Last year was a rough one for cybersecurity. From the WannaCry ransomware attack to the Equifax hack, 2017 was a harsh reminder of the importance of having strong IT practices and an incident response plan.
So what does 2018 have in store? SecureWorks, one of our partners and the nation’s largest cybersecurity firm by number of clients, compiled some of the top 2018 predictions from various industry analysts. These cover everything from security services, IoT, integrated platforms, GDPR, skills shortage, detection and response, and machine learning, to automation and orchestration. Here’s a summary of the predictions:
1. Companies will be using vendors that offer an integrated platform approach to security.
It’s predicted that by 2020, 30 percent of security spending will be on vendors that provide an integrated platform approach to security. With countless security solutions, and the ever-evolving threat actor, organizations want to find solutions that most effectively mitigate risk and reduce complexity.
2. Machine learning and cognitive software will be utilized more by organizations.
By 2020, 50 percent of security telemetry will be made more useful through machine learning and cognitive software, which will ingest and curate it into actionable and intelligent data at record speed. By 2021, requirements for greater efficiency in threat response will drive 20 percent of buyers to heavily weight automation in buying criteria.
3. Since companies are facing a shortage in security skills, they’ll be using security services more.
Twenty-nine percent of organizations have an acute shortage of cloud security skills. To help with the security skills gap, organizations of all size are moving aggressively towards security services. By 2021, at least half of small and midsize enterprises will use managed services to secure their infrastructure, up from less than 20 percent today.
4. Chief information security officers will have to be more involved in setting up the right security policies and developing processes.
Because of this shortage in security skills, organizations are not setting up the right security policies, processes, or controls for the cloud. This will inevitably lead to lots of easily-exploitable vulnerabilities, data breaches, and regulatory compliance violations. To alleviate this risk, CISOs will have to up their game in 2018.
5. More IoT attacks will be motivated by financial gain than chaos.
Companies should assess IoT attack vectors, compliance risk, and organizational readiness to take action against this threat. (For more information about IoT risks, you can read any of our previous articles on the subject, including one about a vulnerability in security cameras.)
6. The EU’s General Data Protection Regulation (GDPR) will have an immediate impact on the global economy and how businesses engage, shining a light on personal data and privacy.
This, too, is affecting the way security companies address insider threats. Firms too aggressively hunting insider threats will face lawsuits and GDPR fines. This is in part due to more stringent rules around privacy rights in the workplace. Companies should create privacy rules of engagement for employee monitoring.
INSUREtrust can help you construct the right cyber insurance policy for your clients, and we also offer security services and employee training tools to help insureds with incident prevention and response. Give us a call today to learn more.