Chief information security officers (CISOs) and information security officers (ISOs) within banking, credit union, healthcare and insurance companies should anticipate a new wave – and new types — of cyber attacks in the next 12 months.
As a result, these security professionals need to update and adjust their cyber security strategies, policies and penetration testing procedures across their entire businesses.
To help make these adjustments successfully, here are five predictions for what these professionals should expect during the next year and what actions to take.
Prediction One: Cyber Attacks Will Increase by at Least 20-40 Percent in Remote Working Arena
A huge percentage of corporate workforces are now working from home. This will continue throughout the next year. As such, expect at least a 20-to-40 percent increase in the number of cyber attacks on remote workers compared with the past year.
Research data supports this forecast. According to a 1Password.com survey of 1,000 U.S. desk workers and computers users, 89 percent said they have recently migrated to remote work.
But only 27 percent indicated their company was totally prepared for this move. A lack of preparation will be a key reason for the increase in attacks.
More attacks of virtual private network equipment
One technology that companies need to focus on are virtual private networks (VPNs), which are used to connect remote workers to their corporate networks. Preventing attacks on VPNS will, and should be, one of highest cyber security priorities over the next year because of the widespread gaps in these technologies for criminals to exploit.
Potential outcomes
CISOs and ISOs need to rapidly and thoroughly improve their cyber security capabilities for remote workers. Those who don’t are more likely to be victimized by more attacks and lose revenues and customers.
Prediction Two: Cyber Attacks Will Rise for Smaller Businesses At Least 40-to-60 Percent Faster Than Larger Businesses
Smaller businesses spend less on cyber security technologies and employee training than larger firms. The vast majority spend nothing at all, according to a recent survey of nearly 400 companies by the Wall Street Journal’s PRO Research.
The survey reveals that only 15 percent of small companies with less than $150 million in revenue have a cyber security program.
Considering this situation, the number of cyber attacks against them will escalate at least 40-to-60 percent faster than in larger businesses over the next year.
Potential outcomes
Small companies must improve their cyber security programs. If they don’t, the risks of being attacked by cyber criminals will inevitably increase. Small up-front investments to prevent these crimes will thwart massive problems later.
Prediction Three: Deep Fake Cyber Attacks Will Increase
Trouble is on the horizon in the coming year in the form of deep fake technology, which is used by cyber criminals to penetrate and swipe corporate data. This technology swaps faces and voices of people in videos to deceive receivers.
Over the next year the number of deep fake videos employers will become one of the fastest growing threats companies will need to prevent.
Potential outcomes
Security professionals will need to become more adept at identifying deep fakes quickly. They need to plan ahead for them and train employees on how to detect them. The risks of not doing this could be catastrophic.
Prediction Four: More Investments in Security and Privacy as Competitive Business Differentiators
If you are a CISO at a healthcare facility, and you have a corporate customer asking about your company’s cyber security program, you will want to assure your customer that you have checked, for example, 20 or so different security-prevention “boxes.”
Companies will tout their cyber security penetration testing
Over the next year, more companies will want to make these assurances to customers about the extensive penetration tests they have done to prevent cyber attacks, because it will help their customers feel more secure.
This is about leveraging security as a competitive differentiator, which will become a bigger industry dynamic in the next 12 months. Nearly three-fourths (71 percent) of CEOs view information security as a strategic function and lever for competitive advantage, according to a KPMG survey.
“This reflects a dramatic change in opinion from what we’ve heard in the past from clients, when CEOs largely viewed cyber security as a risk mitigation measure,” according to the report.
Potential outcomes
Companies that use cyber security as a competitive differentiator will build trust and loyalty with customers. Those that don’t will lose customers.
Prediction Five: Companies Will Increase Penetration Testing Services By At Least 25 Percent Over the Next Year
Companies want to identify the weaknesses, gaps and vulnerabilities in their networks before the bad actors do. Testers deliberately attempt to find these problems in corporate networks.
Security testing will continue to increase in the next 12 months. According to marketsandmarkets.com, the security testing market is expected to expand from $3.3 billion in 2016 to $7.6 billion in 2021, an annual growth rate of 18 percent.
What’s more, penetration testing will be one of the fastest growing of all cyber security market segments during the next year.
Potential outcomes
If companies don’t do cyber security testing, they are much more likely to be victimized by cyber attacks. A small investment in testing – under $10,000 – would be a small price to pay to avoid losing millions of dollars because of a cyber attack.
Patrick Barry is the chief information officer for Rebyc Security based in Charlotte, North Carolina. The company provides cyber security penetration testing services to chief information security officers and information security officers in the banking, credit union, healthcare, and insurance industries. He can be reached at pbarry@rebycsecurity.com.
