In looking back at 2017, one of the enduring outcomes is that cybersecurity cemented its place in the national conversation.
Though there were a number of major cyber breaches or hacks in the past year, the most far-reaching and potentially devastating was from Equifax. Yahoo Finance reports that over 145 million people were impacted, with stolen data ranging from contact information to Social Security numbers.
The breaches impact consumers as well as businesses, which can face dire consequences if not adequately prepared for such attacks. BizVoice magazine looked at cybersecurity concerns and efforts in two recent editions (find those stories here and here). We interviewed Nathan Stallings of Matrix Integration for one of those stories; the technology infrastructure and advisory company assists its clients in preparing for and preventing such attacks.
Stallings shares his “Top 10” cybersecurity predictions for 2018:
Resources (people and money) for preventative and proactive measures will continue to shift from the network perimeter to within the network. Network Access Control (NAC), network segmentation, and Security Information and Event Management (SIEM) products and/or services will be the top three solutions for most organizations.
Cloud security will become even more important as workloads transition to the cloud, whether public, private, or hybrid. The challenge will continue to be defining the security responsibilities of the cloud provider versus the organization.
Companies will begin to shift their cybersecurity strategy from “prevent and protect” to “detect and recover”. I believe that there is a risk of moving too far away from “prevent and protect” which, in turn, will make “detect and respond” exponentially more difficult. The best strategy is a well-designed combination of the two approaches.
Ransomware will be significantly worse. Variations of WannaCry and NotPetya along with Ransomware as a Service (RaaS) will result in at least a doubling of the number of ransomware incidents from 2017. The cost of ransomware damages globally will likely exceed $5 billion in 2017 and will be substantially higher in 2018. There were approximately 4 million ransomware attacks in 2015, 638 million in 2016, and the estimate for 2017 is a 250% increase. The number for 2018 will be well over 2 billion attacks. Organizations should focus on prevention methods like security awareness training, detection methods like managed security services, and recovery. Recovery may well be the most important and relies heavily on the ability to fully eradicate the ransomware and having a sound data back-up strategy.
Security awareness training of staff and contractors will become increasingly important as hackers turn away from direct attacks on network infrastructure and web applications and target the end-users with sophisticated “phishing” techniques.
Significant attacks on Internet of Things and personal assistant/artificial intelligence will increase dramatically.
The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) will continue to gain widespread acceptance and adoption because it is designed to complement, not replace, an institution’s risk management process and cybersecurity programs.
More PCI compliance audits for credit card transactions as the PCI DSS compliance requirements become even more stringent.
Additional high-profile breaches as large organizations continue to fail at the fundamentals of cybersecurity.
Large healthcare organizations will continue to struggle to balance patient care, the needs of physicians and other medical personnel to quickly access critical information, and patient privacy with cybersecurity fundamentals.
If your company isn’t prepared to stop a cyberattack, is it prepared to recover from one? An old saying seems applicable for this new challenge: “An ounce of prevention is worth a pound of cure.”
The Kauffman Foundation’s Jonathan Ortmans offers thoughtful perspective on entrepreneurship and technology topics. Below is a summary of his latest entry.
One of the great drivers of innovation today is the promise of digital disruption of complex and regulated industries. Digital disruption is not only behind the public sector’s move toward open government and open data, but is also the rise of civic-centered startups that are changing the rules of the game for traditional industries. It is time for a new wave of policymaking that anticipates a whole new set of issues for policymakers.
A new sense of urgency is called for as policymaking for the digital economy accelerates in response to what entrepreneur Steve Case calls “The Third Wave” of the Internet revolution.
As 1776 co-founder Donna Harris explains, “as digitization moves from basic applications like social media and e-commerce to more complex industries like education and healthcare, entrepreneurs tackle harder and harder problems. And that means government is more involved and that legacy institutions will inevitably play key roles … Frameworks established decades ago no longer apply, and leaders at all levels need to be proactive in understanding and regulating for a digital economy.”
Creating new regulatory frameworks for the digital workforce is a challenge. As I discussed recently, a Princeton/NBER survey found that the share of workers engaged in alternative work arrangements (e.g. independent contractors and freelancers) was 15.8 percent in 2015, up from 10.1 percent in 2005. Beyond the safety net challenges posed by the so-called “gig economy,” the impact of the broader digital economy reminds policymakers that they need to write new rules for an era where digital disruptions are giving individuals greater power and freedom to write their own destinies. The possibilities of the digital age include new remote, flexible and on-demand work opportunities – and a clear shift of power from institutions to individuals as transparency increases.
Yet most cities, let alone the federal government, are not ready to leverage digital disruption. Innovation That Matters, a pioneer report in understanding digital disruption in the United States, ranks 25 American cities’ readiness to capitalize on the inevitable shift to a digital economy, and provides metrics that city leaders can use to evaluate their progress in developing their digital economies.
The greatest policy risk of all in digital disruption is ultimately policymakers reacting too slowly or providing what Harris calls a mediocre legacy of a “patchwork of laws and tensions.” There are some exceptions to follow from smaller nations that are leveraging the fact that small is beautiful and also more doable. Nations like Estonia for example, have their top authorities leading their countries digital economies, through initiatives in digital infrastructure and even an e-residency program for global entrepreneurs.
Getting the public sector up to speed with the digital revolution is not an easy process. Internal capacity and cybersecurity are two large roadblocks. And it will take many intra-preneurs in government to make the necessary changes, as well as increased rapprochement to civic entrepreneurs who can help one of society’s most traditional sectors – government – react responsibly and responsively to digital disruption. Let the work begin.