Cybersecurity Trends of 2018
By Alex
Manea
Manea
CSO
BlackBerry
BlackBerry
As
BlackBerry’s Chief Security Officer, Alex Manea regularly speaks to Fortune 500
C-Suites and leaders representing the world’s top global brands, listening and
learning about what security concerns keep them up at night. Alex also tries to
spend just as much time speaking with security researchers – ethical hackers
devoted to discovering security flaws and vulnerabilities.
BlackBerry’s Chief Security Officer, Alex Manea regularly speaks to Fortune 500
C-Suites and leaders representing the world’s top global brands, listening and
learning about what security concerns keep them up at night. Alex also tries to
spend just as much time speaking with security researchers – ethical hackers
devoted to discovering security flaws and vulnerabilities.
Based on
countless conversations over the past 12 months with customers, partners,
government officials, Blackberry’s internal cybersecurity experts, and leaders
from both the security and research communities, below are Alex’s trends for 2018.
countless conversations over the past 12 months with customers, partners,
government officials, Blackberry’s internal cybersecurity experts, and leaders
from both the security and research communities, below are Alex’s trends for 2018.
#1: 2018 will be the worst year to date for cyberattacks
With
2017 being the worst year ever for cyberattacks, it is tempting to think that we have hit rock bottom,
but what we have seen so far is just the tip of the iceberg.
2017 being the worst year ever for cyberattacks, it is tempting to think that we have hit rock bottom,
but what we have seen so far is just the tip of the iceberg.
The fundamental
issues that have caused the
majority of recent cyberbreaches have not been resolved. IT departments are
being tasked to manage increasingly complex networks, support new types of
endpoints, and protect more and more sensitive data. Legacy systems are still
rampant throughout most
industries and cannot be easily upgraded or replaced. These systems often
contain publicly known software vulnerabilities which can be exploited to penetrate the
corporate network.
issues that have caused the
majority of recent cyberbreaches have not been resolved. IT departments are
being tasked to manage increasingly complex networks, support new types of
endpoints, and protect more and more sensitive data. Legacy systems are still
rampant throughout most
industries and cannot be easily upgraded or replaced. These systems often
contain publicly known software vulnerabilities which can be exploited to penetrate the
corporate network.
At the
same time, attackers are getting increasingly sophisticated and have more incentives than ever
to mount cyberattacks. From building ransomware or mounting DDoS attacks and demanding bitcoin payments, to working
with organised crime
and even national governments, malicious hackers have numerous ways to monetise their skills and to
protect themselves.
same time, attackers are getting increasingly sophisticated and have more incentives than ever
to mount cyberattacks. From building ransomware or mounting DDoS attacks and demanding bitcoin payments, to working
with organised crime
and even national governments, malicious hackers have numerous ways to monetise their skills and to
protect themselves.
Governments
and enterprises are recognising these new threats and deploying modern security
solutions, but it will take years to decommission all of the legacy systems. 2018
will be yet another year where the shortcuts of the past come back to haunt us.
More importantly, we need to start planning for the future by addressing the
new threats posed by the Internet of Things (IoT), which go well beyond
anything that we see in today’s cyberattacks.
and enterprises are recognising these new threats and deploying modern security
solutions, but it will take years to decommission all of the legacy systems. 2018
will be yet another year where the shortcuts of the past come back to haunt us.
More importantly, we need to start planning for the future by addressing the
new threats posed by the Internet of Things (IoT), which go well beyond
anything that we see in today’s cyberattacks.
#2: Cyberattacks will cause physical harm
Securing
the Internet of Things is even more important than securing traditional IT
networks for one simple reason: IoT attacks threaten public safety. A hacked
computer or mobile device typically cannot cause direct physical harm. While it
is certainly frustrating to have our personal information stolen, it doesn’t
compare to the impact of being involved in a car accident or having your infusion pump or pacemaker compromised. IoT security will
literally become a matter of life and death, and we cannot simply wait for that to happen.
the Internet of Things is even more important than securing traditional IT
networks for one simple reason: IoT attacks threaten public safety. A hacked
computer or mobile device typically cannot cause direct physical harm. While it
is certainly frustrating to have our personal information stolen, it doesn’t
compare to the impact of being involved in a car accident or having your infusion pump or pacemaker compromised. IoT security will
literally become a matter of life and death, and we cannot simply wait for that to happen.
