The Inherent Risk (and Reward) of Innovation
This year, cybersecurity officers must rethink their end-to-end security ecosystem. Top priority will be identifying and addressing evolving vulnerabilities to people, processes, technologies and service providers. It’s time both to re-evaluate the overarching security strategy and to take a more security-minded approach from the outset – before deploying any solution or architecture.
Emerging trends such as artificial intelligence (AI) and machine learning are seeping into virtually everything technological. Other trends focus on blending the digital and physical worlds to create an immersive, digitally enhanced environment. Still others refer to exploiting connections between an expanding set of people and businesses, as well as devices, content and services to deliver digital business outcomes.
Technology innovation is a double-edged sword, and some would even say that the pace of technology is impacting the pace of human evolution. While there may be additional philosophical or moral questions regarding the aggressive pace and change inherent in technological advancement — which I won’t address here — it marches forward, and we need to actively monitor its progress and impact on our lives.
Human beings are creatures of comfort, but looking to technology to make our lives easier can have negative consequences. We are constantly searching for new and efficient ways technology can support our lifestyles. As we continue to innovate and nurture new technologies, we also encounter new security risks.
In 2018, cybersecurity officers will be forced to rethink their end-to-end security ecosystem to pinpoint evolving vulnerabilities that span people, process, technology and service providers. They will need to both evaluate their holistic security strategy and begin thinking of security from the outset – before deploying any solution or architecture. Most likely, new technologies such as AI, machine learning and IoT will be on top of existing systems, potentially exposing legacy investments (such as industrial machines) to new vulnerabilities. Security professionals will need to anticipate vulnerabilities and risks across a more complex and distributed technology landscape than ever before.
Below are Coalfire’s cybersecurity trends and predictions for 2018:
#1: Attacks on Health Care Will Increase
There’s a perception that health care breaches have become “par for the course,” and that this is an industry that needs to reassess their tools, techniques and teams, which are not adequately advancing with the growing threats. Companies in the health care industry need to reassess their points of vulnerability, which means looking at basic policies, reassessing security spend prioritization and evaluating how information is accessed and protected.
#2: IoT / Connected Devices Will Accelerate Risk
Devices are being IP-enabled at a breakneck pace, which is introducing a plethora of security challenges as components are sourced and assembled from disparate suppliers along an increasingly global supply chain. While IoT-sourced attacks have been relatively limited, it is inevitable that these attacks will escalate. We believe there will be a heavier focus on IoT security, putting the focus on IoT device configurations and communication protections. This will protect businesses from data leakage and disruptions and reassure consumers that they aren’t bringing security threats into their homes and lives. Given the increasing complexity, regulators will focus on the insecurity of IoT to build standards and provide guidance.
#3: Compliance Will Remain a Focus
Like it or not, cybersecurity compliance is a large force in the market, and it’s here to stay. The soon-to-be-enforceable General Data Protection Regulation (GDPR) is a great example. Some security professionals believe – at times, rightfully – that certification or passing a compliance assessment does not necessarily equate to good security. We believe that compliance and privacy regulations will continue to proliferate, and companies will not only need to meet new compliance requirements, but also go beyond compliance to align security with risk to meet rising cyber risk levels.
#4: The Need for Cloud-Based Disaster Recovery Plans Will Grow
Businesses will continue to accelerate their dependence on cloud technologies, and it’s critical to consider the security implications of this trend. In particular, as more mission-critical workloads are hosted off premises than ever before, a strong cloud-based disaster recovery plan is a must, and companies will need to prioritize the development of such a plan if they do not already have one in place.
#5: Cryptocurrency Hacks Will Increase
The cryptocurrency market is still immature. With the high-profile nature of this speculative market and association with cybercrime and other illegal activity, it is an attractive area for hackers to target. Several cryptocurrency markets have already been hacked, and this trend may increase in the years ahead.
#6: Malware Will Get Agile
New malware strains will incorporate artificial intelligence and machine learning to improve their malicious penetration over time. Of course, this means that cybersecurity solutions providers will continue to up the ante by integrating more AI into security solutions.
#7: Skilled People Will Be Critical to Meeting Threats
In an era where everyone is looking toward automation, don’t underestimate the importance of skilled people. Smart people are needed to defend against smart criminals. Cyber risk assessments, penetration testing and “red teaming” will continue to be critical components of counterintelligence in the cybersecurity war. Companies in all industries are advised to hire and partner with the most creative thinkers in the industry who understand not only security, but also the specific cyber risk and technology trends facing your industry. There is no substitute for human talent on the proactive security end of the battle.