This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Emerging cybersecurity trends

19 June 2018

Cybersecurity experts from TÜV Rheinland have listed eight challenges that need to overcome to allow organisations to better protect themselves from the increasing volume and complexity of cyberattacks while preparing for the opportunities of automation and digitalisation of industries

TREND 1: A rising global tide of cyber-regulation increasing the price of privacy
Data protection is a critical concern in an increasingly digital world and May 25, 2018 is a turning point for data protection in Europe. It marks the end of the transitional period for the EU General Data Protection Regulation (GDPR) as it becomes enforceable by law. It disrupts data governance and how information is protected for any organisation controlling or processing EU citizen personal data, and leads a growing list of emerging data protection regulations from around the globe. Failure to comply could result in fines of up to 4% of global turnover – a significant sum that demands attention. Expect to see the EU Commission hold major global companies accountable for GDPR violations.  

TREND 2: The Internet of Things drives the convergence of safety, cybersecurity, and data privacy
In 2016, Mirai proved that Internet of Things (IoT) devices can be effectively weaponised as botnets. Today, product development, time to market considerations, and technical power constraints leave IoT devices exposed by exploitation of critical vulnerabilities. The impact of data breaches now extends far beyond simple data monetization to ‘kinetic’ threats to health and safety, as devices and systems are directly connected to open networks. It is widely accepted that the state of IoT security is poor and, with over 500 connected devices expected to cohabit with us in our homes by 2022, these represent a major risk to safety, cybersecurity, and data privacy.  

TREND 3: Operational technology emerges as a frontline for cyberattacks
The industrial internet is already transforming global industry and infrastructure, promising greater efficiency, productivity and safety. To compete means to move process equipment online, often unwittingly exposing component vulnerabilities to cyberattacks. Manufacturing plants are targeted to obtain intellectual property, trade secrets, and engineering information. Attacks on public infrastructure are motivated by financial gain, hacktivism, and national state agendas. Fear of a ‘worst-case scenario’, where attackers trigger a breakdown in systems that underpin society, was highlighted this year at the World Economic Forum. Industrial systems are particularly susceptible to supply-chain attacks, adversaries have recognized this, and are targeting them.  

TREND 4: With cyber defences in place, focus shifts to threat detection and response
Recent cyberattacks on high-profile organisations provide proof that preventative controls alone are not enough. Today, it takes organisations, on average, over 191 days to detect a data breach. Due to the vast growth of security log data, limitations of incumbent technologies, ineffective use of threat intelligence, inability to monitor IoT devices, and shortage of cybersecurity talent, organisations are exposed to costly dwell times.  

TREND 5: Increasing use of artificial intelligence for cyberattacks and cyber defence
As organisations undergo a digital transformation, there is a growing volume of increasingly sophisticated and persistent cyberattacks. Malware is becoming smarter, able to ‘intelligently’ adapt to and evade traditional detection and eradication measures. With a global shortage of cybersecurity talent, organisations are losing the cyber arms race as a result. The volume of security data now far exceeds our legacy capability to use it effectively, leading to a growing number of AI-enabled cybersecurity use cases: accelerating incident detection and response; better identifying and communicating risks to the business; providing a unified view of security status across the organisation.  

TREND 6: Certifications become necessary to inject trust into cybersecurity
Cybersecurity and data protection are critical in an increasingly digital world, but how can you judge the effectiveness of an organisation’s cybersecurity posture? There is a growing concern for trust in cybersecurity, evidenced by existing and emerging standards. Certification validates that you have done what you say you have done. Today, however, product security assurance certification schemes tend to focus on the critical infrastructure and government sectors only. Where does that leave the manufacturers of consumer products?  

TREND 7: Passwords being replaced by biometric authentication
Our digital lives are ruled by a complex web of online apps each requiring a username and password to control access. To protect the data behind these apps, selecting an obscure and complex password, and changing it often, is good practice, but also quite rare. It is increasingly commonplace to encounter biometric authentication (facial, fingerprint, iris, and voice) included in everyday mobile, tablet, and laptop devices, as well as physical access and online services.  TREND 8: Industries under siege: Healthcare, Finance, and Energy The majority of cyberattacks are undertaken by criminal organisations and are motivated by money. The value of information on the dark web depends on demand for the data, the available supply, its completeness, and ability for reuse. As a result, healthcare and financial personal information are highly sought after. Other cyberattacks have more political and nation-state motives, here disruption to critical services through attacks on the energy sector is a key risk in 2018; as evidenced by recent news of Russia’s campaign of cyberattacks targeting the US power grid, which is suspected to have been underway for several years.

The ‘Cybersecurity Trends 2018’, whitepaper is available for download at http://www.tuv.com/en/cybersecurity-trends-2018


Print this page | E-mail this page