3 Emerging Areas of Concern
Information Security Forum recently released “Top Emerging Threats for 2019,” an annual outlook on the top global security threats businesses may face in the coming year. ISF’s Steve Durbin provides insight into some of the most pressing threats organizations should be aware of.
It’s that time of year again – time for each and every one of us to reminisce on the past year and make resolutions for how we can do better in the year ahead.
In the year ahead, organizations must prepare for the unknown so they have the flexibility to endure unexpected and high-impact security events. To take advantage of emerging trends in both technology and cyberspace, businesses need to manage risks in ways beyond those traditionally handled by the information security function, since innovative attacks will most certainly impact both business reputation and shareholder value.
Based on comprehensive assessments of the threat landscape, the Information Security Forum recommends that businesses focus on the following security topics in 2019:
- The Increased Sophistication of Cybercrime and Ransomware
- The Impact of Legislation
- Smart Devices Challenge Data Integrity
We’ve provided an overview for each of these areas below:
The Increased Sophistication of Cybercrime and Ransomware
Criminal organizations will continue their ongoing development and become increasingly sophisticated. Some organizations will have roots in existing criminal structures, while others will emerge focused purely on cybercrime. Organizations will also struggle to keep pace with this increased sophistication, and the impact will extend worldwide, with malware in general and ransomware in particular becoming the leading means of attack.
While overall damages arising from ransomware attacks are difficult to calculate, some estimates suggest that there was a global loss in excess of $5 billion in 2017. On the whole, the volume of new mobile malware families grew significantly throughout 2017 – in particular, mobile ransomware. This should be expected to continue in 2019. Email-based attacks such as spam and phishing (including targeted spear phishing) are most commonly used to obtain an initial foothold on a victim’s device. Cybercriminals behind ransomware will shift their attention to smart and personal devices as a means of spreading targeted malware attacks.
The Impact of Legislation
National and regional legislators and regulators that are already trying to keep pace with existing developments will fall even further behind the needs of a world eagerly grasping revolutionary technologies. At present, organizations have insufficient knowledge and resources to stay apprised of current and pending legislation. Additionally, legislation by its nature is government- and regulator-driven, resulting in a move toward national regulation at a time when cross-border collaboration is needed. Organizations will struggle to keep abreast of such developments, which may also impact business models that many have taken for granted. This will be of particular challenge to cloud implementations, where understanding the location of cloud data has been an oversight.
Smart Devices Challenge Data Integrity
Organizations will adopt smart devices with enthusiasm, not realizing that these devices are often insecure by design and, therefore, offer many opportunities for attackers. In addition, there will be an increasing lack of transparency in the rapidly evolving IoT ecosystem, with vague terms and conditions that allow organizations to use personal data in ways customers did not intend. It will be problematic for organizations to know what information is leaving their networks or what is being secretly captured and transmitted by devices such as smartphones, smart TVs or conference phones. When breaches occur or transparency violations are revealed, organizations will be held liable by regulators and customers for inadequate data protection.
A Continued Need to Involve the Board
The role of the C-Suite has undergone significant transformation over the last decade. Public scrutiny of business leaders is at an all-time high, in part due to massive hacks and data breaches. It’s become increasingly clear in the last two years that in the event of a breach, the hacked organization will be blamed and held accountable.
The executive team sitting at the top of an organization has the clearest, broadest view. A serious, shared commitment to common values and strategies is at the heart of a good working relationship between the C-suite and the board. Without sincere, ongoing collaboration, complex challenges like cybersecurity will be unmanageable. Covering all the bases — defense, risk management, prevention, detection, remediation and incident response — is better achieved when leaders contribute from their expertise and use their unique vantage point to help set priorities and keep security efforts aligned with business objectives.
Incidents will happen, as it is impossible to avoid every breach. But you can commit to building a mature, realistic, broad-based, collaborative approach to cybersecurity and resilience. Maturing your organization’s ability to detect intrusions quickly and respond expeditiously will be of the highest importance in 2019 and beyond.
Steve Durbin is Managing Director of the 
