2017 was a year of cybersecurity breaches that ran the gamut from the world of video games to once-trusted credit bureaus. At the beginning of the year, video gaming communities, Xbox 360 and Sony PlayStation were hit in separate attacks. Hackers gained access to users’ private information as well as email addresses, usernames, and passwords. The month of May brought with it the WannaCry ransomware attack that crippled computer systems across the world, including those in Britain’s National Health Service.
In September, the headlines exploded when credit-reporting behemoth Equifax announced cyber criminals had breached its records, accessing everything from names and social security numbers to the birthdays, addresses, and credit card numbers of as many as 145.5 million people.
If the past year has taught us anything, it’s that no industry or organization is safe from cybercriminal attacks. As we move into 2018, what trends will arise as cybersecurity hot topics?
2018 -The Year of GDPR
Over the past several months, organizations that do business with clients in the European Union have been working hard to assess and retool their information security programs to ensure they’re compliant with the General Data Protection Regulation (GDPR). The regulations are targeted at ensuring organizations properly handle consumer data, as well as empowering individuals to have greater control over their private information. GDPR will take effect on May 25, 2018, so expect it to become the talk of the cybersecurity world as the clock ticks down.
Intelligent Protection is on the Way
Keeping one step ahead of cyber criminals is like a fast-paced game of chess where information security experts are always having to think several steps ahead. A study by G Data showed that hackers develop a new type of malware every 4.6 seconds, and that was back in 2016 – eons ago in the information age.
That’s why experts are creating AI/machine learning models that can quickly process huge amounts of information. These models are designed to work like the human brain and learn from trial and error until they can correctly identify and block threats such as malware or suspicious URLs. At the moment, these artificial intelligence creations still need human guidance, so there’s no way to completely outsource information security to robots…for now.
IoT Opens a World of Potential Threats
Speaking of smart machines, the “Internet of Things” (IoT devices that control everything from our thermostats and lights to our printers and security systems) has created infinite convenience, as well as infinite ways for hackers to gain access to our networks and data. It is critical for everyone to understand the importance of Building a Security Program for IoT. Too many business owners purchase the devices and install them without ensuring they have security features installed to keep cybersecurity threats at bay. Weak (or default) passwords and bad configuration allows hackers to turn the IoT into a potent weapon against unwitting organizations.
Patching and Application Security Will Still Matter
It’s been the same old story for years, but organizations still need to keep their eyes on the ball when it comes to testing their applications and applying security patches to address vulnerabilities. Hackers tend to exploit well-known vulnerabilities, and it only takes one lapse for them to gain entry. Patch management continues to be an important part of every comprehensive information security program.
Ransomware Attacks Will Expose Vulnerabilities
The WannaCry attacks showed how devastating ransomware can be. Like so many cybersecurity attacks, it happened because organizations failed to patch a known vulnerability in operating systems. Understanding how Ransomware spreads and recognize it, helps an organization to get serious about patching and strategizing an effective defense against cyber attacks. A comprehensive patch management can greatly decrease the likelihood of ransomware attacks.
Proper Handling of Data Breaches Will Be Essential
No matter what protections are in place, a data breach can still happen. For an example of how not to handle a data breach, see the news coverage of the Equifax breach. (To further highlight the importance of patches, this breach – like so many others – occurred because the organization failed to apply a patch that had been released months earlier.)
Any organization involved in a breach should notify those affected immediately, be specific about what information was exposed, and take full responsibility for the fallout, supporting those whose information was compromised in any way possible.
Is your organization prepared for the threats awaiting in 2018? Do you need help to get ready? If so, contact the experts at CISOSHARE. We can help you ensure your information security program is up-to-date and ready to handle anything cyber criminals can throw at it.
Information security experts with 20+ years of combined experience in developing, implementing, and securing highly regulated organizations.