Our Five Key Predictions for Information Security in 2018
WannaCry, Uber, Equifax, Cloudflare – 2017 seemed to produce an endless litany of high-profile data leaks and cybersecurity breaches. Reported information security incidents were up 10 per cent compared to 2016, and perhaps most worrying of all, as the number of different types of attack multiply, so does their level of sophistication.
So what will 2018 bring for the world of information security? How can businesses and IT pros bounce back to keep data safe in the face of ever increasing threats? How will they respond to the demands of tightening regulation? Here are the key trends the Fruition IT team expects to see shape the year ahead.
1. The GDPR will change attitudes to data security
One thing we can be 100 per cent certain of as we gaze into our crystal ball is that 2018 will be a huge year for information security regulation. The arrival of the EU-wide General Data Protection Regulation (GDPR) will mark a step change in how organisations handle digital data on private citizens. And despite Brexit looming, the regulations will apply in full to UK businesses.
The GDPR will make data security a higher priority in the minds of most organisations. If they fail to take it seriously, they risk incurring punitive fines. The GDPR requires every business that holds private data to proactively demonstrate clear policies for keeping it safe, and creates new burdens of responsibilities for preventing breaches. Tough it
may be, but perhaps this is the kick up the proverbial needed to take data security serious.
2. Mobile marks a new front in cybersecurity
We have just about reached the tipping point where more networked data exchanges are taking place on mobile devices than on desktop. From internet shopping to online banking, social networking to team collaboration apps, mobile is where the most traffic is now coming from.
The problem is that, in many respects, mobile cybersecurity is years behind. Apps with weak security certification continue to flood the market while even the most robust enterprise-grade firewalls cease to offer protection as soon as a user connects to a public network on the outside. Criminals know these vulnerabilities only too well, while the cybersecurity community scrambles to resolve them.
3. Authentication will come of age
From a data security perspective, passwords are a nightmare. For as long as the concept of cybersecurity has existed, password-based authentication has been recognised as a glaring weakness. Because people use the same passwords over and over, rarely change them and make little effort to choose something that is not very simple to guess, passwords make it pretty easy for criminals to force their way into devices, accounts and networks.
Finally, in 2018, we may see authentication evolve beyond passwords. Multi-factor authentication, where users have to give combinations of passwords, PIN codes and unique user IDs provided to them, has started to move out of online banking to be adopted by some of the web’s heaviest hitters. Risk-based authentication, where a site assesses the likely risk profile of the user and sets a level of challenge to entry accordingly, is also becoming increasingly common.
4. AI will take centre stage
Artificial Intelligence is driving the next wave of software-led automation, where Machine Learning capabilities allow platforms and applications to automatically change responses and processes by analyzing the patterns of what has gone before. We can expect these powers to be enlisted on both sides of the cybersecurity struggle.
Cybercriminals and hackers will look to use AI to create malware that adapts to different scenarios in the wild, taking worm technology to the next level with viruses that not only self-replicate but actually become more potent over time. Equally, cybersecurity experts will increasingly seek to automate detection and eradication, knowing that it is the only practical way to monitor and counter threats as they multiply into their millions and then billions.
5. Botnets will become a huge thorn in the side
If mobile technology lags a couple of years behind the cutting edge of cybersecurity, then the Internet of Things is positively prehistoric. In the development of networked ‘smart’ devices, little thought has been given to the security implications of connecting millions of new pieces of hardware to the internet. After all, these devices do not store significant amounts of data directly, so why would robust security need to be a prioroty?
The problem is, with the development of the Cloud especially, IoT devices now become nodes that can be easily compromised and used as launch pads to attack and steal data from other places in a network. With little native security, it is very hard to monitor what data might be leaking through an IoT device. Cybercriminals are taking advantage of this by creating botnets, vast networks of millions of compromised zombie devices that can be used to harvest data or become launch pads for attacks at different points in the future.