2018's top cybersecurity threats

Register now

The facts are stark: 58 percent of global enterprises own to having experienced at least one data breach during the past 12 months, and of these, half say they suffered at least one internal incident, while more than a third endured at least one attack involving a business partner or third-party supplier.

But here’s the kicker—according to Forrester Research’s 2017 global security survey, it was known software vulnerabilities that opened the door to 41 percent of the external attacks.

What does this mean? A ghastly example was the sequence of events that followed the leak of the NSA’s EternalBlue exploit—which targeted the Server Message Block (SMBv1) service that Microsoft has default enabled on every Windows operating system for decades. Despite urgent remediation by Microsoft, the vulnerability was used to perpetrate the massive WannaCry and NotPetya ransomware attacks. More than 230,000 computers in 150 countries were infected within 24 hours of WannaCry’s release, and total damages ranged from several hundred million to $4billion. About a month later, it’s estimated that NotPetya caused another $300 million in damages.

But for CISOs and cybersecurity professionals, the real horror was that these attacks were carried out between 60 and 90 days after Microsoft released a fix for the exploit, says senior Forrester researcher Josh Zelonis. That’s why he lists ineffective vulnerability management as the most urgent threat confronting data security managers for 2018.

“High-profile breaches are the result of unpatched systems,” Zelonis warns, “and Vulnerability management needs board-level attention. While the security of your
organization shouldn’t rest on applying patches, the ability to perform rote security tasks such as patch management is a great predictor of overall security posture.”

Here are the other top threats identified by Zelonis, based on a 2017 Forrester survey of
604 network security decision makers worldwide, at firms with 1,000 employees or more:

Insecure cloud services will continue to hemorrhage sensitive data.
During the last few years, there have been a number of large data leaks due to misconfigured cloud services such as MongoDB and Amazon’s Simple Storage Service (S3). In Q3 of 2017 alone, Zelonis notes, major companies such as Time Warner, Verizon and Viacom experienced this type of data leak—losing encryption keys, customer account details and other sensitive data.

Data security professionals need visibility into how their publicly facing services are configured. While this can be accomplished through periodic red team exercises or internal auditing, Forrester recommends working with a digital risk monitoring (DRM) company to monitor the business’ infrastructure in real time.

The Equifax breach will render knowledge-based authentication ineffective.
Per Forrester’s survey, 42 percent of breaches target personally identifiable
Information, making it the most common type of data targeted by attackers. With the information stolen in the Equifax breach, identity thieves now have everything they need to access an individual’s medical records, bank accounts and tax returns.

Under these circumstances, Zelonis says companies need to treat identity as an assertion, and authorize based on confidence. Balancing fraud risk versus limiting friction to ensure completion of a transaction is something all businesses must now weigh. Lenders, for instance, are putting fraud holds on credit cards when purchasing patterns change. All companies need to begin using customer insight data to perform behavior-based analytics when validating someone’s identity.

Strategic compromise will allow attackers to undermine supply chains.
Third-party risk is frequently due to data shared with partner companies and service providers. Too frequently, supply chain issues that are upstream to an organization are ignored and incidents go unnoticed and unpublicized.

To correct this, Zelonis recommends performing supply chain threat assessments. Those charged with data security responsibilities should be regularly reviewing the amount of trust placed in suppliers and how software updates are deployed.

Ransomware will expose weaknesses in cybersecurity and business continuity preparations.
Ransomware represents a shift by away from more traditional data theft toward direct monetization of system compromise by cybercriminals.

A recent joint survey conducted by Forrester and the Disaster Recovery Journal found that three-out-of-four companies have documented response plans for data tampering, but only one-out-of-four test these plans more than once a year. Data that is critical enough to back up on a daily basis, Zelonis observes, should be tested more frequently to prepare for what is most likely an inevitable disaster.

For reprint and licensing requests for this article, click here.