As a part of our series on 2018 Year in Review, the EDGE360 editorial team has connected with our regular contributors to get their reflections on the biggest trends that impacted the year. We had the opportunity to sit down with Bryant G. Tow, Managing Principal of CyberRisk Solutions, a security consultant firm that helps organizations build a foundational security strategy.
Tow has been providing a unique blend of combined expertise in technology, cyber and physical security for more than two decades. He shared his insights on cybersecurity trends and milestones in 2018. From the emergence of new threats, ranging from cryptojacking to the impact of General Data Protection Regulation (GDPR) – which set the benchmark for global compliance targets – Tow highlights several cybersecurity milestones. Read his full interview below:
EDGE360: What was the biggest news in cyber for 2018?
Tow: Two things caught my attention in 2018. Everybody still talks about Equifax and that’s been several months ago. As a result of that breach, there’s the continuing saga of the patches that have been out for six months and were not put in place and ended up costing them millions and millions of dollars. This is a reminder that cybersecurity isn’t just technology – it’s process people, resources, and the Ring of Security we’ve discussed in the past.
The next thing that took the spotlight in 2018 is the report that cryptojacking has surpassed ransomware as a tool for hackers. Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Again, as easy as it is to get somebody to click on a link or to be able to get into a machine, crypto-jackers utilize the processing power of that machine to mine bitcoins instead of actually attacking.
They stay in the background and use the processing power at night or during off-peak hours, so nobody really knows that it’s there. I expect that crypto-jacking and crypto-mining are going to really pick up and continue into 2019.
EDGE360: Were there any new trends/focus you saw that changed or improved the way cyber is approached?
Tow: On the technical side, I saw a lot of improvement in both monitoring tools and desktop tools. Detection and alerting is getting consistently better. Does that mean we are keeping up with the threats out there? I’m not really sure, because for every cyber tool that is developed and employed, the hackers are right there with us.
EDGE360 Was GDPR everything we expected it to be?
Tow: Any time a new compliance target comes out, everybody panics and worries about what is going to happen. But, truly, it is only when there is a consequence to noncompliance that everyone actually starts to pay attention to cybersecurity.
Most companies don’t pay much attention to fortification of security targets for people, processes, etc., unfortunately, until there has been an audit, a breach, or something that involved a direct failure of a control. In the case of GDPR, there hasn’t been enough time between its effective date in May to audits that may uncover noncompliance.
We probably won’t be hearing about anything major unless it was just blatant violation of GDPR. But, even then, the organization would probably be given the opportunity to remediate, unless there was some kind of malicious intent or willful intent to ignore the mandate.
EDGE360: How would you define 2018 in a sentence? 2018 was the year of…
Tow: 2018 was the continuing evolution of compliance, and the evolution and morphing of the threat. You have heard me say before that the threats are always ever-moving, and, although ransomware is still huge, cryptojacking is gaining more traction. On the other side of the equation, development and implementation of compliance targets, such as GDPR, is more global in nature.