From WannaCry and NotPetya to Equifax and Deloitte, barely a week has passed in the last twelve months without a cyber attack hitting the headlines. But what does the next year hold in store for security professionals? We asked the experts.
Connected medical devices will increasingly be a target for hackers
Anthony O’Mara, EMEA vice president, Malwarebytes
When looking down the road at the future of cybersecurity, one concern I expect to become bigger is the Internet of Things. Inevitably building an increasingly connected world means that too many easily exploitable devices are being built without security in mind. What people aren’t taking seriously enough is the medical devices which will become part of us, such as pacemakers, prosthetics or even a regular Fitbit could be used against you.
The healthcare industry must examine this to ensure patient security. Devices should have strict authentication, limited access, and heavily monitored device-to-device communications. Crucially, these devices will need to be encrypted – a responsibility that is likely to be driven by third-party security providers. In addition, further government initiatives, such as NHS Digital which recently ploughed £20 million into a cybersecurity unit, should be explored come 2018 to help protect us against cyber miscreants.
GDPR will prompt companies to re-evaluate the importance of security
Ben Brabyn, head of Level39
GDPR regulations coming into place next year will force companies to re-think their approach to data security and cyber security. Research reveals that 91% of companies are not prepared for the changes that will come along with GDPR regulation. In light of this, and the swathe of high-profile breaches corporations have faced in 2017, I predict 2018 will be the year companies begin to re-evaluate the importance of cyber security. It will be a year where private and public sector come together, focus on joint solutions, find opportunities to collaborate and face the threats of cyber attacks head-on, re-igniting Britain’s position as a cyber security leader.
Protecting customer data is a priority for most companies but as we’ve seen in the example of Uber, customers aren’t the only ones with valuable personal information. Companies need to have an eye on how to protect their employees’ details and to create a safe environment for them to operate. Large organisations and the UK government should look towards the expertise of innovators to defend their frontlines. By joining forces with cyber security SMEs institutions can adopt forward-thinking solutions to defend and proactively protect their valuable data.
Social engineering will remain the greatest threat
Simon Andrews, early stage investor, Octopus Ventures
People’s opinions on surveys do not mirror reality when it comes to data privacy. Average users value utility and service more than data privacy, and tend to carry on using a company’s product even after a data breach. In my opinion, consumer behavior will change to match survey results. With regulatory changes coming into place next year, a greater need for education on data protection will ramp up, making us more knowledgeable of where our data is stored and the day to day risks that we may not have been aware of before. We will all naturally become more conscious about our decisions with the services we are using.
Social engineering remains the greatest threat, and shows that security is an ongoing process and not a problem to be solved. Companies, large and small, need to understand that cyber breaches can occur more than once and are constantly threatening a business. Security has to be a combination of perimeter defence, threat detection and training. Investing heavily in the necessary security measures will prevent businesses from falling victim to damaging cyber-crimes that will cost them dearly.
We’ll see an overhaul of security measures
Angela Sasse, professor of human-centred technology, UCL
GDPR will put the spotlight on how effective security measures are in reality, because effective security is the necessary foundation for delivering privacy protection. Having policies on paper that nobody follows, or rigging up temporary solution to pass audits is just not good enough. In the private sector, we’ll see an overhaul of security measures: they need to be easy to understand, and possible to follow whilst you get your job done. For public-sector organisations, delivering security and privacy in the face of shrinking resources will be the biggest challenge: outdated systems and overworked staff are easier to attack. They will need to get creative, and engage and consult with their staff to develop better IT and security solutions, rather than hiring expensive external consultants.