- Crime as a Service (CaaS) tools and services are spread.
- An unmanaged risk is added due to the Internet (IoT).
- The supply chain will still be the weakest link in risk management.
- Regulation complicates important asset management.
Thursday, 7 December 2017
Five information security threats to dominate 2018
Call us @ 0557503724 for best security Solution in Dubai
If you think 2017 was a terrible year in terms of data infringement, you should be ready for 2018. The Information Security Forum (ISF), which focuses primarily on cyber security and information risk management, predicts that the organization's five major global security threats to face in 2018 will increase the frequency and impact of data breaches.
"Information security threats are broad and fast enough to jeopardize the reputation of today's most trusted companies," said Steve Durbin, executive director of Getty Images Bank ISF. "In 2018, The threats of the form will make the overall threat situation more complicated, and the risks are much greater now than in the past. "
Durbin said the data breach would increase and the scale of the leak would increase. That's why the 2018 attacks will cost much more than now, regardless of the size of the organization. Durbin predicted that these costs would include traditional costs such as network maintenance and customer notifications, but costs of new aspects such as litigation involving multiple parties. The ISF said that the costs would be incurred if the government presses angry customers to create tighter data protection regulations.
The five largest global security threats that ISF expects companies to face in 2018 are:
There will be major accidents that do not meet board expectations.
1. Proliferation of the Crime as a Service (ISA) The
ISF projected that CaaS would grow dramatically in the past year, as criminal organizations pursued partnerships and collaborations with complex classes that mimic large private enterprise organizations.
Durbin said that in 2017, "cybercrime, especially Crime as a Service (CaaS), has increased dramatically," he said. The ISF predicts that this trend will continue into 2018 and that criminal organizations will diversify into new markets and expand their activities to global levels. The ISF expects to see an emerging organization that focuses exclusively on cybercrime, while some organizations are rooted in existing criminal structures.
Durbin said that the biggest difference in 2018 is that cybercriminals who have a desire for aggression but lack technical knowledge can purchase tools and services through CaaS,
"Cybercrime is moving away from the past, which is attacking big targets unconditionally, to intellectual property and large banks," Durbin added.
Let's take a look at Cryptware, the most popular malware category these days. In the past, cybercriminals using Ransomware relied on distorted forms of trust. In other words, if the criminal encrypts the computer, the victim pays the data for the ransom, and the criminal who receives the money unlocks the computer by keeping the trust.
Durbin, however, said that "trust" is breaking down as a large number of greedy cybercriminals in this area are being introduced. If you pay the ransom data, you do not get the encrypted data back, or cybercriminals repeatedly attack the same victim.
"At the same time, cybercriminals' social engineering practices are becoming more sophisticated," Durbin said. The attack target is primarily an individual rather than an enterprise, but these attacks are still a threat to the organization. "The boundaries between businesses and individuals are becoming increasingly blurred, and individuals are becoming more and more of a business," Durbin said.
2. Uncontrolled risks added by IoT spread
Organizations are actively introducing IoT devices, but most IoT devices are basically unsafe. In addition, the ISF warned that the rapidly growing IoT ecosystem is becoming less transparent. The problem is the ambiguous use terms that allow organizations to use personal data in ways that customers do not expect.
On the corporate side, there is a problem that it is difficult to understand what information goes out of the network or what data is secretly captured and transmitted from a device such as a smart phone or a smart TV.
A regulatory body or customer may be held liable to the organization for any actual breach of data or a breach of transparency. In the worst-case scenario, a security flaw in an IOT device embedded in an industrial control system may cause injury or death.
"It's important to know the usage patterns from a manufacturer's perspective and to better understand individual devices," Durbin said. "Anyway, all of these elements will open up more ways of attacking than ever before." " What can you do to protect people and control your device without giving it permission? Is expected to be higher the associated security awareness, "he added.
3. The supply chain is still weak links
ISF has been filed vulnerability issues in the supply chain for years. ISF is highlighted as the company supplies a variety of sensitive and valuable company information and
"Since last year, large manufacturing companies have fallen into a dysfunctional state and supply chain management has become a reality," he said. "The supply chain is everywhere," Durbin said. "Theproblem we are facing now is how do we know where information is at every stage of the life cycle? All. How will the integrity of the information be shared when that information is shared? "
ISF said corporate organizations should focus on the weakest part of the supply chain in 2018. While not all security incidents can be prevented in advance, Durbin has recommended the introduction of a powerful, expandable and repeatable process that is proportional to the risks faced.
4. Complexity of asset management due to regulatory complexity Further
complexity increases the complexity of core asset management, since it also implements the full European Union General Data Protection Act (GDPR) from 2018.
"There is almost no case where GDPR has not emerged as a dialogue in conversations with people all over the world," Durbin said. "It's not just a matter of compliance. "We need to find out exactly how we are managing and protecting that data, and we have to prove it to the individual as well as the regulator at any time." "To get it right, you have to change the way you do business," Durbin added.
The ISF predicted that additional resources needed to meet GDPR obligations would increase interest in compliance with regulatory compliance and data management costs, thereby reducing interest and investment in other activities.
5. Unmet expectations of the board According to the ISF, the discrepancy between the board's expectations and the realistic capabilities of the information security department will be a threat in 2018.
"The board understands the fact that it does business in cyberspace, and in many cases what the board does not understand is the various real barriers that it has," they said, "and they think the CISO has complete control over everything. The board still does not know what to ask, and CISO still does not know how to talk to the board or business unit. "
The ISF said the board has approved an increase in information security budgets over the past few years and expects immediate results from the CISO and the Information Security department, but initially a perfectly secure organization is an unachievable goal. Even if the board understands it, it often does not make sense to improve information security to a meaningful level (even if the organization has the right skills and capabilities).
These discrepancies in expectations and consequences mean that in the event of a major accident, the impact is likely to affect not only the organization but also the individual board members and the reputation of the board as a whole.
Durbin therefore said that the role of the CISO should evolve. "The role of the CISO is now to predict, not just to verify that the firewall is working," Durbin said. "We need to predict how the future problems will affect the business and explain it to the board. If you cannot persuade your own ideas, you will not get any results in the boardroom of the board.
Make Fantastic Designs By Adopting Brilliant Web Design Strategies from The Experts As a matter of fact, website design is a kind of art ...
Call us @ 0557503724 for Notebook, PC, Smartphone and tablet repair We will repair your equipment at a fixed price - manufacturer-indepe...
How to Create a Free Email Address Despite the fact that the Internet is now part of the daily newspaper you have always p...
In this holiday season and after a very hectic Black Friday, many of us start to see their savings melt like snow in the sun, so why...