The increased pervasiveness of data breaches and the higher volume of impacted records are expected to result in far higher costs for organizations of all sizes, notes the ISF, an independent and not-for-profit association of leading organizations from around the world.
The association expects the increased costs incurred in security breaches to come both from traditional areas, such as network cleanup and customer notification, and newer areas such as litigation.
As if in a chain reaction, the data breaches will spur “angry customers” to mount pressure on governments to tighten up data protection laws, which in turn will translate into additional and unforeseen costs. “The resulting mess of international regulations” will trigger new compliance headaches while doing little to deter cybercrime.
“In 2018, we will see increased sophistication in the threat landscape with threats being personalized to their target’s weak spots or metamorphosing to take account of defenses that have already been put in place … These days, the stakes are higher than ever before. High level corporate secrets and critical infrastructure are regularly under attack and organizations of all sizes need to be aware of the significant trends that we forecast in the year to come,” ISF Managing Director Steve Durbin is quoted as saying.
These trends will be underpinned by these five most prevalent threats that the ISF expects to loom large on businesses next year:
- Crime-as-a-service (CaaS) is set to expand available tools and services, as criminal organizations won’t let up on their efforts to make their malicious wares increasingly more sophisticated. Criminal groups will make forays into new markets and will commoditize their activities globally, which is poised to result in more persistent and damaging cyber incidents than ever before.
- The Internet of Things (IoT) will add unmanaged risks due to the organizations’ embracing of IoT devices but losing sight of the fact that these devices are often insecure by design, thus affording bad actors ample opportunities for attacks. “In a worst-case scenario, when IoT devices are embedded in industrial control systems, security compromises could result in harm to individuals or even loss of life,” reads the ISF’s prediction.
- Supply chain remains the weakest link in risk management, according to the ISF, which points to the perils of sharing valuable and sensitive information with suppliers, as it leads to “an increased risk of its confidentiality, integrity or availability being compromised”.
- Regulation adds to complexity and, as a result of additional resources required to address the obligations enshrined in the EU’s General Data Protection Regulation (GDPR), businesses may – on top of facing extra compliance and data management costs – have their attention and investment drawn away from other important initiatives.
- Lastly, misalignment between a board’s expectations and the actual ability of information security officers to deliver also constitutes a threat. The ISF notes that many boards don’t realize that it takes time to make substantial improvements to information security, which is why the association anticipates that this mismatch will be most exposed by major incidents. “Not only will the organization face substantial impact, the repercussions will also reflect badly on the individuals and collective reputations of the board members,” according to the ISF.
The ISF was quick to note that the key five threats “are not mutually exclusive and can combine to create even greater threat profiles”.
Author Tomáš Foltýn, ESET