2017 has been a year of turmoil for information security with major breaches making headlines on a daily basis and cyberattacks being successfully deployed on an unprecedented scale. Ransomware went mainstream, corporations and government agencies failed to protect their data and the looming shadow of the EU’s General Data Protection Regulation (GDPR) sent companies into a scramble for compliance.
No company seemed safe from data leaks with big names such as Deloitte, Verizon and Uber falling victims to complex cyberattacks. The Equifax data breach, estimated to have affected over 143 million users in the US, brought the year to a grim conclusion for data security.
With December on the horizon, companies are breathing a sigh of relief to see this year of relentless breaches come to an end. But will 2018 be any different? Let’s have a look at the top trends going into the new year:
1. The Year of the GDPR
2018 will undoubtedly be the year of the GDPR. The EU’s new General Data Protection Regulation is a groundbreaking legislation that, for the first time, fuses cybersecurity and personal privacy. It is set to become the standard by which other data protection legislations will be judged and its implementation and enforcement are likely to decide the future of data protection in a legal context.
Privacy by design and by default, concepts hitherto confined to policy circles, will be tested against real world conditions and may reshape the way businesses view and carry out data protection.
Now that the vulnerability of our increasingly digitized world has been exposed, the GDPR and the legislations that have paved the way for it as well as those that are sure to follow it, seem like an inevitable step towards regulating security standards and consolidating privacy.
All businesses with European interests and clients are holding their breath in anticipation of 25 May 2018 when the GDPR will come into force and the full extent of the severity of its implementation will be known. In the beginning, Data Protection Agencies are likely to go after bigger fish and make examples of multinational companies guilty of neglecting the security of European citizens’ data, but with data breach notifications becoming mandatory under the GDPR, any company with compromised data risks winding up on their chopping block.
2. IoT enters the work place
With the rise of BYOD, enterprises have allowed personal devices, mostly under the form of mobile phones and laptops, to enter the work place. This trend is likely to continue in 2018 with employees adding IoT devices, wearables and VR devices to company networks. Products using the Internet of Things will also start being used to improve the efficiency of office spaces by making them smarter.
While IoT devices make unattractive targets for a number of the most common cyberattacks such as ransomware, they can be, as proved in 2017, effectively used for DDoS attacks as well as sources of disruption within work spaces.
To counteract potential vulnerabilities, enterprises will need to evolve their data protection models from focusing exclusively on endpoints to include an increasingly larger variety of devices and applications.
3. The battle for the soul of AI
Machine learning and AI will continue to grow in 2018 and as organizations begin to implement them to boost their cybersecurity by improving the way data is collected and analyzed, cybercriminals will also start to make use of them to expand their reach and impact. Attackers will use machine learning to speed up the process of pinpointing vulnerabilities in commercial products and AI to create more effective and less time-consuming phishing attacks.
At the same time, AI will allow cybersecurity professionals to discover more complex attack scenarios and implement security measures to guard against them. Machine learning algorithms will also start to be used with biometric behavioral data, making unusual user activity easier to detect.
These tools will be increasingly found on the front lines of the global battle for data security, raising the stakes as well as the level of complexity of both protection measures and attacks.
4. Cloud 2.0 becomes the norm
The cloud has moved beyond the stages of experimentation into mass adoption, with enterprises adopting cloud-only policies, effectively cementing cloud technology’s place in the mainstream. Multi-cloud architecture models that include both public and private clouds, as well as different providers for specific needs, are set to become the norm in 2018, with IDC Chief Analyst Frank Gens predicting 85% of companies will commit to them, putting 60% of enterprise IT workloads firmly in the cloud.
This shift towards cloud-only is likely to impact data security as well, with traditional network security infrastructures no longer being able to protect information as it circulates in and out of the cloud. As data is stored more and more in the cloud, ransomware attacks are likely to shift in the same direction, making it essential for cybersecurity professionals to diversify policies and expand their reach to include the cloud.
5. Data aggregators will become prime targets for data theft
With the Equifax data breach proving to be one of the most lucrative in recent history, data aggregators are sure to become the golden goose cybercriminals will be looking to catch. Accumulating massive amounts of data that is constantly entering and leaving their systems, data aggregators face difficult challenges in securing data. From employee negligence to weak authorization practices and breaches through third party compromises, attackers have plenty of potential vulnerabilities to discover and exploit.
2018 is likely to see an increase in attacks against companies storing and processing such enormous quantities of information. Businesses need to find more effective ways to monitor their entire network, such as Data Loss Prevention solutions, to combat the inevitable slew of new attacks.
The year ahead is likely to be an exciting one for the data security community as new regulations will shape the future of digital privacy and new technologies will step in to support cybersecurity professionals in their fight against breaches. At the same time, the continued anxiety over new attacks is likely to push companies to enforce stronger data protection policies in-house and in the cloud. That being said, just as technology reinvents the way business is done, it also continuously opens it up to new vulnerabilities.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.