Security Think Tank: Put collaboration on 2019 security agenda

One thing predicted for 2018 that did not happen

One of the Information Security Forum’s (ISF) flagship products is the annual Threat Horizon report, which identifies information security threats emerging in the next two to three years. Intended for senior business executives and information security professionals alike, Threat Horizon pushes the limits of thinking to help organisations take a proactive, strategic approach to managing risk and planning for worst-case scenarios.

In the 12 years that Threat Horizon has been published, many of the predicted threats have arisen, but not always exactly to time. In this spirit, we can look to past copies of the report to identity threats that have been a little late to the party.

For instance, over two years ago, it was predicted that the use of algorithms would pose a threat to the integrity of critical systems in 2018. Within the financial sector at least, this threat has not transpired, due in large part to EU regulatory reforms introduced in early 2018, known as MiFID II (Markets in Financial Instruments Directive II). This legislation has imposed tighter requirements for the testing of algorithms to mitigate the risks arising from algorithmic trading systems (for example, disruption of the market).

One thing that happened in 2018 that was not predicted

A threat that was not predicted for 2018 and did occur is “formjacking”, which has been perpetrated by attackers on a scale and frequency that has increased exponentially over the past six months. Formjacking refers to the injection of malicious JavaScript code into the payment processing web page of e-commerce sites to steal customers’ payment card details and other personally identifiable information.

Finally, a threat identified in the ISF’s Threat Horizon 2019 that probably will not happen next year is the prediction of a headlong rush to deploy artificial intelligence (AI) leading to unexpected outcomes that go beyond the understanding of business leaders, developers and systems managers. While development of AI continues and its potential is promising, the prospect of hasty AI adoption has been tempered by recognition of its risks and the need to understand its impact prior to implementation.

With 2019 just around the corner, key threats identified by the ISF that organisations should prepare for in the coming year include the increased sophistication of cyber crime and ransomware, the impact of current and forthcoming legislation, and the challenge to data integrity posed by smart devices.

One thing that should happen in 2019, but probably will not

As part of mitigating these and other threats, organisations should strive for unprecedented levels of collaboration – not only with internal business functions, such as legal, compliance, audit and human resources, but also with external stakeholders, to include partners, manufacturers, suppliers and regulators. 

The end of year is always an opportune moment for reflection. Next year, our predictions may be realised or we may be surprised, but we can certainly be sure that it won’t be dull year ahead.