If you thought 2017 was difficult for data breaches, just wait until 2018 is upon us. It is estimated there will be more breaches, both in quantity and volume of data records. It is also expected that companies will be sued for such violations, as is the case with the recently disclosed breaches with Uber.

The Information Security Forum (ISF) forecasts that next year will bring an increase in data breaches due to 6 major security threats identified below along with tips about what your organization can do to head them off at the pass.


2018 Top Information Security Threats


  1. Crime-as-a-Service (CaaS)
    Crime-as-a-service is when a professional criminal or group of cybercriminals develop advanced tools and other packaged services and offer them up for sale or rent to other less experienced criminals. This is having a powerful effect on the world of cybercrime because it lowers the bar for inexperienced individuals to launch sophisticated cyberattacks.The thought is that next year these more knowledgeable cyber criminals will develop hierarchies and partnerships that will start to look like small businesses who have a service to sell. Which means aspirant cybercriminals can come back again and again for more ransomware. This is a recipe for business failure for small companies who cannot afford to payout multiple ransoms.
  2. Internet of Things (IoT)
    Even though IoT devices are becoming more popular (i.e. personal assistants, appliances and Smart TVs), they are not secure by design. Often individuals and corporations to do not change the default password within the device; however even that, does not necessarily make up for the low level of encryption in each device. Cybercriminals will often enter through these devices to get into the data they really want.It is vital to develop an IoT policy, take inventory of all IoT devices within your organization and determine the vulnerability of these devices with your network.
  3. Supply Chain Access
    As I wrote in August, your supply chain can often be the riskiest part of your business. You may be exposing your company’s information because suppliers may have access to data they should not. Or, in cases where they are authorized, these suppliers may inadvertently bring malware or other threats into your IT infrastructure.Organizations must adopt strong, scalable and repeatable procedures when it comes to their supply chain and set up firewalls so individuals only have access to the data they need.
  4. Not Listening to the CISO
    Most board of directors think the CISO has everything under control and while this may have been the case in prior years, the threats are constantly changing. The CISO may feel uncomfortable asking for more money, but the reality of current and future cyber threats mean that management and boards need to be more agile and willing to add funding to their budget when requested.Being reactionary won’t be enough in 2018, according to the ISF. Not only will a company’s reputation be tarnished, but upper management and board members’ reputations will also suffer if proper preventative actions are not taken.
  5. Cybersecurity Talent Shortage
    With 350,000+ cybersecurity positions unfilled in the US today (and expected to grow in 2018), it is important to look at alternatives as small to mid-sized businesses probably cannot afford to get into a “bidding war” for talent with enterprise organizations.Companies should continue to engage with managed service providers to mitigate cybersecurity incidents and challenges.
  6. Human Error
    In 2018, it is still estimated that the majority of cyberattacks will still be generated from employees who accidently put their company’s data at risk.Next year is the time to focus on your people and train them to quickly identify suspicious emails, web links and popups. Training can do a lot help detect insider problems earlier and streamline any investigative process.

Shellproof Security Can Help

As you finalize your budget for 2018 and make plans for cybersecurity, think of us! With a goal in minimizing the threats outlined above, while maintaining your reputation to clients and partners, ShellProof Security can provide your organization with custom-tailored solutions that are both effective and affordable. Give us a call today at 212-887-1600 to set up your free, 15-minute consultation!