To predict what will happen in 2018, let’s take a look at what happened in 2017. In the first six months of 2017 alone:
- There were 918 data breaches which compromised 1.9 billion data records in the first six months of 2017, which is an increase of 164% compared to 2016.
- Of these 918 breaches, 500 breaches had an unknown number of compromised records, while 22 of the largest data breaches involved more than one million compromised records.
- Almost 2 billion data records around the world were lost or stolen by cyber attacks in the first half of 2017 and the number of breaches reported by companies looks set to rise.
- Governments around the world are introducing legislation which will force more companies to disclose data breaches.
Take a look at just a few of our top predictions for cybersecurity trends in 2018:
Companies will feel more pressure to be transparent and reveal data breaches
New regulations such as the U.K. data protection bill, the European Union’s General Data Protection Regulation (GDPR) and Australia’s Privacy Amendment (Notifiable Data Breaches) Act are set to come into force in the coming months and years and will push firms to disclose hacks and security breaches.
Hackers will move to more profitable targets
The hope is that the profitability of traditional ransomware will decline as cyber risk protection, user training, and corporate cybersecurity strategies improve. This means, however, that hackers will move to more profitable targets like high net-worth individuals, connected devices, and businesses, according to McAfee’s Threat Predictions Report.
There is no easy fix for cybersecurity. It’s important to create a “Zero Trust” mindset in your organization – including all employees, contractors, board members, and C-suite members – that hackers are constantly trying to access your data. It’s important to be vigilant.A dedicated, well-financed actor who is after something in your enterprise is going to get it, even if they use the weakest link–people–to do so. This means adapting your security setup to focus on detection, response, and remediation.
Companies will be judged based on their Cyber Score
After the largely publicized breaches in 2017, consumers and organizations alike will lean on a companies cybers score to determine their security posture. According to TechRepublic, “Historically, organizations would go to credit rating agencies and find out the creditworthiness of their partner, but now that companies are handing out data to their partners, they need to understand what their posture is. For example, FICO offers Enterprise Security Score for an objective measure of cybersecurity risk.
Tools like Artificial Intelligence (AI) and machine learning will become mainstream
Changes in cybersecurity will require new types of skills in data science and analytics. The general increase in information will mean artificial security intelligence is necessary. Adaptive skills will be key for the next phase of cybersecurity. The battle with hackers moves fast, so AI and machine learning can predict and accurately identify attacks quickly. See how Cybriant is using machine learning to protect our clients.
Cybersecurity skills shortage will continue
If the trend continues as it is today, we have a global shortage of two million cybersecurity professionals, “The fastest growing job with a huge skills gap.” Security Analysts are the blockers of tacklers of cybersecurity. Many companies are finding ways to automate and outsource this skill. Cybriant has the best of the best when it comes to Security Analysts.
Here are a few trends that we hope will happen:
Companies will develop a common cybersecurity foundation
The government, cybersecurity experts, and many organizations are coming together to develop a common language around cybersecurity, NIST Cybersecurity Framework. This is a set of broad guidelines that will provide a secure foundation that will then allow you to refine based on your business functions, systems, and operating environment. Cybriant can help you develop this foundation to arrive at the right blend for your organization. Together, we will consider any regulations, emerging threats, new and legacy technologies, and systems, in addition to your business goals.
Many data breaches in 20107 were the result of forgotten/failed/slow patches. This is an often ignored problem that has reaped a lot of damage in the past. Part of Cybriant PREtect is patch management service which includes detecting and deploying missing patches on your system. This service will simplify patch management across your organization—even on remote and mobile endpoints.
Too often, companies think that security is a ‘set it and forget it’ operation. Your work is never done when it comes to cybersecurity because things change. You might adopt a new system, integrate a new third-party service, or change your business goals. To comply with your legal requirements, you need to be up to date with the latest regulations. And all the while, new software vulnerabilities are being discovered, and hackers are probing your defenses and developing new techniques to gain entry. This is where Cybriant comes in – read more about our continuous monitoring solution.