What's Next for Cybersecurity in 2018?
We live in a world that is networked together, where companies rely on networked systems and their data is stored in the cloud. The year 2018 will bring more connectivity, digital transformation initiatives, and data to companies, along with a number of new cybersecurity threats and landscape changes making cybersecurity one of the most crucial issues that need to be addressed in the present scenario.
Let’s just take a quick look to what we witnessed in 2017. This year incidents like WannaCry and Netya illustrate, our adversaries are becoming more and more creative in how they architect their attacks. But in the end, it’s more about who has not been breached vs who is the latest. The world of cybersecurity witnessed changes frequently with security experts trying to gain know-how about what is happening and how they can mitigate it. The universal fact is that we have to accept that we can’t protect everything, but we can find a way to control what matters the most.
2018 will be a year where security will become part of the fabric in how we work. Below are my cybersecurity predictions that I believe will continue to impact the technology industry in 2018.
1. Shift in focus from protection to prevention
An ounce of prevention is worth a pound of cure, so the saying goes. Historically IT organizations focused heavily on perimeter network security to protect their networks from cyberattacks. Protection at the perimeter edge works well for data moving toward the protected assets. However, recent breaches have shown that perimeter security alone isn’t sufficient to combat advanced persistent threats. By focusing on more proactive and offensive approaches, rather than strictly defensive, that help detect and respond to possible threats rather than react, it is possible to stop threats before they expose the organization to risk. Your security setup will need to focus on detection, response, and remediation. That’s where the cybersecurity fight is today. In the future it will most likely move to prediction of what’s coming before anything happens.
2. More IoT attacks will be motivated by financial gain than chaos
It’s only a matter of time before every house and company is connected through the Internet of Things (IoT). We predict that as many as 1 million new connections per hour will be added to the internet by 2020 expanding the attack surface and making IoT vulnerabilities more critical and more dangerous. IoT will move from being seen as a massive security risk in the enterprise, to a critical part of an Enterprise’s security posture. To meet the security challenges of the IoT—an attack surface that is both growing rapidly and becoming increasingly difficult to monitor and manage, a proactive and dynamic approach to security, and a layered defense strategy, are the keys to protecting IoT devices from infection and attack—or at least, mitigating the impact when some are inevitably compromised by adversaries.
3. Continued growth in the use of ransomware and cyber-extortion tools
Unfortunately, ransomware attacks will almost certainly become more pervasive and varied during 2018. Some attacks will adhere to the brute-force model of infect, lock and extort, while others will be more sophisticated. Evolutions in ransomware, such as the growth of Ransomware-as-a-Service, will make it easier for criminals, regardless of skill set, to carry out these attacks. It turns out that ransomware generated a lot of cash for criminals, an estimated $1 billion in 2016. In the future, ransomware will not merely target individual users, but also target entire networks. Given that ransomware can penetrate organizations in multiple ways, reducing the risk of ransomware infections requires a portfolio-based approach, rather than a single product. Often, victims of ransomware choose to pay the ransom, because they have no other means by which to restore their systems and data. Don't pay the ransom. Create strong plans for system and data recovery as soon as possible, including backing up all systems daily.
4. Many enterprises will give priority to cloud security
More applications and servers are moving to the cloud to take advantage of cost savings, scalability, and accessibility. As a result of this, cloud environments will be a potential target of security breaches. Cloud is a journey and cloud security must be a driver, not an afterthought. According to the Cisco 2017 Midyear Cybersecurity Report hackers recognise that they can infiltrate connected systems faster by breaching cloud systems and we expect more problems related to cloud security arise in 2018. Cloud computing security is best executed in a phased approach matching the value of the cloud workload to the bad guys’ motivation. When it comes to cloud, security experts will need to decide who they can trust and who they can’t and enterprises will need to develop security guidelines for private and public cloud use and utilize a cloud decision model to apply limitations to cloud risks.
5. Increased automation in cybersecurity response
Humans are incapable of keeping up with the sheer volume of incoming threats, but their ability to make quick and highly-impactful decisions to manually address such an attack is equally inefficient. As our industry faces a talent crisis, automation, machine learning and AI will be critical in ensuring protection, becoming a powerful and effective component of cyber security incident response. Attaining full visibility into networks is key to stopping hackers, or machines, in their tracks and machine learning can help here by understanding the behaviour of devices, including IoT devices, on the network and identifying ‘soft spots’ on the network that are just waiting to be breached. In 2018 machine learning and artificial intelligence will undoubtedly be integral to the future the cybersecurity landscape.
The bottom line is that there is no silver bullet. We are facing a new frontier of innovation and can only seize the opportunity if security capabilities are built to support new ventures. We need more trained professionals, as well as smarter tools that make cybersecurity more effective – for both businesses and their consumers. Cybersecurity is our shared responsibility. Because we all have a say in our business and technology, we must also view security as an inherently essential part of our organization’s purpose and strategy.
5 minutes with... Janthana Kaenprakhamroy, CEO, Tapoly
Founder and CEO of award-winning insurtech firm Tapoly, Janthana Kaenprakhamroy heads up Europe’s first on-demand insurance platform for the gig economy, winning industry awards, innovating in the digital insurance space, and leading with inclusivity.
Here, Business Chief talks to Janthana about her leadership style and skills.
What do you do, in a nutshell?
I’m founder and CEO of Tapoly, a digital MGA providing a full stack of commercial lines insurance specifically for SMEs and freelancers, as well as a SaaS solution to connect insurers with their distribution partners. We build bespoke, end-to-end platforms encompassing the whole customer journey, but can also integrate our APIs within existing systems. We were proud to win Insurance Provider of the Year at the British Small Business Awards 2018 and receive silver in the Insurtech category at the Efma & Accenture Innovation in Insurance Awards 2019.
How would you describe your leadership style?
I try to be as inclusive a leader as possible. I’m committed to creating space for everyone to shine. Many of the roles at Tapoly are performed by women and I speak at industry events to encourage more people to get involved in insurance/insurtech. Similarly, I always try to maintain a growth mindset. I think it’s important to retain values to support learning and development, like reliability, working hard and punctuality.
What’s the best leadership advice you’ve received?
Build your network and seek advice. As a leader, you need smart people around you to help you grow your business. It’s not about personally being the best, but being able to find resources and get help where needed.
How do you see leadership changing in a COVID world?
I think the pandemic has proven the importance of inclusive leadership so that everyone feels supported and valued. It’s also shown the importance of being flexible as a leader. We’ve had to remain adaptable to continue delivering high levels of customer service. This flexibility has also been important when supporting employees as everyone has had individual pressures to deal with during this time. Leaders should continue to embed this flexibility within their organisations moving forward.
They say ‘from every crisis comes opportunity’, what opportunities do you see?
The past year has been challenging, but it has also proven the importance of digital transformation in insurance. When working from home was required, it was much harder for insurers to adjust who had not embedded technology within their operating processes because they did not have data stored in the cloud and it caused communication delays with concerned customers at a time when this communication should have been a priority, which ultimately impacts the level of customer satisfaction. This demonstrates the importance of what we are trying to achieve at Tapoly in driving digitalisation in insurance and making communication between insurers and distribution partners seamless.
What advice would you give to your younger self just starting out in the industry?
Start sooner, don’t be afraid to take (calculated) risks and make sure you raise enough money to get you through the initial seed stage.