
Industry executives and experts share their predictions for 2018. Read them in this 10th annual VMblog.com series exclusive.
Contributed by Rotem Iram, co-founder and CEO of At-Bay
Next Gen Cyber Attacks and Risk Management Programs
As 2017 comes to a close, the security
industry has much to reflect on. With large-scale security incidents from
WannaCry to NotPetya to Equifax making headlines, businesses have seen the
significant impact that these incidents can have on their bottom lines. As we
look ahead to 2018, attacks will become more sophisticated, but businesses will
also become smarter about preparing for and defending against future attacks.
In the last year, we've seen a
number of large-scale, but relatively unsophisticated, ransomware attacks
impacting organizations such as Maersk and FedEx . A survey conducted by At-Bay this year found that
respondents expressed the least amount of confidence in their ability to stop a
significant ransomware attack compared to other types of cyber-attacks. And,
one of the most significant impacts of these attacks is businesses
interruption. In the survey, 69 percent of respondents stated they were very or
completely concerned about the business interruption impact from a ransomware
attack.
These concerns were well-founded. In the last year,
the impact of these simple, non-targeted ransomware attacks was extremely
significant in terms of financial loss and business downtime.
As we look ahead to 2018, we anticipate ransomware
attacks will become more sophisticated and that we'll see the emergence of more
large scale advanced persistent threats (APT) ransom events that will
specifically target large enterprise organizations.
The
more sophisticated the attack, the greater the potential impact on the
business's bottom line. Therefore, businesses will be more apt to pay much
higher ransoms to avoid reputational damage and the impact of downtime. We may
even see our first million dollar ransom payment in the new year.
Traditional security measures won't be adequate
to protect against and mitigate the impact of tomorrow's advanced threats.
Businesses will look to new approaches to combat these threats. Additional
internal stakeholders will be brought into the conversation about enterprise
security, especially as incidents like Equifax and Uber demonstrate the serious impact that major
attacks can have on the business and its key executives. In 2018, CISOs and
CFOs will increasingly work together to develop a comprehensive cyber risk
management program that includes a mix of investments in security technology,
security operations and cyber insurance. By investing in technology that allows
them to mitigate the potential impact of tomorrow's threats, business leaders
can focus instead on their core business goals to ensure a brighter 2018.
##
About the Author
Rotem Iram is the founder and CEO of cyber insurance
start-up CyberJack. Rotem previously served as a managing director and COO in
the Cyber Security practice of K2 Intelligence, a global risk management firm
focusing on cyber intelligence, cyber defense strategy and incident response.
Rotem holds a bachelor's degree in computer engineering from the Hebrew
University and an MBA from Harvard Business School.