Mexico. As cyberattacks threaten every area of business and grow in both volume and frequency, companies will be forced to take on new practices to manage cybersecurity risk, integrating it more relevantly into their business management, according to Aon's Cyber Solutions industry specialists in the report: Cybersecurity Predictions 2018.
The study outlines a number of specific actions companies should consider in 2018 to address cyber threats and other trends that are anticipated for this year.
"For 2018, we anticipate increased cyber exposure due to the convergence of three trends: companies' increasing reliance on technology; the intensified focus of regulators on the protection of consumer data and finally, the increase in the value of non-physical assets. Leaders must adopt a coordinated, first-line management approach to cyber risk management, enabling them to better assess and mitigate risk across business functions," added Rogelio Altamira Del Valle, Chief Commercial Officer of Aon Mexico.
Highlights of the prediction report include:
1. Companies adopt security policies as managers are opening their eyes to cyber responsibility. As committees and executives experience and witness the impact of cyberattacks, including reduced profits, operational disruption, and claims filed against directors and officers, companies will turn to cyber insurance policies. Adoption will be distributed beyond traditional shoppers, such as in retail, financial, healthcare, transportation, oil and gas sectors.
2. As the physical and digital worlds converge, chief risk control officers become the center of attention for managing cyberspace as a business risk. This year risk managers are expected to take their seat on the board of directors and work closely with chief information security officers, to help organizations understand the full impact of digital risk on the business.
3. The normative focus expands and becomes more complex. The European Union holds global companies responsible for the violation of the General Data Protection Regulations. In 2018, regulators at the international, national and local levels will more strictly enforce existing cybersecurity regulations and increase compliance pressures on companies by introducing new platforms and technologies.
4. Criminals will seek to target companies that adopt the Internet of Things (IoT), in particular, target small and medium-sized businesses that provide services to global organizations. In 2018, global organizations will need to consider the risks when it comes to companies linking ioT and it is possible that attacks on large companies on small suppliers or contractors that use these technologies to access systems.
5. As they continue to hack passwords, companies will need to use physical biometrics and multi-factor authentication. Beyond passwords, companies will need to implement new authentication methods, from facial recognition to fingerprints. However, these technologies are still vulnerable, the report anticipates that a new wave of companies will adopt multi-factor authentication to combat password attacks and attacks that target biometrics.
6. Criminals will target businesses that use points or rewards as currency, stimulating the general adoption of reward programs. companies beyond the technology, government, automotive and financial services sectors will introduce bug bonus platforms into their security programs. Companies with loyalty, gift and rewards programs, such as airlines, retailers and accommodation providers, will be the next wave of customers for security firms, as criminals will focus on transactions that use points as currency.
7. Attackers are targeted with hijacking programs (ransomware); cryptocurrencies help the kidnapping program industry flourish. In 2018, criminals in kidnapping programs will develop their tactics. Reports predict that attackers using benign forms of malware (such as software designed to provoke DDoS attacks or launch ads on thousands of systems) will launch huge ransomware outbreaks. While attackers will continue to launch massive attacks to disrupt as many systems as possible. The report predicts an increase in instances of attacks targeting specific companies by demanding proportionate payments for the value of encrypted assets.
8. Infiltrator risks plague organizations, as they underestimate their serious vulnerability and responsibility, due to the fact that the main attacks fly over the radar. In 2017, companies invested little in proactive infiltrator risk mitigation strategies, and there will be no difference in 2018. According to the report, the lack of security training and technical controls will increase vulnerability through PDAs and personal devices. Many companies will continue to respond reactively to incidents without disclosing the attacks, so the true cost and impact of the infiltrator's risk on the organization will be unknown.
"At Aon, we help our customers identify, address and respond to their cyber risks. Our solutions framework broadens the typical scope to address digital risk and our services go beyond risk transfer: engaging with our clients for pre-breach planning and incident response services; and assist in the selection and implementation of appropriate solutions for the transfer of risks and ensure the continuity of operations through the consultation of claims," concluded Rogelio.
