Top 100 Cybersecurity Predictions for 2018 Impacting MSSPs
This Top 100 Cybersecurity Predictions List for 2018 shows you what the overall industry is forecasting — along with some potential implications for MSSPs.
Your Predictions: If your company has cybersecurity and MSSP predictions to share, please email me (Joe@AfterNines.com) for consideration.
Items 100 to 47: Keep checking this blog daily for ongoing updates as we build out the complete Top 100 list…
2018 Cybersecurity Predictions From Trustwave
Brian Hussey, the VP of Cyber Threat Detection and Response at Trustwave’s SpiderLabs, shares these predictions and next steps.
46. New Hybrid Attacks on Financial Institutions: Trustwave’s SpiderLabs research team recently came across a newly evolved form of a hybrid cyberattack on banks, which includes a human “mule” element. The multi-step approach first has the mule open up an account at the targeted bank, then leverages the data obtained to gain unauthorized account access to the network.
This attack had already raked in more than $100 million and was only found to be used in eastern Europe and parts of Africa– however researchers warn that this type of attack will be spreading to North America as it becomes perfected.
To stay protected, businesses should ensure they have well-documented and tested incident response plans in place to proactively prepare for an incident, as well as an incident response plan that is ready to be deployed.
45. IoT Devices as Vulnerable Targets in the Workplace: IoT devices are being integrated into the workplace to increase productivity for employees, in term opening up new vulnerabilities for companies. IoT devices come with their own risks, as they can be accessed remotely, or act as an entry point to breach an organization’s network. Recently, Brother printers were found to have a denial of service (DoS) vulnerability, allowing hackers to tie up resources and reduce productivity of organizations using this printer.
To ensure IoT devices are not providing hackers with easy access to your businesses’ network, organizations should develop strict access controls and web access restrictions, and promptly make patch updates once manufacturers make them available.
44. Making Cyber an Integral Part of Corporate Culture: Applications, IoT devices, BYOD integration, and third party connections increase a company’s attack surface and are huge factors in security failures for enterprises. This is a result of organizations continuing to utilize legacy policies and procedures that are no longer relevant to their evolved technology ecosystem.
In order to combat these challenges, businesses need to make cyber an integral part of corporate culture by taking a top-down approach in ensuring the right protection for their company. Having buy-in from the boardroom and vigilance from users is key to avoiding unnecessary barriers.
Another vital step is assessing the risk of an organization’s network by working with internal or external security experts to establish advanced and relevant policies and procedures around the needs of their company like remote workers, BYOD, and employee/vendor security.
43. Leveraging Threat Hunting and Other Proactive Tactics: Organizations of all sizes should ensure their company has a plan in place to proactively identify and respond to threats, also referred to as threat hunting. Threat hunting is a technique used to proactively identify the indicators and causes of sophisticated attacks and impede the exfiltration of sensitive data before it can inflict damage.
Taking a proactive approach by integrating threat hunting into a company’s protection plan allows a business to seek out and remediate an attack before it even happens. Other ways businesses can be more proactive is working with a managed security service provider who can help with risk management objectives and data classification.
2018 Cybersecurity Predictions from Netskope
Key predictions from Netskope CEO Sanjay Beri:
42. In 2018, three quarters of companies or apps will be ruled out of compliance with GDPR and at least one major corporation will be fined to the highest extent in 2018 to set an example for others. Three quarters (75.4%) of cloud services were not ready per Netskope’s September cloud report on GDPR compliance readiness. I predict little change by May’s deadline. Most companies are preparing internally by performing more security assessments and recruiting a mix of security professionals with privacy expertise and lawyers, but with the deadline quickly approaching, it’s clear the bulk of businesses are woefully behind and may not be able to avoid these consequences.
41. In the aftermath of numerous AWS S3 bucket misconfigurations, businesses will restructure their security tools to prioritize intuitive platforms that anyone can navigate. In 2018, companies will be far pickier about choosing security tools, relying on “best of breed” products that allow easy integration with their other security tools to create a holistic multi-vendor security suite. In light of the cybersecurity skills gap, business leaders will also choose tools that are easy for non-security experts to understand. Leaders without a formal cybersecurity background are increasingly just as critical to the safety of a company’s data as the Chief Security Officer, and companies will invest in tools that everyone can understand.
40. In 2018, companies will prioritize the cloud to manage security. More than ever, business leaders will search for security solutions that mitigate blind spots across the cloud, including activity conducted across off-network access or on personal devices. Today’s workforce is mobile and distributed; legacy tools can’t see devices that are unattached to an enterprise network (i.e. mobile) so more businesses will turn to independent cloud security companies to more effectively connect the dots.
Continue to the next page for predictions from Netwrix and ServiceNow