It’s a challenging time to work in the field of IT security. Over the past decade, new threats have emerged as cybercrime escalates in both frequency and sophistication. It seems we can’t go a month without another major brand making the headlines for a data breach.
As the threat of cybercrime has persisted in 2018, the world of online security is changing in several ways. For starters, companies and governments are investing more than ever before in their digital security efforts. (Predictions suggest global spending on information security will top out around $93 billion in this year alone.)
Related: How to create a security incident response plan
6 cybersecurity trends driving information security spending
Here are six of the modern cybersecurity trends that are driving that spending in 2018:
Cybercrime continues to rise.
Cyberattacks carry increasingly higher stakes.
GDPR has become a core focus.
IoT security solutions are taking center stage.
Credentials-based attacks are escalating.
Social Security numbers are no longer the end-all-be-all of security.
Let’s look at how data breaches and other cybersecurity threats and trends are changing the online security landscape.
1. Cybercrime continues to rise
The number of data breaches reached a record high in 2014 — and then it broke that record in 2015, 2016 and 2017.
This trend is expected to continue for the foreseeable future, especially as organized crime groups set their sights on cybercrime.
The World Economic Forum now names cybersecurity as one of the predominant global risks — second only to extreme weather events and natural disasters. Some of today’s most prominent cybersecurity threats include:
Advanced Persistent Threats (APT)
As the name suggests, these data breaches last for an extended period of time — months or, in some cases, years. These attacks have increased so much in frequency that the market for protection from APT has grown to more than $8.6 billion.
One poll found 94 percent of security experts expect these attacks to increase (and two-thirds of respondents aren’t confident they can prevent them). One of the reasons mobile malware is so challenging to address is that it can take many forms, from keyloggers to ransomware or malicious apps.
Related: How does GoDaddy Express Malware Removal work to remove malware?
These attacks are increasingly sophisticated and persistent thanks to social engineering techniques. Estimates suggest as many as 1.4 million phishing websites are created each month.
Related: Email phishing — Think before you link
Weaponized Artificial Intelligence
These are data breaches in which AI is targeted and/or exploited for criminal gain. A 2017 poll found that 91 percent of cybersecurity professionals are worried about hackers utilizing AI.
Related: Who’s afraid of the big, bad AI?
2. Cyberattacks carry increasingly higher stakes
Data breaches have been an issue for years, but in 2018 they’ve carried higher stakes than ever before. That’s true for several reasons, including:
- Emerging technologies — including cryptocurrencies, blockchain technology, and automated and robotic systems — are especially vulnerable to cyberattack.
- Ransomware is becoming increasingly sophisticated and is focusing more and more on cloud-based systems, where unlimited amounts of data may be stored.
- Modern cyberattacks are gaining unprecedented access to software, firmware and hardware and spending more time there than ever before, which escalates the risks involved.
Related: Lessons from the Atlanta hack — Ransomware, bitcoin and denial
3. GDPR has become a core focus
In May 2018, European Union’s General Data Protection Regulation (GDPR) rules went into effect. These rules require governments and corporations of all sizes to take steps toward protecting EU citizens’ personal data and privacy.
Because the internet has made most corporations global, these rules have far-reaching effects — and they’ll require a huge range of entities to make security a bigger priority in 2018 and beyond.
If all goes according to plan, GDPR will enhance online security in a number of ways:
- Consumers must have an opportunity to understand and consent to how their data will be used by companies. This means most organizations will change their privacy policies.
- Companies are required to alert consumers that they’ve been hacked within 72 hours of a data breach. Organizations will also be expected to disclose more information about data breaches than they might have in the past.
- Apps will not be able to access or collect as much data from people’s mobile devices. For instance, consumers’ phone contacts and call logs will be off limits under the new rules.
Additionally, apps will not be allowed to collect data about users under the age of 16. Several apps have shut down instead of attempting to comply with the new regulations.
Related: Practical steps for website GDPR compliance
4. IoT security solutions are taking center stage
The Internet of Things has introduced unprecedented security challenges, and companies are increasingly being forced to respond as consumers call for greater security across digital devices.
These demands are to be expected when you consider that research suggests IoT devices frequently don’t have embedded security features, and some estimates suggest many IoT devices can be hacked in as little as two minutes.
In response to the need for greater consumer protections, 67 percent of companies polled in the Global State of Information Security Survey 2018 reported that they either have an IoT security strategy in place or are currently implementing one. Meanwhile, the European Union is considering regulations that would seek to enhance cybersecurity within the Internet of Things.
Related: A beginner’s guide to the Internet of Things and WordPress
5. Credentials-based attacks are escalating
Credentials-based data breaches now account for 81 percent of all cyberattacks — and they’re only continuing to increase. As a result, security protocols are moving beyond passwords toward ensuring that the person entering the password is actually the right person in question.
This involves the development and refinement of new analytics and new authentication protocols — including biometrics and push notifications. These protocols must respond to the escalation of credentials-based cyberattacks while still enabling users to authenticate their identity from anywhere.
Related: Increase account security with two-step verification on your mobile device
6. Social Security numbers are no longer the end-all-be-all of security
In 2018, people are starting to accept a fact that’s already been true for several years: If a government or company has obtained your Social Security number, then it is not safe. Governments and organizations are being forced to confront the fact that a single personal identification system is not adequate in the face of escalating cyber threats. More and more countries — including Belgium, Chile, Estonia, Germany, Israel and Spain — are beginning to implement (or at least consider) advanced ID systems.
Keep your company safe from data breaches in 2018
As the first half of 2018 indicates, the landscape of cybersecurity is changing every minute. It is more critical than ever to invest in cybersecurity teams and solutions — and to provide teams with the resources needed to respond to emerging and evolving threats. With informed and responsive tactics, it is possible for companies to stay on top of digital security even within an ever-changing landscape.
The post What 2018’s data breaches can teach us about internet security appeared first on Garage.