Story image

Businesses MUST prepare: World's cybersecurity big guns forecast 2018

11 Dec 2017

To say 2017 has supplied an endless amount of cybersecurity headaches for organisations around the world would be a gross understatement.

Catastrophic breaches seemed to happen every week with severe implications for all involved – and those were only the ones that were publicised.

So what will 2018 bring? We’ve brought together a line-up of cybersecurity heavyweights to provide their opinions on various topics for the year ahead.

Rich Campagna, CEO at Bitglass, on the end of the static password

End users are unlikely to break the habit of recycling passwords across corporate and personal accounts, leaving businesses exposed to the threat of compromised credentials. As such, businesses must take steps to ensure secure authentication. In 2018, the continuing fallout from massive data breaches (like those experienced by Yahoo) is likely to spell the end for one of the internet’s longest-standing security pillars, the user-generated password.

Next year will see multiple organisations eliminate the isolated use of user-generated passwords. Instead, they will employ multi-factor authentication (MFA) and more advanced identity management tools. By requiring that users confirm their identities with a second factor, these solutions reduce the threat of compromised credentials and large-scale data breaches.

Peter Godden, VP of EMEA at Zerto, on the rise of IT resilience

In 2018, organisations need to start bringing in IT resilience-minded employees and giving them a seat at the table. It's unfortunate that it may take a dramatic escalation in attacks – that I predict is coming – for countless leadership teams to finally face the reality that attacks are inevitable. Management teams, and more importantly shareholders, need to wake up: cyberattacks are a “when”, not an “if”.

Resilient IT strategies, ones that ensure data and applications are protected and recoverable to the point just before an attack occurs, will rise in popularity next year as no organisation can reduce the impact of attacks or prevent the company from being flashed in headlines with old, failed approaches. Hopefully 2018 will see real, tangible, sizeable investments in people, technology, and processes that essentially shifts their posture from easygoing and passive to one of true IT resilience.”

Tom Harwood, Chief Product Officer and Co-Founder at Aeriandi, on the first voice-initiated cyber breach

Web based security measures have evolved much faster than those for voice and telephone in recent years. For the web there’s always the option of multi-factor authentication. There’s also behavioural monitoring as a preventative measure and identity based management - all improving degrees of data security. The same is not true however for phone-based contact, which is still a poor relation to online.

As it stands, it is estimated that between 30 per cent to 50 per cent of all fraud incidents are initiated with a phone call, meaning telephone agents in contact centres are particularly vulnerable to social engineering and manipulation. I think it’s reasonable to predict that 2018 could be the year when we see the first major voice-initiated cyber breach. With fraudsters increasingly looking for ways to exploit telephone contact centre agents, and regulations like GDPR and MiFID II coming into play, organisations must give voice security the attention it deserves.

Ken Hosac, VP IoT Strategy & Business Development at Cradlepoint, on the IoT security wake up call

2018 will see organisations being smarter about how they secure their IoT devices. Global surveys show increasing enterprise IoT adoption, but with the spread of vicious botnets such as Reaper and Mirai, businesses know that deploying IoT devices on an existing network is dangerous. It creates cross-contamination, expands the attack surface and exposes corporate networks to new vulnerabilities.

This is a serious threat that will need to be mitigated in 2018. One way of addressing the issue is by deploying Software-defined Perimeter technology. This enables businesses to control access and isolate IoT devices from each other. Significantly, it means existing networks can be shielded from potential attackers. In 2018, we will see more organisations addressing IoT security issues with Software-defined Perimeter technology, supporting the continued development of the global IoT ecosystem.

Gary Watson, Founder and CTO at Nexsan, on the move from outsourced IT to in-house

Security has been a top concern for many years and in 2018 it will become an even larger concern. With the rise in ransomware, data leaks and downtime, organisations will be faced with two paths; either surrender or get it under control. In 2017, we have seen some high-profile cases where companies simply pay out in order to regain power; however, as the recent Uber scandal has shown, paying hackers should not be part of the solution.

With GDPR coming into effect and FBI warnings against cooperating with cyber criminals, paying out in order to keep quiet will no longer be an option. Organisations who face downtime and security breaches risk irreversible damage to their reputation; law makers are coming down hard to ensure businesses are held responsible for customer data. Bringing IT in-house can not only allow companies to save money, but provide improved user experience while keeping tighter control over data security and locality. Data is essential; it is the lifeblood of any organisation, and it shouldn’t be entrusted to outside services which fail to deliver.

Nigel Tozer, Director Solutions Marketing at Commvault, on the continued evolution of ransomware

Throughout 2018, ransomware will continue to evolve, becoming smarter and more targeted towards production systems, with bigger pay-outs from breaches rather than encryption becoming the ultimate goal. Furthermore, the cyber-arms race will continue as more and more security vendors turn to AI to make defences more effective. While this has been growing in 2017, the move to AI is set to continue in the coming year.

Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.