With rapid digitization and the inter-networked world leading to a huge data explosion combined with the relentless growth of transformative technologies, the importance of cyber security – now and in the future – is unquestionable.
As 2018 approaches, here are my top five predictions for cyber security in the coming year:
- Huge demand for security professionals with evolving and grounded expertise
- Stringent global regulations
- Ransomware, DDoS attacks and cyber warfare
- Explosion of threats, vulnerabilities and IoT
- Privacy and ethics concerns for big data, and back to basics
Huge demand for security professionals with evolving and grounded expertise
Industry requires skilled cyber security professionals who can not only meet the current challenges, but also evolve continuously with the changing technology landscape and with the associated threats and vulnerabilities. Some of the top skills needed in the context of the evolving threat scenario are as follows:
- Data analysis, data Governance and enterprise IT governance
- Data analytics, data science and big data management
- Cognitive computing and artificial intelligence
- Strong knowledge to address ransomware and evolving IoT connectivity issues and mobile access
- Application security and knowledge of defensive software engineering
- Strong knowledge on regulatory guidelines
Stringent global regulations
General Data Protection Regulation (GDPR), an EU regulation, will become applicable to every country in the world in May 2018. Organizations that fail to comply can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements, such as not having sufficient customer consent to process data or violating the core of privacy by design concepts. Given the serious implications, GDPR will be a priority for boards of directors around the globe.
Ransomware, DDoS attacks and cyber warfare
Ransomware, or categorized as crypto-ransomware, encrypts certain important files on the infected systems and forces users to pay ransom through online payment methods to get the decrypt key. Normally payments are demanded in crypto-currencies like that of bitcoin; however, payment does not guarantee that files will be decrypted.
Ransomware has spread across the world and become a profitable business model. This trend will escalate, provided users don’t follow best practices and systems remain unpatched.
DDoS poses a serious threat to organizations worldwide, especially when they lack the resources and the bandwidth to handle the large network traffic. The threat of DDoS will be accentuated with the increased usage of Internet of Things (IoT) connected devices in the enterprise, which when left unsecured, can become pathways as well as slave nodes, and add to the DDoS traffic stream.
As a consequence, cybercrimes will flourish, which could be used by powerful nations to initiate and develop highly refined and targeted attacks against targets of national value belonging to other countries.
Explosion of threats, vulnerabilities and IoT
Due to exponential growth of innovative technologies, lots of new vulnerabilities will be introduced. However, the highest risks will still come from well-known and well-understood vulnerabilities. SANS estimates that over 80 percent of cyber security incidents exploit known vulnerabilities. Gartner comes in much higher, estimating that “through 2020, 99 percent of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.”
As if this is not sufficient, Cisco estimates that IoT will account for nearly half of connected devices by 2020, as cars, refrigerators, medical devices and gadgets not yet imagined or invented will link in, which will lead to the tremendous growth of threats and vulnerabilities in 2018 and the years to follow.
Privacy and ethics concerns for big data, and back to basics
Too much data is entering enterprises, and with the advent of big data, organizations now come across new types and formats of data, many of which are not structured like that of traditional data. Various types of sensors generate data in various formats and in huge numbers to be monitored. Hopefully, GDPR will serve as a guide post for exercising compliance while leveraging big data.
More often than not, cyber security issues are due to internal processes and people. In 2018, organizations the world over must spend more on security awareness and training for their employees so that preventive measures are exercised by them and incidents are raised when required. Basic security hygiene such as the patching of servers and updating software versions will rightfully gain greater prominence.
Author’s note: The views expressed in this article are of the author’s views and do not represent that of the organization or of the professional bodies to which he is associated.