Top 10 Security Priorities
CSOs and CIOs will focus on these top 10 security priorities
Executive Management will set security as a top priority
Executive management will increasingly focus on security issues and recognize them as core business risks, rather than the responsibility of the IT department alone. The coming year will see a further commitment from the Board of Directors to ensure that organizations are protected.
Ransomware attacks will continue and increase in scope
Ransomware it too profitable for hackers and will not disappear. According to Janco Associates (www.e-janco.com), global ransomware damage costs for last year exceeded $5 billion (USD), with the average ransom payment was approximately $1,400. (USD).
IoT is a security hack waiting to happen
IoT's phenomenon growth will accelerate in 2018, as both consumers and businesses opt for the convenience and benefits that IoT brings. On the downside, manufacturers are not yet routinely building security into IoT devices and as time progresses enterprises will see problems generated through the use of insecure IoT.
More attacks from hackers
A hacker group which stole hacking tools from the American National Security Agency (NSA), created havoc with the Wannacry ransomware. The group has already stated that it will soon release newer NSA hacking tools, with targets that might include vulnerabilities in Windows 10. Patch management, security and regular backups will be more crucial than ever. A major target of these hackers is the data that organizations hold, including PII (personally identifiable information) and corporate data, so protecting the data ‘crown jewels’ inside the network will become ever more crucial.
European Union’s General Data Protection Regulation (GDPR) businesses must address
GDPR now is required. The key is It is about identifying, protecting and managing ALL Personal Identifiable Information (PII). This is mandated and there will be considerable focus on identifying, securing and, where required, deleting PII held on networks.
GDPR blackmail will become the new ransomware
GDPR provides a great opportunity to criminals, hackers, disgruntled staff and anyone who might want to do an organization harm. They simply have to ask you to identify what data you hold on them, ask for it to be erased, and ask for proof that it has been done. If you can’t comply, they can threaten to go public – exposing you to the risk of huge fines – unless you pay them money. Watch out for that one!
DDoS on the rise
Anyone can ‘rent’ a DDoS attack on the internet. You can actually pay someone to do the attack for you! This is just one of the reasons DDoS threats will continue to escalate in 2018, alongside the cost of dealing with them. The dangers of DDoS for smaller companies are that it will leave them unable to do business. For larger organizations, DDoS attacks can overwhelm systems.
Cloud breaches will expand in both number and scope
As users put more and more data in the cloud, without properly working out how to secure it. With the introduction of GDPR in 2018, it will be even more important to ensure that PII stored in the cloud is properly protected. Failure to do so could bring serious financial consequences.
The insider threat
Insider threats were the primary cause of a majority of the security incidents. This year, there will be growth in cyber education, coupled with more testing, measuring and monitoring of staff behavior. This increasingly involves training and automated testing, such as simulated phishing and social engineering attacks.
Complex passwords will become the standard
Simple passwords will be even more highlighted as an insecure ‘secure’ method of access. Once a password is compromised, then all other sites with that same user password are also vulnerable. As staff often use the same passwords for business as they use personally, businesses are left vulnerable. While complex passwords do have a superficial attraction, there are many challenges around that approach and multi-factor authentication is a vastly superior method of access.