There is
a need for stronger IoT security standards, especially as we continue to move
towards smart cites. With the
growing ubiquity of IoT and lack of focus on security, it is only a matter of
time until malicious hackers breach critical connected infrastructure and
devices and cause direct physical harm to individuals and innocent bystanders.
a need for stronger IoT security standards, especially as we continue to move
towards smart cites. With the
growing ubiquity of IoT and lack of focus on security, it is only a matter of
time until malicious hackers breach critical connected infrastructure and
devices and cause direct physical harm to individuals and innocent bystanders.
#3: Hackers will target employees as they become a growing cybersecurity
vulnerability
vulnerability
IT
departments typically focus their spending on preventing external
attacks, but the reality is
that most data breaches start internally – either by sharing documents through
unsecure, consumer applications or clicking on increasingly sophisticated
phishing attacks.
departments typically focus their spending on preventing external
attacks, but the reality is
that most data breaches start internally – either by sharing documents through
unsecure, consumer applications or clicking on increasingly sophisticated
phishing attacks.
While
hackers are often depicted as technical geniuses using complex algorithms to
break advanced cryptography, the reality is that simpler techniques can be just as effective. Criminal
hackers are not seeking style points; they are simply looking to breach the
system as efficiently as possible. As our technical defenses continue to
improve, employees will become the weakest link, increasingly targeted by
attackers as part of their overall strategy.
hackers are often depicted as technical geniuses using complex algorithms to
break advanced cryptography, the reality is that simpler techniques can be just as effective. Criminal
hackers are not seeking style points; they are simply looking to breach the
system as efficiently as possible. As our technical defenses continue to
improve, employees will become the weakest link, increasingly targeted by
attackers as part of their overall strategy.
Alex has
a simple advice to all CIOs and CISOs: go hack yourself. You can spend all of
your time building and buying systems that you believe will stop intruders in
their tracks, but until you bring professional ethical hackers and let them simulate a real-world
cyberattack (including phishing and other social engineering techniques), you
would not ever know if you are truly secure. Blackberry’s cybersecurity
services team recently gained access to a customer’s network by simply getting
T-shirts made with their company logo on it and stating that they were “with
IT.” If your employees do not know how to use the technology you put in place,
or realise that they all play a critical role in keeping your company secure,
everything a CIO/CISO does is for not.
a simple advice to all CIOs and CISOs: go hack yourself. You can spend all of
your time building and buying systems that you believe will stop intruders in
their tracks, but until you bring professional ethical hackers and let them simulate a real-world
cyberattack (including phishing and other social engineering techniques), you
would not ever know if you are truly secure. Blackberry’s cybersecurity
services team recently gained access to a customer’s network by simply getting
T-shirts made with their company logo on it and stating that they were “with
IT.” If your employees do not know how to use the technology you put in place,
or realise that they all play a critical role in keeping your company secure,
everything a CIO/CISO does is for not.
#4: Insurance and cybersecurity products will go hand and hand
In 2018,
it would not matter which system or employee proves to be the weakest link,
major corporate data breaches will happen and insurance companies are taking
notice. They are taking notice because attacks to their clients could be as
harmful as it could be helpful to their bottom line.
it would not matter which system or employee proves to be the weakest link,
major corporate data breaches will happen and insurance companies are taking
notice. They are taking notice because attacks to their clients could be as
harmful as it could be helpful to their bottom line.
This
year we will see firms not only add more cyber policy holders to their roster,
but also seek out two strategic avenues to help manage risk for them and their
customers: products and experts.
year we will see firms not only add more cyber policy holders to their roster,
but also seek out two strategic avenues to help manage risk for them and their
customers: products and experts.
Just
like Progressive’s Snapshot plug-in device which helps the insurer provide
personalised rates based on your actual driving, insurance companies will start
selling products to help track their client’s security posture. They will even
partner with security experts to appropriately evaluate a company’s ability to
protect against a cyberattack. Scorecards will be given and companies that
perform the best will be rewarded with a lower policy amount.
like Progressive’s Snapshot plug-in device which helps the insurer provide
personalised rates based on your actual driving, insurance companies will start
selling products to help track their client’s security posture. They will even
partner with security experts to appropriately evaluate a company’s ability to
protect against a cyberattack. Scorecards will be given and companies that
perform the best will be rewarded with a lower policy amount.
Next Steps
While
many other things will impact the cybersecurity industry this year, Alex believes
these are some of the biggest trends for 2018. Though these trends may seem
bleak to some, they too present many opportunities and possibilities if we are
well prepared.
many other things will impact the cybersecurity industry this year, Alex believes
these are some of the biggest trends for 2018. Though these trends may seem
bleak to some, they too present many opportunities and possibilities if we are
well prepared.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
