Friday, December 1, 2017
The New Year Could Bring Familiar and Unexpected Threats to the Cyber Security World
The Information Security Forum (ISF) has released its predictions regarding the top five global security threats businesses will face in 2018 (Information Security Forum, 2017). They include:
- Crime-As-A-Service (CaaS) Expands Tools & Services
- Internet of Things (IoT) Adds Unmanaged Risks
- Supply Chain Remains the Weakest Link in Risk Management
- Regulation Adds to Complexity of Critical Asset Management
- Unmet Board Expectations Exposing Major Incidents
These threats are already present while introducing the challenges of new regulations and corporate expectations on security professionals. The expansion of Crime-As-A-Service was predicted by the ISF for 2017, this time last year, to become a major issue. (Kitten, 2016) The Risk of IoT devices was also present and confirmed in June 2017 by the Altman Vilandrie & Company. when they released a survey of approximately "400 IT executives across 19 industries that showed nearly half (48%) of firms have experienced at least one IoT security breach, representing 13.4% of the total revenues for companies with revenues under $5 million annually and tens of millions of dollars for the largest firms. (Boulanger, 2017)
With the identification of these already present, ongoing, and probable expansion of security threats, the ISF has also predicted that continuity, regulation, and unmet expectations will provide problems. The ISF predicts supply chain continuity will pose a risk to every organization, due to the lack of "strong, scalable, and repeatable processes" (Information Security Forum, 2017) in place during procurement of resources and vender management. A breakdown of the supply chain could mean loss of revenue, along with a public relation's nightmare. The European Union General Data Protection Regulation will also offer a new challenge for businesses, holding stricter regulations regarding personal data. Businesses could face a legislative quandary if a breach occurs under their watch. Finally, CISOs may be facing a heavier burden when communicating unmet board expectations, should results not be immediate and a breach hits-the-wire. With the constant bombardment of security breaches and leaks throughout the media in 2017, corporate boards have increase information security budgets to provide a more robust security posture. However, even with increased financial backing, misalignment with expectations from the board, and the implementation may be problematic if a breach were to occur.
Facing these threats can pose a multitude of headaches for any organization. nGuard recommends that organizations take the time to evaluate their processes. Furthermore, businesses should conduct a risk assessment to better gauge their security posture and conduct tactical penetration testing to determine the effectiveness of their current security controls.
Boulanger, C. (2017, June 01). Survey: Nearly Half of U.S. Firms Using Internet of Things Hit by Security Breaches. Retrieved 29NOV2017, Web http://www.businesswire.com/news/home/20170601006165/en
Information Security Forum (2017, November 28). Information Security Forum Forecasts 2018 Global Security Threat Outlook. Retrieved 29NOV2017, Web https://www.prnewswire.com/news-releases/information-security-forum-forecasts-2018-global-security-threat-outlook-300562342.html
Kitten, T. (2016, December 6). 'Crime-as-a-Service' a Top Cyber Threat for 2017. Retrieved 29NOV2017, Web http://www.databreachtoday.co.uk/interviews/crime-as-a-service-top-cyber-threat-for-2017-i-3406
About nGuard Corporation
nGuard is a leading provider of expert security assessments, managed security services, security incident response, and other advanced security services to organizations across North America & around the world. nGuard's relentless focus on securing clients, as well as their unmatched security expertise, has helped them become one of the most sought after security firms in North America.
For more information, please visit: www.nGuard.com