In the age of the internet, security is often in the spotlight when high profile breaches leave vast volumes of private data exposed. And even with the efforts of industry experts, the threats of cybercrime continue to grow.
So what challenges face the sector today and how will they evolve over the coming years? Here are a few points to consider.
Rise of the Internet of Things
The Internet of Things (IoT) is a nebulous group of web-enabled devices consisting of everything from smart TVs to IP security cameras and beyond. And with the right malware, they can be hijacked by hackers and used to form botnets with vast amounts of disruptive power.
Back in 2016 the Mirai malware outbreak proved that IoT tech could be exploited on a massive scale, with distributed denial of service (DDoS) attacks impacting major telecoms firms in several countries.
In 2018 security specialists like Andrew Mabbitt of Fidusinfosec.com have identified new threats with similar capabilities, including the Reaper and IoTroop botnets. And like Mirai, the aim is simple; exploit software weaknesses to infect devices and increase the reach of cybercriminal activities.
What makes this problem even more challenging is the fact that with each new outbreak and attack, the crooks are harvesting useful data about which tactics are the most effective. So even if vulnerabilities are patched, the next generation of IoT-focused malware will be leaner, meaner and more efficient.
This is symptomatic of the security arms race which is raging at the moment. It is well known that cybercrime generates huge profits for participants, so perpetrators can afford to invest in constantly enhancing their techniques. Meanwhile businesses are having to put up with an annual increase in security costs of 22.7 percent, which is not sustainable in the long term.
Implementation of the General Data Protection Regulation
With pressure coming from cyber criminals on one side, businesses are also facing up to the reality of stricter rules on how they handle customer information with the rollout of the GDPR in Europe.
Landing on the 25th of May this year, this wide ranging bill could see fines of €20 million (£17.5 million) levelled against organisations that fall short of expectations when it comes to protecting data.
A failure to comply will not only hit businesses financially, but will leave their reputation damaged. And the cost of preparing for the GDPR, as well as maintaining compliance in the long term, will also be an obstacle to overcome in 2018 and for the foreseeable future.
This is not just about changing security systems and automated data handling services, but also about employee education. It will be necessary to retrain staff so that they can operate with the GDPR in mind, rather than falling foul of the tougher stance it takes on privacy.
Of course from a consumer perspective this is a very positive step, but it is ushering in a period of transition which will no doubt cause difficulties for some firms.
Emergence of Artificial Intelligence
AI has been a pipe dream for decades, but the arrival of machine learning algorithms in recent years has brought about rapid change in this area. Within a few years, software will become even more powerful and autonomous in its operational abilities.
From a security perspective, this is a double edged sword. On the one hand, AI will make it easier to predict and counteract potential attacks without requiring vast resources and lots of people power to get the job done. On the other, it is certain that cybercriminals will also harness AI for their own nefarious purposes, which will present its own obvious hazards for the industry as a whole.
Persistence of Ransomware
Locking businesses out from their data with ransomware is still something that cybercriminals are doing to earn easy money. And because a lot of these campaigns involve phishing or social engineering tactics, the weak link is still human employees, which means that investing in better security can only go so far to curb this issue.
Education and training are once again the best answers, because if staff are informed and have the right skills, then ransomware can never take hold.
There are sure to be other security threats that appear in the future, and the industry will need to react to them quickly to limit the damage that they can do.