Businesses of every type and size were plagued by security threats last year, and it's not going to get any better. Cyber threats are set to worsen, and enterprises find themselves having to deal with complex technologies, sophisticated malware, floods of data, increasingly stringent regulation and a crippling skills shortage.
This is according to Simon Campbell-Young, CEO of Intact Software Distribution, adding that there are several threats that will impact the operations of businesses of every size and type in 2018.
No skill needed
One area that he believes will take off in 2018 is cyber crime-as-a-service, as underground criminal groups continue to mirror legitimate businesses, increasingly collaborate with each other, and form new partnerships and syndicates.
Campbell-Young says this will see the bad guys diversifying into new markets and further 'commercialising' and commoditising their malicious tools and activities. Even more dangerous, this will allow aspiring cyber crooks with little tech savvy or knowledge to buy malicious tools to commit attacks, without needing any particular skills or expertise. The criminals who sell these tools will also offer 'after sales' and customer service to these individuals, to help them should they experience any problems.
He says another area that is set to surge this year, is ransomware, a favourite tool for cyber criminals as has proved both easy to carry out, and highly profitable. "We can expect as surge of these attacks, both in frequency and sophistication, targeting individuals and corporates alike. In addition, with the Internet of things (IOT), home users are at greater risk, as a growing number of home devices connect to the Internet and to each other."
According to him, the IOT will also become a greater problem, as these devices are being adopted on a massive scale, and many of them were not designed with security in mind. "IOT devices are increasing the attack surface by a thousand fold, and because they collect a wealth of data, are highly attractive targets for cyber criminals. Their lack of security also makes them an ideal stepping stone for threat actors to gain access to a network, and its valuable data."
The weakest link
The supply chain is another area in which Campbell-Young believes will see a surge of new attacks going forward. "A security chain is only as strong as its weakest link, and I've said for years that the supply chain is vulnerable, as confidential data is routinely shared with vendors and other third-party partners."
He says once that information has been shared, the business no longer has control over it. "Perhaps too much faith is placed in the supply chain's security. Irrespective of the type of business your organisation is in, it will have a supply change. The challenge is knowing where our data is at every stage of the lifecycle, and the ability to protect it as it's being shared and stored out of our control."
Moreover, the supply greatly widens the attack surface, as it's easy for clever cyber criminals to use a third-party partner to gain entry into a partner organisation which is the desired target. "In 2018, businesses will need to concentrate on better security for their supply chains, and ensure they have the appropriate measures in place."
Control of data
Unsurprisingly, Campbell-Young says cloud security will also remain an focus for businesses this year. "The past decade has seen an explosion in the uptake of cloud-computing technologies and platforms, and with it, a whole new slew of security threats. Moving to the cloud inevitably means a certain loss of control of your businesses' data, as it is now stored off-premises, with a cloud provider. Issues of data residency and governance will continue to be a concern for companies, as will ensuring data in the cloud remains private and secure."
Although cloud providers do have security tools and solutions in place to reduce the risk of a breach, businesses should bear in mind that they are ultimately responsible for the security of their data and a breach can have serious legal, regulatory, reputational and financial consequences.
Share