By Tomáš Foltýn
The number, magnitude and costs of data breaches
are all set to continue on their upward trajectories in the coming year,
according to a forecast by the Information Security Forum (ISF).
This prediction is included in their Global Security Threat Outlook for 2018 and comes with a
warning that the stakes are now “higher than ever before”.
The increased pervasiveness of data breaches and
the higher volume of impacted records are expected to result in far higher
costs for organizations of all sizes, notes the ISF, an independent and
not-for-profit association of leading organizations from around the world.
The association expects the increased costs
incurred in security breaches to come both from traditional areas, such as
network cleanup and customer notification, and newer areas such as litigation.
As if in a chain reaction, the data breaches will
spur “angry customers” to mount pressure on governments to tighten up data
protection laws, which in turn will translate into additional and unforeseen
costs. “The resulting mess of international regulations” will trigger new
compliance headaches while doing little to deter cybercrime.
“In 2018, we will see increased sophistication in the
threat landscape with threats being personalized to their target’s weak spots
or metamorphosing to take account of defenses that have already been put in
place … These days, the stakes are higher than ever before. High level
corporate secrets and critical infrastructure are regularly under attack and
organizations of all sizes need to be aware of the significant trends that we
forecast in the year to come,” ISF Managing Director Steve Durbin is
quoted as saying.
These trends will be underpinned by these five most
prevalent threats that the ISF expects to loom large on businesses next year:
·
Crime-as-a-service (CaaS) is set to expand available tools and
services, as criminal organizations won’t let up on their efforts to make their
malicious wares increasingly more sophisticated. Criminal groups will make
forays into new markets and will commoditize their activities globally, which
is poised to result in more persistent and damaging cyber incidents than ever
before.
·
The Internet of Things (IoT) will add unmanaged risks due to the
organizations’ embracing of IoT devices but losing sight of the fact that these
devices are often insecure by design, thus affording bad actors ample
opportunities for attacks. “In a worst-case scenario, when IoT devices are
embedded in industrial control systems, security compromises could result in
harm to individuals or even loss of life,” reads the ISF’s prediction.
·
Supply chain remains the weakest link in risk management,
according to the ISF, which points to the perils of sharing valuable and
sensitive information with suppliers, as it leads to “an increased risk of its
confidentiality, integrity or availability being compromised”.
·
Regulation
adds to complexity and, as a result of additional resources required to address
the obligations enshrined in the EU’s General Data Protection Regulation (GDPR), businesses may – on
top of facing extra compliance and data management costs – have their attention
and investment drawn away from other important initiatives.
·
Lastly,
misalignment between a board’s expectations and the actual ability of
information security officers to deliver also constitutes a threat. The ISF
notes that many boards don’t realize that it takes time to make substantial
improvements to information security, which is why the association anticipates
that this mismatch will be most exposed by major incidents. “Not only will the
organization face substantial impact, the repercussions will also reflect badly
on the individuals and collective reputations of the board members,” according
to the ISF.
The ISF was quick to note that the key five threats
“are not mutually exclusive and can combine to create even greater threat
profiles”.