As the world rings in 2018, privacy experts collectively brace for a new year of information security challenges. While ransomware, denial of service attacks, and endpoint security vulnerabilities will remain top of mind in 2018, new threats and risk factors will also emerge. Likewise, traditional hacking threats are likely to be more sophisticated in 2018, with new and more powerful hacking tools in the hands of bad actors. Businesses, consumers, and governments must remain vigilant in their information security posture as they face these new and diverse cybersecurity challenges. Polsinelli on Privacy looks at four areas of information security poised to make headlines in 2018.
1) The “Internet of Things” Goes Mainstream
The Internet of Things or “IoT” is an exponentially expanding network of connected devices and people. 2018 is predicted to be a boom year for IoT, making the technology truly disruptive. But as more widgets connect to IoT, hackers see new opportunities for extortion, blackmail, and mischief. What can a business do to protect itself? First, be proactive about configuring the security settings on your IoT devices and install security updates regularly. Second, work with security experts, counsel, and internal actors to develop an IoT security plan before an issue arises. Such planning helps businesses understand IoT threat landscape and focus on ways to address IoT security at an enterprise level. Finally, organize your thinking around some strategic principles for effectively securing your IoT platform. The Department of Homeland Security has issued guidance, for example, that can help both public and private entities address their IoT security posture.
2) Cloud Insecurity Grows
Cloud computing will continue to be an attractive option for consumers and businesses seeking to host data and applications remotely. Cloud services, however, pose a variety of security challenges that enterprising hackers increasingly seek to exploit. In 2018, cloud insecurity will grow as the volume of sensitive data stored in the cloud expands at a record-setting pace. What should a business do to secure its cloud-based assets? First, it should work with counsel to understand where responsibility lies for protecting the cloud. Cloud providers often employ a shared responsibility model, putting the onus on the customer for protecting what is in the cloud while the vendor protects the cloud itself. Second, businesses should fully understand, and prepare for, the variety of threats posed by cloud services ranging from data breaches to insecure interfaces and APIs. Finally, where necessary, businesses can employ encryption for cloud-hosted data or consider using an encrypted cloud service.
3) High Profile Hacking Groups Continue Attacks
2017 was ground-breaking in the volume and scale of world-wide hacks and heists. In 2018, expect more of the same but on a larger scale. High-profile hackers have access to new tools and exploits, including new “ransomworms” which will make them even more dangerous to your business. Ransomware attacks remain a profitable gambit and over the last two years, the rate at which organizations have been attacked has nearly doubled. As a first line of defense, companies and consumers can protect themselves by exercising internet commonsense: update software regularly, use an anti-virus agent, be savvy with pop-ups and suspicious emails, and regularly back-up data. Businesses should also work with counsel and security experts to develop a comprehensive security plan to respond to attacks and advanced persistent threats.
4) Artificial Intelligence (“AI”) Adoption Continues
The adoption of AI will continue to accelerate in 2018, permeating more of our everyday life. The role AI will play in society is evolving as more companies find new ways to incorporate AI into their business decisions and through e-commerce. In 2018, expect consumers to further acclimate to “always on” devices in their homes, and improve at interacting with such devices via voice. Also expect AI to drive smart automation in a variety of industries, including retail, maintenance, and energy. What should your business be thinking about with AI? First, understand the security threats posed by AI and how those threats could impact your business. Second, if your business is thinking about prototyping new AI, putting a plan in place is critical. As Forrester points out, AI is hard to do right and over half of the firms that have made AI investments have yet to see a return. By putting a plan in place, your company will clarify your data foundation, the level of business expertise needed, and the right business model for deploying—thus supporting smarter investment.