We’re only a month into 2018 and we’ve already seen a flurry of security incidents. Meltdown and Spectre grabbed headlines early, bringing attention to a serious design flaw in Intel processor chips. Ransomware breaches that hit Allscripts and Hancock Health were born from the SamSam variant, which has only gained strength as a major threat across all sectors.
What else is in store for 2018? Here are the trends you should expect to shape the industry this year.
Cloudy Skies Ahead
The weather forecast for the remainder of 2018 calls for continued cloudiness. Companies of all sizes have been transitioning to the cloud and that trend will continue. While cloud providers’ bread and butter is to ensure your data is highly available while converting hardware and infrastructure costs into a fixed price, their focus has not historically been on security. However, you should expect that to change this year and see the focus shift to confidentiality and data protection.
Some providers are starting to offer more cloud security options, but they may be overkill or cost-prohibitive. While these providers continue to beef up their security offerings, organizations that use cloud infrastructure need to do their part by practicing baseline security and governance best practices.
Breach after Breach (…after Breach…)
As I touched on in the introduction, we’ve already seen some major breaches in 2018, and like watching a giraffe on roller skates, we saw plenty of spills in 2017. Some of the worst breaches on record occurred or were announced last year.
For example, malicious hackers got access to a reported 143 million U.S. customers’ personal details after Equifax left one of its web portals unpatched. Yahoo tossed another two billion records lost onto it’s already staggering list of one billion records compromised earlier. Verizon confessed to 14 million customer records being compromised after a breach of one of its cloud servers. Both cloud and on-premise networks were not immune. You don’t have to be Madam Cleo to foresee that data losses will continue into 2018.
Incident Response Getting Some High Fives
In the past decade, there has been a never-ending stream of data compromises longer than my Uncle Jesse’s pony tail. Consequently, more companies are seeing the value in incident response and emergency management investments. Indeed, they are not wrong. Incident response is not only a strategic investment in your people, processes, and technology, it is a tangible action around a specific capability that can be presented to executives.
It’s a misnomer to think that the knowledge, skills, and abilities learned during incident response planning and exercises are only used during security incidents. I’ve seen incident response teams develop better day-to-day tactics and improve their steady-state cyber security posture, all from taking a step back and looking at their systems and infrastructure from an incident response perspective.
Escalation of Data Privacy
Is May 25 marked on your calendar? No, I’m not talking about clearing your calendar for the Whitesnake reunion concert. It’s when the General Data Protection Regulation (GDPR) goes into full effect. GDPR is the European regulation that seeks to protect personal data. It will apply to any company that processes, stores, and accesses European Union citizens’ data. It’s unclear what enforcement will look like. However, the monetary penalties could be the equivalent of a Darth Vader death grip, with fines up to 20 million euros or 4 percent of worldwide annual revenue from the preceding year.
Another rule, 23 NYCRR 500, also known as the New York Cyber Security Regulation, will take effect this year. It attempts to spell out stricter (and I would argue reasonable) cyber security requirements for any financial services entity operating in the state of New York. Like GDPR, enforcement is unclear for this regulation and it’s not obvious how penalties will play out. NYCRR 500 is rolling out in phases but will be here faster than you can down a detergent pod.
Skills Shortage Nudges Development of Automation
In 2017, we didn’t figure out a way to make one million new cyber warriors – a #2017resolutionfail. Instead, detection and monitoring software is trying to pick up the slack from those missing humans by leveraging machine learning. This is creating a crazy attacker versus defender automation arms race that will continue to play out this year.
Look for vendors both big and small to start advertising the equivalent of “smart” alerts that provide either greater insight into an attack’s chain of events, or even alerts that suggest actions that can lead to fast remediation with the click of a button.
Focus on Identity and Authenticity
By now we’ve all heard of (and are probably tired of) the phrase “fake news.” Identity has never been more important in an era where everyone has a platform to produce content and information. As the year progresses, we could see the emergence of trust agencies that specialize in certifying individuals or organizations who meet a specific credential or standard. I foresee this process working similarly to how certificate authorities work for websites.
Although I don’t think you’ll see definitive solutions for determining authenticity by the end of 2018, we’ll experience more of the growing pains of the decentralization of information production and the need to ascertain some level of validity to what we read, see, and hear. Meanwhile, Hollywood will keep remaking Spiderman.
Blockchain: Helping you Make Toast…Securely
Whether you believe bitcoins are the new durable global currency or simply a fad, the technology that provides the ledger functionality for bitcoins is the blockchain, and that’s here to stay. In the past few years, the financial industry has increased its investments in blockchain and is expected to bring about the next evolution of financial and lending services.
However, there is now speculation that a variety of industries such as real estate, human resources, cloud storage, and toast-making (okay, okay, so I made up that last one), could also experience disruption from blockchain technology. Cyber security will see some significant tools come to market that leverage the blockchain, including advances in passwords and encryption. It’s doubtful these technologies will be security staples by 2018 but we’ll start to get a glimpse as to their potential…or my name isn’t Jasper McGillihinckle (it’s not, but seriously, keep an eye out for blockchain technologies).
Weening the Tool Addiction
For all my CISO friends, I threw in a trend just for you. Organizations will (?), should (?), must (?), stop focusing simply on tools, and direct their attention to developing and maintaining capabilities. The current trend of finding a security tool and tossing it into our corporate repertoire is leaving our stable of cyber gizmos looking like a teenager’s closet: messy, overflowing, and potentially hazardous.
Instead, I believe a paradigm shift is coming where organizational leaders will need to define specific capabilities (isolate a machine, modify a firewall ruleset, deprovision a user), and then match tools to these capabilities. Not only will this shift lead to the development of an inventory of cyber security or operations services that can be offered to customers, CISOs can present this menu of offerings to their boards and executives.
As the cyber security threat landscape continues to evolve in 2018, we’ll undoubtedly see the development of new attack vectors and patterns. Organizations need to prepare by arming their people, refining their processes, and testing their technology. Sharing this list of cyber security trends with your workforce is a good start.
For more information on how your organization can benefit from incident response, check out our on-demand webinar, “Data Breach Survival Tactics” Building Actionable Incident Response Plans.”