Cyber crime has become one of the most lucrative criminal enterprises on earth. At the same time, it has become one of the hardest to investigate and prosecute. We hear regularly about massive data breaches and exploding cybersecurity costs. We hear much less about hackers going to jail.
In order to keep up with a threat that is evolving all the time, the cybersecurity community is constantly addressing new issues and implementing new defenses. As a result, the protection of yesterday is not adequate for the threats of tomorrow. In order to stay ahead of highly motivated hackers, decision-makers must understand what is new and important in cybersecurity:
GDPR compliance creates new rules
European nations are implementing the Government Data Protection Regulation (GDPR) beginning on May 25, 2018. This sweeping set of new rules mandates that any company that serves European customers (including many US companies) must follow strict procedures for protecting data or else face heavy fines. US companies will not be held in breach of compliance unless a data breach does occur, but getting up to speed with compliance (and understanding the consequences of failure) are important in the coming months.
Large companies face extra GDPR headaches
The GDPR rollout is a major step for the EU, and many believe the EU will make an early example of a non-compliant company. It makes sense that this would be a European company, but it could just as easily be one of the US-based tech giants like Google or Amazon that have raised privacy concerns throughout Europe. Smaller players are less likely to be targeted, but the entire global economy will be watching how regulators choose to pursue these strict new rules.
Password-only authentication falls out of favor
Many data breaches can be traced back to compromised login credentials. These are notoriously easy to steal, and many users rely on the same credentials across multiple accounts. Companies have resisted pushing multi-factor or risk-based authentication measures in the past for fear of degrading the user experience. But as anxiety over compromised data grows, extra layers of authentication will become the norm.
State-sponsored attacks on the rise
A new category of cyber criminals is motivated by politics rather than profit. Russian interference in the 2016 presidential election is the clearest example, but this is just one instance of state-sponsored actors carrying out a political agenda through cyber crime. These attacks will become more common, and they will branch out from propaganda and election influencing to begin striking at things like critical infrastructure. There is currently no international consensus about rules of engagement in cyber space, but an international community is coalescing to address this issue and collectively share resources.
Attacks coming From IoT devices
IoT devices that incorporate an internet connection are being built into everything from medical devices, to cars, to refrigerators. Being online makes these devices smarter, but it also makes them vulnerable to hacking. Once hackers have control of these devices they can disable services, manipulate how they perform, or skim off data. And since most of these devices feature little to no built-in security, they are especially easy to compromise. The scale, frequency, and consequence of these attacks is all projected to rise.
Automation makes cybersecurity stronger
Monitoring and managing cybersecurity is a time- and labor-intensive process. Increasingly, heavy workloads are being shifted onto automated platforms. Relying on smart technology allows cybersecurity professionals to extend their reach while building greater visibility and accuracy into the process. Staying in front of hackers is still going to be a challenge, but as technologies like artificial intelligence and machine learning continue to develop they give the defenders an added advantage.
Trust will erode
At this point both individuals and companies are understandably anxious about cybersecurity. Everyone understands it's important, but few feel their data is actually safe. As this anxiety and distrust grows, both consumers and suppliers/vendors/partners will expect companies to provide comprehensive security audits and make amends if cybersecurity ever falls short. Companies will need to hold themselves to a higher standard, but when they do they cultivate trust in their brand.
Some of the developments on this list are good news, but, unfortunately, many of them are cause for alarm. If we can conclude anything it's that cyber crime is going to accelerate and cybersecurity is going to suffer as a result.
It's important for all companies to take this threat seriously and put sweeping protections in place. Even if they cannot deflect all threats, deflecting most is an imperative. But companies must also admit that some kind of cyber incident is likely to impact their bottom line. As a result, cybersecurity strategies must be expanded to include both threat mitigation and threat response.
Cyber insurance coverage is a crucial piece of the puzzle. When you're ready to explore your options, use the resources of this site to take a deep dive.