If you thought 2017 was a dire year for data breaches, wait until 2018. The Information Security Forum (ISF), a global, independent information security body that focuses on cyber security and information risk management, forecasts an increase in the number and impact of data breaches, thanks in large part to five key global security threats that organizations will face in 2018.
"The scope and pace of information security threats is jeopardizing the veracity and reputation of today's most reliable organizations," says Steve Durbin, managing director of the ISF. "In 2018, we will see increased sophistication in the threat landscape with threats being personalized to their target's weak spots or metamorphosing to take account of defenses that have already been put in place. These days, the stakes are higher than ever before."
Growing with the number of data breaches will be the volume of compromised records, Durbin says. Because of this, next year’s attacks will be far more expensive for organizations of all sizes. Traditional areas, such as network clean-up and customer notification, will account for some of these costs, but additional costs will arise from newer areas, such as litigation involving a growing number of parties, Durbin says. The ISF predicts angry customers will pressure governments to introduce tighter data protection legislation, with concomitant costs.
[ Find out the 10 critical security skills every IT team needs and how to measure cybersecurity effectiveness before it’s too late. | Learn from your peers: Check out our State of the CIO 2017 report on the challenges and concerns of CIOs today. | Get security insights by signing up for our CIO newsletter. ]
Driving this trend will be the following top five global security threats that businesses will face in 2018, according to the ISF:
- Crime-as-a-service (CaaS) will expand available tools and services.
- The internet of things (IoT) will further add unmanaged risks.
- The supply chain will remain the weakest link in risk management.
- Regulation will add to the complexity of critical asset management.
- Unmet board expectations will be exposed by major incidents.
Last year, ISF predicted CaaS would take a quantum leap forward, with criminal syndicates further developing complex hierarchies, partnerships and collaborations that mimic large private sector organizations.
Durbin says that prediction proved prescient, as 2017 has seen a "huge increase in cybercrime, particularly crime-as-a-service." The ISF predicts that process will continue in 2018, with criminal organizations further diversifying into new markets and commodifying their activities at a global level. Some organizations will have roots in existing criminal structures, the ISF says, while others will emerge that are focused solely on cybercrime.
The biggest difference? In 2018, CaaS will allow “aspirant cybercriminals” without much technical knowledge to buy tools and services that allow them to conduct attacks they would otherwise not be able to undertake, Durbin says.
Sign up for Computerworld eNewsletters.