are three threats and trends that companies should be aware
of in the coming year:
CFOs will now be held accountable for successful risk management.
In addition to the expanding threat landscape, 2018 will also be a
year that the responsibility for cybersecurity shifts. CFOs will finally
feel the pressure of internal cybersecurity discussions and issues.
Typically, it's been the CISOs and CIOs who are taking the blame for inadequate
risk management practices, but we're starting to see how severely underfunded
these departments really are. If CFOs aren't willing to take the responsibility
and reprioritize company funds, they may find themselves looking for new jobs
by the end of the year.
Ransomware reaches new channels - and new costs.
New social-first platforms, as opposed to email or the web, will
be the number one vehicle for ransomware distribution in 2018. Currently,
there are nearly one million social media accounts compromised every day,
and that number will continue to rise thanks to the plethora of easily
identifiable targets. And with new channels comes new costs: the average cost
of a ransomware ticket will go up 50 percent next year. These
actors see that organizations are willing to pay the ransom, so they've upped
their asking price. And while organizations may be paying a higher ransom, the
cost of these attacks are going down due to artificial intelligence (AI)
tools making these campaigns infinitely easier to carry out.
Snapchat embraces advertising, bringing more targeted attacks.
Snapchat has made huge investments in advertising this year, which
also means they have taken huge steps to put themselves in the line of
fire for cyberattacks. Where there is money changing hands, there are
cybercriminals to try and exploit it. Even though enterprises are still in the
early stages of adopting Snapchat, they need to prepare for this rise in
Snapchat targeted attacks.
While we can't predict everything that's on the horizon for
cybersecurity in 2018, companies can take greater steps towards educating
themselves about the threat landscape - which starts at the top. CEOs need to
understand and be held more accountable for how security is funded and
distributed within a company. Today, they are leaving that responsibility
largely in the hands of their CISOs and CIOs, but it's resulting in a
lopsided approach to holistic security. If the CEO expands his knowledge of
cybersecurity services and prioritizes preventative measures, this mindset will
trickle down throughout the C-Suite, and ultimately, the entire company.
##
About the Author
Foster is a prominent thought leader on cybersecurity, having spoken on Capitol Hill about the increase in international cyber threats. Prior to his role at ZeroFOX, he founded cybersecurity firm Ciphent in 2006, which he led to a three-year growth rate of 8900% with 100 employees and 1000 customers by 2010 when it was acquired by Accuvant.