IoT risks, insider threats, password hacks, biometric cracks: Cybersecurity in 2018 looks messy

A new report from Aon's security experts predicts more and different cyberattacks, and highlights the pressing need for healthcare organizations to change some of their approaches.
By Bill Siwicki
02:47 PM
Share
fingerprint authentication in healthcare

Some organizations have been implementing new methods of authentication beyond passwords - from facial recognition to fingerprints. 

Ramped-up attacks on the healthcare Internet of Things. More success with cracking passwords and biometrics. Increased risk from insider attacks. A heightened need for chief risk officers. This is what 2018 will look like on the cybersecurity front, according to professional services firm Aon's industry specialists in its new 2018 Cybersecurity Predictions report.

"In 2018, we anticipate heightened cyber exposure due to a convergence of three trends: first, companies' increasing reliance on technology; second, regulators' intensified focus on protecting consumer data; and third, the rising value of non-physical assets," said Jason Hogg, CEO of Aon Cyber Solutions.

[Also: Hackers expose data of 30,000 Florida Medicaid patients]

"Heightened exposure will require an integrated cybersecurity approach to both business culture and risk management frameworks," he added. "Leaders must adopt a coordinated, C-suite driven approach to cyber risk management, enabling them to better assess and mitigate risk across all enterprise functions."

Just today it was reported that Florida's Agency of Healthcare Administration has been notifying 30,000 Medicaid patients that their data may have been breached after an employee fell for a malicious phishing email in November.

Hackers possibly accessed Medicaid enrollee names, Medicaid ID numbers, dates of birth, addresses, diagnoses, medical conditions and Social Security numbers. The data of as many as 30,000 patients was partially or fully accessed, and Social Security numbers or Medicaid IDs exposed for about 6 percent.

In 2018, Aon forecasts that cybercriminals will look to attack organizations embracing the Internet of Things. Organizations will need to consider the increased complexities when it comes to how they are using the IoT in relation to third-party risk management, experts said. The report predicted large organizations will be brought down by an attack on a small vendor or contractor that targets the IoT, using it as a way into a network.

This year, as passwords continue to be hacked and cyberattackers circumvent physical biometrics, multi-factor authentication will become more important than ever before, Aon contended. Beyond passwords, some organizations have been implementing new methods of authentication – from facial recognition to fingerprints. 

But those technologies are still vulnerable, and as such, the report anticipated that a new wave of organizations will embrace multi-factor authentication to combat the assault on passwords and attacks targeting biometrics.

Insider risks will plague organizations in 2018 as organizations underestimate their severe vulnerability and liability, Aon predicted. In 2017, organizations underinvested in proactive insider risk mitigation strategies, and 2018 will be no different, the report suggested.

A continued lack of security training and technical controls, coupled with the changing dynamics of the modern workforce, according to the report, means the full extent of cyberattacks and incidents caused by insiders will not become fully public.

Organizations in 2018 increasingly will adopt standalone cyber insurance policies as boards and executives wake up to cyber liability, the report predicted. As boards and executives experience and witness the impact of cyberattacks, including reduced earnings, operational disruption, and claims brought against directors and officers, organizations will turn to tailored enterprise cyber insurance policies rather than relying on components in other policies, Aon experts said.

And as the physical and cyber worlds collide, chief risk officers will take center stage to manage cyber as an enterprise risk, the report predicted. As sophisticated cyberattacks generate real-world consequences that impact business operations at increasing scale, C-suites will wake up to the enterprise nature of cyber risk and in 2018 give risk officers a seat at the cyber table working closely with CISOs.

Future-proofing security

Why cybersecurity is top of mind for forward-looking healthcare orgs.

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com