Get Our Email Newsletter

The Chertoff Group Predicts the Top 6 Security Risks of 2018

Security issues were a top concern for many organizations during 2017, with Russian hackers, high-impact ransomware attacks, and major data breaches dominating the headlines. As retailers prepare for the challenges of the new year, it might be a good idea to think about possible risks and security failures that are likely to arise in 2018. Luckily, the Chertoff Group, a risk management and security advisory firm, has recently released its predictions for the top six security risks in 2018. Adam Isles, principal at The Chertoff Group, shared his thoughts:

Expansion of Internet of Things as a Threat Vector – Millions of unsecure, Internet-enabled devices provide new threat vectors. Given the rapid proliferation of Internet of Things devices in advance of IoT-oriented security standards and configuration practices, expect these devices to be increasingly used as weapons for DDoS and other attacks.

Evolution in Nation-State Activity Tradecraft – State actors are increasingly relying on capabilities – people and technology – with roots in organized crime. Certain governments will continue to expand their cyber operations, both cyber attacks and information warfare, but will do so by leveraging crime-related capabilities, which can complicate attribution.

- Digital Partner -

Increased Use of Software Subversion to Bypass Security Controls – Hijacking of trusted software and updates will continue to be an attractive target. As seen during the 2017 MeDoc and CCleaner incidents, adversaries are using third-party software as a viable new entry vector for malware.

Advances in Identity Subversion as a Tactic – Malicious actors will continue to seek new ways of subverting identity as an end-run around cyber and fraud defenses.

Increase in Third-Party Risk: Cloud Service Providers – Organizations continue to struggle with the one of the weakest links in their technology environment – access between the organization in question and its 3rd party partners, in particular cloud service providers. Successful configuration management, system hardening, access management, etc. are all critical elements to a secure cloud strategy in 2018.

Increase in Disruptive and Destructive Attacks Targeting Industrial Control Systems – The past decade has been punctuated with incidents targeting industrial control systems (ICS). Reference: Stuxnet, a 2014 attack that disrupted a German steel mill, a 2015 attack targeting Ukraine electric utilities, plus numerous other reconnaissance events. These attacks are expected to continue in 2018.

Loss Prevention Magazine updates delivered to your inbox

Get the free daily newsletter read by thousands of loss prevention professionals, security, and retail management from the store level to the c-suite.

What's New

Digital Partners

Become a Digital Partner

Violence in the Workplace

Download this 34-page special report from Loss Prevention Magazine about types and frequency of violent incidents, impacts on employees and customers, effectiveness of tools and training, and much more.


View All | Sponsor a Webinar


View All | Submit a Whitepaper

LP Solutions

View All | Submit Your Content

Loss Prevention Media Logo

Stay up-to-date with our free email newsletter

The trusted newsletter for loss prevention professionals, security and retail management. Get the latest news, best practices, technology updates, management tips, career opportunities and more.

No, thank you.

View our privacy policy.