Security issues were a top concern for many organizations during 2017, with Russian hackers, high-impact ransomware attacks, and major data breaches dominating the headlines. As retailers prepare for the challenges of the new year, it might be a good idea to think about possible risks and security failures that are likely to arise in 2018. Luckily, the Chertoff Group, a risk management and security advisory firm, has recently released its predictions for the top six security risks in 2018. Adam Isles, principal at The Chertoff Group, shared his thoughts:
Expansion of Internet of Things as a Threat Vector – Millions of unsecure, Internet-enabled devices provide new threat vectors. Given the rapid proliferation of Internet of Things devices in advance of IoT-oriented security standards and configuration practices, expect these devices to be increasingly used as weapons for DDoS and other attacks.
Don’t become another data breach statistic. Get our FREE Special Report, Data Security: Data Loss Prevention Best Practices and Proven Policies to Combat Data Breaches right now!
Evolution in Nation-State Activity Tradecraft – State actors are increasingly relying on capabilities – people and technology – with roots in organized crime. Certain governments will continue to expand their cyber operations, both cyber attacks and information warfare, but will do so by leveraging crime-related capabilities, which can complicate attribution.
Increased Use of Software Subversion to Bypass Security Controls – Hijacking of trusted software and updates will continue to be an attractive target. As seen during the 2017 MeDoc and CCleaner incidents, adversaries are using third-party software as a viable new entry vector for malware.
Advances in Identity Subversion as a Tactic – Malicious actors will continue to seek new ways of subverting identity as an end-run around cyber and fraud defenses.
Increase in Third-Party Risk: Cloud Service Providers – Organizations continue to struggle with the one of the weakest links in their technology environment – access between the organization in question and its 3rd party partners, in particular cloud service providers. Successful configuration management, system hardening, access management, etc. are all critical elements to a secure cloud strategy in 2018.
Increase in Disruptive and Destructive Attacks Targeting Industrial Control Systems – The past decade has been punctuated with incidents targeting industrial control systems (ICS). Reference: Stuxnet, a 2014 attack that disrupted a German steel mill, a 2015 attack targeting Ukraine electric utilities, plus numerous other reconnaissance events. These attacks are expected to continue in 2018.