This year saw several high-profile cyberattacks, including Equifax and Uber, and 2018 will likely see a continuation, with increased sophistication and more insider involvement, an IT expert says.
“It is likely we will see more,” Michael Fimin, CEO of Netwrix, a cybersecurity provider, told FierceCEO. “It doesn’t look like this will be the end.”
And the biggest challenge may come from within, Fimin said. “Companies’ own employees can pose a threat.”
To keep up with an evolving threat landscape, “organizations may have to rethink their security strategies and come up with new approaches to tackling cybersecurity issues,” he said.
Netwrix predicts that the following trends will play a significant role in 2018:
- Blockchain for IT security. Blockchain technology allows data storage in a decentralized and distributed manner, which eliminates a single point of failure and prevents hackers from compromising large volumes of data. Due to its ability to quickly identify the data that has been manipulated, blockchain may become the core technology for highly regulated industries, like banking and law, Fimin said.
- Focus on insider threats. Most organizations lack visibility into user behavior, which makes them vulnerable to insider threats. The need to keep sensitive information secure and prevent insider breaches will force organizations to make more efforts to establish stricter control over user activity in their IT environments.
- Continuous adaptive risk and trust assessment. Since protection against behind-the-perimeter attacks is not sufficient today, Gartner suggests a Continuous Risk and Trust Assessment Approach (CARTA), which sees security as a continuous process that changes all the time and has to be regularly reviewed. Real-time assessment of risk and trust will enable organizations to make better decisions regarding their cybersecurity posture and mitigate the risks associated with aberrant user activities.
- Growing demand for advanced analytics. Because security software generates massive amounts of data, organizations need advanced analytics to gain a complete picture of what’s going on in their IT environments. The growing adoption of user and entity behavior analytics technology will help companies understand their weak points better and promptly respond to any activities that might pose threat to data integrity.
- Organization-specific approach to IT security. Organizations will expect vendors to offer more personalized security solutions that address specific pain points depending on a company’s size, IT environment complexity and budget. This will give businesses an opportunity to use products that better match their needs, and small vendors with a single focus will be able to compete with larger but less flexible software providers.
In 2017, “external threats, such as state-sponsored attacks and cloud hacks, were the hottest topics for IT professionals,” Fimin said in a statement. “We expect that in 2018, the main focus will be on insider threats, since rogue or negligent employees and intruders with stolen credentials may pose a bigger risk to security than outsider hackers.”
Organizations “will likely do their best to minimize insider risks—by keeping a closer watch on user activities, analyzing user behavior, and regularly assessing risks to proactively spot weaknesses and improve their security posture,” he said.