19 December 2018

A LOOK BACK AT OUR PREDICTIoNS FOR 2018

At Secrutiny, we made some bold predictions about what cybersecurity was going to look like in 2018 – found out how we did.

1. Consumers will demand increased security on websites as they start to realise owners of the sites pose their most significant risk

Authentication solutions such as Google Authenticator and Myki (myki.com) are now becoming commonplace, and many sites are adopting and encouraging the multi-factor processes. Cisco’s DUO acquisition will continue to drive MFA in the enterprise.

We have also learnt to be more vigilant when it comes to the padlock icon in the URL bar, as reports suggest nearly half of all fake websites are using the padlocks symbol in the URL bar.

2.Every employee will need to be a CISO –awareness training moving up in the corporate agenda

Cyber training is commonplace in most enterprises now, while phishing testing has also become pervasive. Everyone within a company, or organisation, who is connected to the internet should be given cybersecurity training.

*Source Data Breach Investigation Report (DBIR)

3. Identity control will be key to being secure

This hasn’t had the coverage we were expecting in 2018, and we are probably a little ahead of our time with this prediction. However, there has been widespread coverage of the issue of credential loss (haveibeenpwned.com), and this has mostly focused spending to Multi-Factor Authentication (MFA). The follow-on to this will be identity, and the wearables market will also drive adoption.

4. Enterprises abandon data centre plans and move quicker to cloud

Research shows that multi-cloud is the preferred strategy among enterprises. According to RightScale, 96% of survey respondents use cloud; that more enterprises are prioritising cloud; that serverless is the top-growing cloud service; and that private cloud adoption grows across the board.  

5. Multi-factor authentication should become mandatory in enterprise

It’s happening, but we cannot understand why some organisations continue to ignore it. According to CSO, passwords have accounted for 81 percent of data breaches in the past few years*. MFA significantly reduces the risk of an unwanted party accessing your most important systems and adds a layer of security that is hard to breach. 

 *Souce Data Breach Investigation Report (DBIR)

6. There will NOT be a GDPR fine in 2018

While there have been fines for breaches and lack of control of data, but these were always possible pre GDPR. We have seen little evidence of the massive 4% of revenue that caused everyone to scramble to get compliant.

So far, there have been 8,000 data breach reports filed in the UK and Marriott Hotels may face a fine of more than £17 million for their recent data breach.

7. Patch management will be taken more seriously, as IT operations admins get the same priority as projects

It’s on people’s agenda, but it isn’t at the top of the queue. Fundamentally, this is because it requires resource (people) and IT headcount budgets remain under pressure.

8. Two-factor authentication will become a hacker target

There has been some ‘man in the middle’ approaches to get the data, but nothing significant has been reported. One popular method in 2018 has been via a phishing landing page – a phoney landing page is created prompting the user to enter their details, followed by their two-factor authentication code – all visible to the hacker.

9. Lengthy discussions on Bitcoin regulation will start

This had to happen, and the bitcoin market has had enough attention to question the validity of ‘bitcoin’ as an investment. What has happened is the coverage has led to people exploring blockchain as a security approach for many real-life requirements, such as counterfeiting. The use of bitcoin remains confined to anonymous and typically illegal transactions.

10. The cheque will get recognised as the safest way to pay someone

It’s still not widely recognised by the general public, but the cheque is the best method of payment to avoid payment fraud that continues to be a successful crime by cyber-crime groups.

We have lobbied banks where possible and discussion groups to make people aware of the banking systems around the world completely ignoring a payee name. So, amended sort codes and account numbers are a real danger.

We have been told that there is now an initiative to incorporate the name of the payee with an anticipated roll-out date of circa May 2019.

It’s hard to predict the future – but we tried our hardest, let us know what you think. And don’t forget to check back in next month (January) when we will be releasing our predictions for 2019!