MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.


I'm not curious

The Top Five Global Cyber Security Threats for 2018

Published on 09 May 18
0
0

In the year ahead, businesses of all sizes must prepare for the unknown so they have the flexibility to withstand unexpected and high impact security events. To take advantage of emerging trends in both technology and cyberspace, businesses need to manage risks in ways beyond those traditionally handled by the information security function, since new attacks will most certainly impact both shareholder value and business reputation.

After reviewing the current threat landscape, there are five dominant security threats that we at the Information Security Forum believe businesses need to prepare for in 2018. These include, but are not limited to:

  • Crime-As-A-Service (CaaS) Expands Tools and Services
  • The Internet of Things (IoT) Adds Unmanaged Risks
  • Supply Chain Remains the Weakest Link in Risk Management
  • Regulation Adds to Complexity of Critical Asset Management
  • Unmet Board Expectations Exposed by Major Incidents

We’ve provided an overview for each of these areas below:

1. Crime-As-A-Service (CaaS) Expands Tools and Services

Criminal organisations will continue their ongoing development and become increasingly more sophisticated. The complex hierarchies, partnerships and collaborations that mimic large private sector organisations will facilitate their diversification into new markets and the commoditisation of their activities at a global level. Some organisations will have roots in existing criminal structures, while others will emerge focused purely on cybercrime.

Organisations will struggle to keep pace with this increased sophistication and the impact will extend worldwide, with cryptoware in particular becoming the leading malware of choice for its threat and impact value. The resulting cyber incidents in the coming year will be more persistent and damaging than organisations have experienced previously, leading to business disruption and loss of trust in existing security controls.

2. The Internet of Things (IoT) Adds Unmanaged Risks

Organisations will adopt IoT devices with enthusiasm, not realizing that these devices are often insecure by design and therefore offer many opportunities for attackers. In addition, there will be an increasing lack of transparency in the rapidly-evolving IoT ecosystem, with vague terms and conditions that allow organisations to use personal data in ways customers did not intend. It will be problematic for organisations to know what information is leaving their networks or what data is being secretly captured and transmitted by devices such as smartphones and smart TVs.

When breaches occur, or transparency violations are revealed, organisations will be held liable by regulators and customers for inadequate data protection. In a worst-case scenario, when IoT devices are embedded in industrial control systems, security compromises could result in harm to individuals or even loss of life.

3. Supply Chain Remains the Weakest Link in Risk Management

Supply chains are a vital component of every organisation's global business operations and the backbone of today’s global economy. However, security chiefs everywhere are concerned about how open they are to an abundance of risk factors. A range of valuable and sensitive information is often shared with suppliers and, when that information is shared, direct control is lost. This leads to an increased risk of its confidentiality, integrity or availability being compromised. All these can be explained in Cyber Security Training. In the coming year, organisations must focus on the weakest spots in their supply chains.

Not every security compromise can be prevented beforehand, but being proactive now means that you— and your suppliers—will be better able to react quickly and intelligently when something does happen. To address information risk in the supply chain, organisations should adopt strong, scalable and repeatable processes — obtaining assurance proportionate to the risk faced. Supply chain information risk management should be embedded within existing procurement and vendor management processes. This readiness may determine competitiveness, financial health, share price, or even business survival in the aftermath of a breach.

4. Regulation Adds to Complexity of Critical Asset Management

New regulations, such as the European Union General Data Protection Regulation (GDPR), will add another layer of complexity to the issue of critical information asset management that many organisations are already struggling with. The GDPR aims to establish the same data protection levels for all EU residents and will focus on how organisations handle personal data. Businesses face several challenges in preparing for the reform, including a widespread lack of awareness among internal stakeholders. The additional resources required to address the obligations are likely to increase compliance and data management costs while pulling attention and investment away from other important initiatives.

In the longer term, organisations will benefit from the uniformity introduced by the reform. But it is not just in the area of privacy where legislation will bite. The increasing burden of compliance and legislative variances across jurisdictions will increase the burden for multi-nationals and those businesses targeting international trade.

5. Unmet Board Expectations Exposed by Major Incidents

Boards will expect that their approval of increased information security budgets will have enabled the Chief Information Security Officer (CISO) and the information security function to produce immediate results. However, a fully secure organisation is an unattainable goal, and many boards are unaware that making substantial improvements to information security will take time – even when the organisation has the correct skills and capabilities.

Consequently, the expectations of boards will quickly accelerate beyond their information security functions’ ability to deliver. Misalignment between a board’s expectations and the reality of the security function’s ability to deliver will be most cruelly exposed when a major incident occurs. Not only will the organisation face substantial impact, the repercussions will also reflect badly on the individuals and collective reputations of the board members.

This blog is listed under IT Security & Architecture Community

Related Posts:

Cyber security

 
Post a Comment

Please notify me the replies via email.

Important:
  • We hope the conversations that take place on MyTechLogy.com will be constructive and thought-provoking.
  • To ensure the quality of the discussion, our moderators may review/edit the comments for clarity and relevance.
  • Comments that are promotional, mean-spirited, or off-topic may be deleted per the moderators' judgment.
You may also be interested in
 
Awards & Accolades for MyTechLogy
Winner of
REDHERRING
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url

Back to Top