The recurring theme of the multitude of 2018 technology and cybersecurity predictions from a host of experts, according to Bryant G. Tow, Managing Partner of CyberRisk Solutions, is they are a continuation of what we have been seeing for the past few years. Predictions range from the “explosion” of threats through the Internet of Things (IoT), digital exploitation and blockchain to using ransomware to shut down point-of-sale systems.
“Some of these predictions will play out, because the truth of the matter is that the attack surface is growing, and threats will change in step with the evolution of technology and its reach,” Tow said. “All you have to do is read business magazines, see where technology is being used more effectively and efficiently, and you can see that is where your next attack surface will be.”
“A notable example is the new Meltdown threat, which allows malware to jump from one app performing a task to another app performing a different task at the chip level,” Tow explained. “Spectre is similar, and in both cases, there are patches available that can solve a good portion of these problems. New threat, same solution.
“Along the same vein, 100 percent of the breaches in these predictions are somehow process related,” Tow continued, “If you have processes in place and resources to maintain systems and make the necessary patches going into 2018, you are protected.”
Tow explained that while Chief Security Officers (CSOs) should be watching for threats like Meltdown and Spectre this doesn’t fundamentally change what they should do as security officers.
“Are there tactical things a CSO should do?” Tow asked. “Yes, but really, it is more about being more diligent around people, processes, technology and facilities – the Ring of Security. Fraud-as-a-service is still fraud. It is the same as what has been going in ransomware for years.
“Solid risk management follows the same day-to-day processes that I should be doing anyway as part of my overall program,” Tow explained.
He said CSOs should be focusing on these 10 areas to remain vigilant in cyber efforts in 2018:
- Risk Management strategy – the Ring of Security that includes people, processes, technology and facilities
- Network Security
- Managing user privileges
- Malware detection and prevention
- Removable media controls – thumb drives and phones
- Threat monitoring and management
- Security systems configuration
- Mobile workforce strategy
- Incident management
- Awareness programs
“If a CSO is already using these 10 tactics, threat intelligence will feed the information needed if something related to one of these predictions pops up,” he explained. “Solid processes offer the ability to prepare to defend the network, and if these elements are in place, they should be good to go.”