5 trends from 2017 that will still matter in 2018

There were too many lessons to count, so here are 5 things that aren’t going away any time soon.

7 response
Thinkstock

A whirlwind. A train wreck. A dumpster fire. However you decide to label 2017, one thing is clear – a lot of stuff went down this year that will forever change the way we approach cybersecurity. You can no longer turn a blind eye towards things like planning and communications. There aren’t excuses anymore for keeping cybersecurity locked in the IT department, away from other measures of business risk.

2017 taught us a lot of lessons, but rather than focusing on the flashy headlines, here are five specific trends that rose above the noise and will still be relevant in 2018.

Cyber communications cannot be ignored

If there is a single takeaway that defined 2017, it’s that anyone who doesn’t include cyber communications as a core element of cybersecurity program is setting themselves up for failure. When one of the biggest costs of a data breach is the damage to your company’s reputation, the way you talk to everyone matters – before, during and after.

Whether its communicating a new cyber strategy to the Board or justifying a budget increase to a skeptical CFO, good communications sets the stage for your entire program. When a breach occurs, the way you communicate will determine the ultimate cost of the incident. Losing customers – and watching them file suit on the way out the door – is one of the biggest drivers of post-breach cost.

Between Equifax, Uber and Yahoo, 2017 offered plenty of case studies in poor communications, but the overall message was loud and clear – good cyber communications matters now, and is just going to matter more in 2018.

Small businesses are increasingly valuable targets

Small and mid-sized businesses have always been the backbone of the American economy, but throughout 2017, small businesses were increasingly viewed as hugely valuable targets for cyber criminals. According to the Verizon Data Breach Investigation Report, 61% of all cyberattacks target small businesses. Between the unexpectedly valuable information stored on their systems and often more relaxed security, this trend isn’t surprising.

2017 showed us that between their own data and backdoor access to bigger client data and systems, the attractiveness of small businesses isn’t fading any time soon. Whether you are a small business owner or just do business with one, this trend will still matter in 2018.

It’s all about the ecosystem

Cybersecurity professionals have been looking beyond the firewall to protect their companies for a while now, but in 2017, the cyber ecosystem raised its head and reminded us that vulnerabilities can exist anywhere. As companies are increasingly reliant on outside vendors for basic services and supply chain, the number of entry points into a network has grown exponentially.

This increased access is having an effect. A recent Poneman Institute survey found that 56% of respondents experienced a breach caused by a third party, and only 57% had a complete list of all the third-party companies they did business with. Regulatory bodies are even starting to count third party oversight as a compliance measure.

So, whether you contract out for legal services, buy materials from a supplier, or just rely on someone else to maintain your HVAC system, the risk posed by the cyber ecosystem in 2017 is only going to increase in 2018.

A good response depends on a good plan

Rather than Quixotically trying to prevent 100% of all attacks, 2017 emphasized resilience and business continuity, which require active input and a quick response from across your organization.

This means having robust plans where everyone knows their roles and responsibilities, so when the lights go out, you can keep chaos to a minimum and increase your odds of getting things back up and running. Unfortunately, the recent EY Global Information Security Survey found that while 69% of respondents have some type of incident response capability, only 8% described it as robust.

Response time was a critical measurement of success in 2017, and as the pace of attacks increases good planning will play an even bigger role.

Regulations are getting smarter

New regulations started cropping up in 2017, and unlike previous generations with a one-size-fits-all approach, these left the door open for companies to tailor compliance to their specific risk profiles. One of the more impactful was the New York Department of Financial Services new cybersecurity regulation. It requires specific security-related functions, rather than dictating specific technical solutions.

While the jury is still out on its ultimate impact, a regulatory framework that prioritizes a modern, business-led approach was a welcome change. Here’s hoping 2018 brings more of the same.

In myriad ways 2017 was definitely one for the history books, and if we pay attention to the things that mattered this year, we’ll best position ourselves to make next year a lot less exciting –and that’s a good thing.

This article is published as part of the IDG Contributor Network. Want to Join?

NEW! Download the Winter 2018 issue of Security Smart