1. Regulatory changes coming into force will give cyber a renewed focus in the boardroom
With both the GDPR and the NIS Directive coming into effect in 2018, organisations will need to adopt a more integrated approach to protecting against cyber threats to comply with the new legislation.
The NIS Directive on security of network and information systems includes a number of requirements around incident response and the implementation of technical security measures based on risk. It will be applicable to all EU Member States as well as businesses from key sectors such as banking, healthcare and transport, which have been identified as operators of essential services.
The General Data Protection Regulation (GDPR) will, amongst other things, require all organisations processing personal data of European citizens to implement adequate security measures to protect this data as well as make sure that if a data breach occurs, its impact is thoroughly investigated and any affected individuals notified within 72 hours. With the deadlines for both regulations fast approaching, we’ll see organisations put cyber and its threats into focus. Boards and risk managers will need to adopt a more coordinated approach to cyber risk management to better assess and mitigate risk across all enterprise functions and make sure to avoid the heavy fines as a consequence of non-compliance.
If you are interested in finding out how Context can support your business in building effective cyber risk management and defence strategies, please contact us.
2. Beyond red teaming
In the face of increasing data protection regulations and cyber threats, the use of red teaming as an essential tool for organisations to assess their capability to resist and respond to cyber-attacks, will continue to increase.
As we are starting to see the number of high profile Advanced Persistent Threat (APT) attacks, such as the recent SWIFT breaches, on the rise and regulatory bodies’ interest growing, companies will be driven to include red team testing as part of their proactive efforts. The use of technical assurance testing techniques and approaches similar to the UK finance industry’s CBEST framework will become crucial, especially in safety critical environments including nuclear, space and telecoms.
We will also see red teaming undergo an evolution to include blue and purple teams to further improve the effectiveness of an engagement and to iteratively determine where a breach should have been detected and how to deal with it appropriately, in collaboration with clients’ security teams.
3. Evidence of business to business cyber corporate espionage will emerge
While corporate espionage has been around for years and is widespread in modern enterprises, the proliferation of digital business and erosion of traditional barriers to data access have opened up more vulnerabilities for potential attackers to exploit. The risk for companies to become victim of an espionage attack aiming to steal emails, financial information, sensitive digital data or intellectual property is real. In the past year we’ve seen several cases of cyber corporate espionage hit the headlines with the majority of perpetrators being either trusted insiders such as current or former employees, or nation state sponsored cyber-criminals aiming to gather valuable intelligence.
2018 will likely be the year we’ll finally start seeing evidence of business-to-business cyber corporate espionage emerging, with companies targeting each other’s digital defences to try and steal information on prototype designs, clients and employees, for example.
4. We will continue to see major incidents in the press
As the threat landscape continues to evolve, cyber and ransomware attacks are becoming increasingly complex and ever more frequent – something that won’t change anytime soon.
We will continue to see big incidents in the press, starring nation state attackers targeting large organisations and countries to gather information and cause disruption as well as malware attacks such as last year’s Bad Rabbit, WannaCry or Petya, which will continue to diversify and affect more and more devices and systems.
5. Blurring of boundaries between cyber and physical attacks and digital and physical security and safety
The divide between digital and physical has become increasingly blurry, especially in the area of safety and security. Physical testing and red teaming exercises have been part of an integrated security testing programme for years now and demonstrate just how intertwined the two realms are – and how risks in one can easily affect the other. With this in mind it might not be too far-fetched to assume that a cyber security incident may well end up triggering a physical attack or even military conflict in the worst case.
Whilst this list of possible developments in cyber is in no way exhaustive, it does provide an all too clear key message for all of us to take away: the cyber threat landscape will continue to rapidly evolve and it is therefore as important as ever to take a proactive approach in protecting yourself from becoming a victim.