It was virtually impossible to ignore the high-profile attacks and data breaches that dominated headlines in 2017. While business leaders may look to 2018 with some uncertainty, a new year means new opportunities to review and revise existing policies and procedures. By applying lessons learned from the past year and with greater understanding and preparation, organizations can better mitigate risks and proactively combat future threats. Below are some top challenges facing the cybersecurity industry in the year to come.
From hackers infiltrating a New York dam control system to the WannaCry ransomware attack on the UK's National Health Service (NHS), 2017 saw a rise in cyber threats to critical infrastructure. Although these are digital attacks, they have a significant physical impact on business operations, the energy and utility sectors, public transportation and more. When it comes to an attack on critical infrastructure, no organization is immune from the potentially paralyzing effects.
How to Prepare: Develop a Business Continuity Plan
Businesses should take precautionary measures by implementing a continuity plan detailing how to stay up and running through interruptions of any kind: power failures, IT system crashes, natural disasters, supply chain problems and more. And, both public and private sector organizations must communicate regularly with government entities to identify vulnerabilities and potential threats.
U.S. Businesses Risk Costly Fines for Failing to be GDPR Compliant
The EU's General Data Protection Regulation (GDPR) sets more consistent data protection standards and outlines strict requirements for processing, storing and securing personal data of EU citizens. As with any extensive legislation, the GDPR is not without gray areas. However, there is one component of the new regulation that shouldn't be mistaken for anything but black and white: any business anywhere in the world that handles data on EU residents must abide by these rules. U.S. companies that fail to prepare because they are unsure if the GDPR impacts their business face potential logistical nightmares and hefty fines.
How to Prepare: Be Safe, Not Sorry
As the May 25, 2018 deadline for GDPR approaches, companies should focus on evaluating and optimizing data collection, monitoring, and security policies to stay compliant. A good place to start is this checklist from the U.K. Information Commissioner's Office, highlighting 12, clearly-defined steps you can start taking now to prepare and help keep your organization from suffering potentially debilitating fines.
Growing Global Tensions Open the Door for Increased State-Sponsored Cyberattacks
Throughout the past year, we've seen more details surrounding state-sponsored attempts to influence elections or disrupt foreign governments. In 2018, we could see an increase of hostile nations employing a combination of digital tactics – from infiltrating computers to destroying files with malware or ransomware and distributing false information through social media platforms. International companies need to consider how these types of attacks could impact their markets and operational continuity.
How to Prepare: Consider the Geopolitical Climate
State-sponsored attacks perpetuate an unstable environment, which can negatively impact the market and raise concerns for consumers. Businesses can help protect themselves and their customers by enhancing prevention efforts and by being equipped to pinpoint and respond to attacks. It's more important than ever for data breach response plans to be developed from a global perspective and with strategies that transcend borders.
Artificial Intelligence (AI) May Become Both the Best Solution and the Greatest Threat to Cybersecurity
Advanced hacking techniques have forced companies to abandon traditional verification credentials for AI-driven authentication. However, as hackers gain sophistication, AI is becoming a double-edged sword. Armed with AI and machine learning, hackers can extract vast amounts of personal data, create personalized phishing emails, or even modify malware and ransomware more efficiently.
How to Prepare: Continue Weighing the Pros and Cons
While leveraging AI capabilities to enhance multifactor authentication and other security measures is critical, companies must understand that hackers can harness the power of AI with malicious intent. Remaining vigilant in following the latest in threats and attacks is key to balancing both the opportunities and the risks of AI. SC Media's Bradley Barth further examines this issue in his piece, “The Dark Side of AI.”
Increased Concerns Surrounding the Internet of Things (IoT) Could Spur Regulatory Action
Organizations are increasingly relying on connected devices to streamline operational activities. This trend is particularly evident in the industrial sector and on manufacturing floors operating on the Industrial Internet of Things (IIoT). However, the lack of critical security features and the interconnectedness of IoT products make them incredibly attractive to cybercriminals. While legislative and government entities like the Federal Trade Commission are making some progress in IoT development standards, there hasn't been enough action taken to move security off the back burner.
How to Prepare: Putting Security First
While software developers need to anticipate security vulnerabilities, businesses must also integrate IoT-specific precautions into their response plans. The interconnectedness of the IoT is part of its appeal – convenience. However, it just takes a cybercriminal hacking into one connected device to give them access to an entire network. One preventative measure that can't be overstated is creating strong, lengthy and cryptic passwords and using unique passwords across devices.
As any student of history will tell you, looking to the past is the best way to prepare for the future. Companies need only look to the past 12 months to understand the potential impact of impending cyber threats or data breaches. While much of what we will see in 2018 may be ominous, the year also presents an opportunity to take proactive security measures that help safeguard your organization, employees and customers.