“The more things change, the more they stay the same.” That 1849 quip from Jean-Baptiste Alphonse Karr somehow seems fitting for today’s cybersecurity industry. In 2017 we saw massive change in the speed, creativity and magnitude of attacks — yet the industry plodded along on important issues such as timely data breach disclosures.
Taking both ends of the spectrum into account, my cybersecurity predictions for 2018 involve cyber scores, 2FA and bio hacks.
1. Your Company’s Cyber Score Will Be as Important as Its Credit Rating
In an interview with TechRepublic a few days ago, Gartner research director Jeff Wheatman said, “It's no longer just about understanding whether a company you're going to do business with is credit-worthy, we need to understand what their security posture is, because it's going to have an impact on our security posture.” TechRepublic added: “Historically, organizations would go to credit rating agencies and find out the creditworthiness of their partner, but now that companies are handing out data to their partners, they need to understand what their posture is. As a result of this, we've seen a big uptick in the market for security rating services, he [Wheatman] said.”
Exactly! In 2017 FICO has seen a surge in adoption of our Enterprise Security Score, as both cyber insurance providers and their corporate customers recognize the value of an objective measure of cyber security risk.
In 2018, I predict that the awareness and usage of enterprise cyber scores will skyrocket. Just as retailers like Costco and Walmart hold their vendors to high standards in logistics and inventory control, in 2018 we will see vendor contracts being terminated, or just allowed to expire, due to the measured level of cyber risk, as encapsulated in independently generated cyber scores.
2. Two-Factor Authentication Will Become Nearly Ubiquitous
Although the word “ubiquity” may have gone out of fashion (along with a lot of other buzzwords from the dot-com era), it’s an accurate description of how two-factor authentication will really take off in 2018. 2FA isn’t new, but as a component of the multi-factor authentication required by the PCI standard, it’s set to become much more prevalent before it gets replaced by something newer or better.
The reality is, two-factor authentication is extremely effective. With stolen login credentials being a dime a dozen on the dark web, a well-implemented 2FA renders them nearly worthless. Expect to see rapid expansion of 2FA in both consumer applications, as well as fronting access to data and resources in the workplace.
2FA won’t solve all of our security problems, but it’s a relatively inexpensive solution that takes a big bite out of issues related to user authentication. And users don’t yet seem too annoyed by the extra step.
Watch this space for future blogs in the New Year. Cheers!
Follow me on Twitter @dougoclare.