Blog banner

The information security threats you will see in 2018

  • 11 December 2017
  • Author: Liam Phelan
  • Number of views: 356

In 2017 we witnessed a big increase in the security threats around the world, and it’s unlikely to get any better in the future. The Information Security Forum (ISF), a global, independent information security body that focuses on cyber security and information risk management, forecasts an increase in the number and impact of data breaches for the upcoming year.
Most of those breaches relate to the five key global security threats that organisations will face in 2018. As happened in 2017 we will see increased sophistication in the threat landscape with threats being personalised to their target’s weak spot.
You can see below the top five global security threats that businesses will face in 2018, according to the ISF.


According to ISF in 2017 we saw a huge increase in cybercrime, particularly crime-as-a-service. They predict that the same will happen in 2018. The criminal organisations will diversify into new markets and will take their activities at a global level. Some of them with roots in existing criminal structures, while others will emerge focused solely on cybercrime.
The difference is that cybercrime won’t be focused just on the very large industries, such as intellectual property and big banks, it will more present in the daily routine of almost everyone else. The cybercriminals are becoming more sophisticated in their use of social engineering, which means that the targets will be generally individuals rather than the enterprise.

The IoT

The Internet of things (IoT) is no longer a novelty but something that companies are adopting more and more. But a lot of these devices are not secure by design. In this topic, the ISF also warns that will be an increasing lack of transparency in the rapidly evolving IoT ecosystem, with vague terms and conditions that allow organisations to use personal data in ways customers did not intend.
On the enterprise side, it will be problematic for organisations to know what information is leaving their networks or what data is being secretly captured and transmitted by devices like smartphones and smart TVs. IoT devices are a point of attention and vulnerability.

Supply chain

When the topic is about security, supply chain is usually a point of vulnerability for most companies. As the organisation notes, a range of valuable and sensitive information is often shared with suppliers. When that information is shared, direct control is lost. That means increased risk of compromise of that information's confidentiality, integrity or availability.
The ISF warns that the companies need to really pay attention to it in 2018, they need to focus on the weakest point in their supply chain. The recommendation is to be proactive and is better to start to think about it right now. This is a point in the GDPR new regulation too. The companies need to adopt strong, scalable and repeatable processes with assurance proportional to the risk faced. 


The GDPR (European Union General Data Protection Regulation) will come in May 2018 to help in this topic and in fact protect the customers against the data breaches. Much work needs to be done inside the companies to make sure that they comply with the new regulation. Isn’t just about compliance, it’s about, make sure that you have the ability across your enterprise and supply chain at any point in time to be able to point to personal data and understand how it's being managed and protected.

Expectations Vs Reality

The misalignment between the board of directors and the information security department isn’t something new. The full implications of a data breach or a threat is commonly underestimate from the board perspective, and this is the risk. Take time to make a significant improvement in the security area, even when the organisation has the correct skills and capabilities in place.
This misalignment means that when a major incident does occur, it won't just be the organisation that feels the effects; it's likely to reflect badly on the reputations of board members, both individually and collectively. The role in the information security department need to include anticipation and a clear approach with the board of directors to make sure that everybody is aligned about the risks and vulnerabilities.

Security Courses at New Horizons Ireland

The best option when the topic is to keep your company away from the threats is to invest in training and qualification. At New Horizons Ireland we provide a wide range of security courses led by our certified instructors. Check out in the link below to see our options:

CyberSAFE Course

Who Should Attend
This course is designed for non-technical end-users of computers, mobile devices, networks, and the Internet, to enable them to use technology more securely.

What Is This Course About?
This course will help you to understand security compliance considerations, social engineering, malware, and various other data security-related concepts. In this course, you will explore the hazards and pitfalls and learn how to use technology safely.

Learn More

CyberSec First Responder

Who Should Attend
This course is designed for information assurance professionals who perform job functions related to the development, operation, management, and enforcement of security capabilities for systems and networks.

What Is This Course About?
In this course, you will develop, operate, manage, and enforce security capabilities for systems and networks.

Learn More

CompTIA A+

Who Should Attend
Those who are getting ready for a career as an entry-level information technology (IT) professional or personal computer (PC) service technician.

What Is This Course About?
In this course, you will acquire the essential skills and information you will need to install, upgrade, repair, configure, troubleshoot, optimize, and perform preventative maintenance of basic personal computer hardware and operating systems.

Learn More

CompTIA Security+

Who Should Attend
This course is targeted toward the information technology (IT) professional who has networking and administrative skills in Windows®-based Transmission Control Protocol/Internet Protocol (TCP/IP) networks; familiarity with other operating systems, such as Mac OS X, Unix, or Linux; and who wants to further a career in IT by acquiring foundational knowledge of security topics; prepare for the CompTIA Security+ certification examination; or use Security+ as the foundation for advanced security certifications or career roles.

What Is This Course About?
In this course, students will implement, monitor, and troubleshoot infrastructure, application, information, and operational security. Students will prepare for the CompTIA Security+ certification examination (SY0-401).

Learn More

CompTIA Network+ 

This course is intended for entry-level computer support professionals with a basic knowledge of computer hardware, software, and operating systems who wish to increase their knowledge and understanding of networking concepts and acquire the required skills to prepare for a career in network support or administration, or who wish to prepare for the CompTIA Network+ certification (Exam N10-006).

Learn More

Free cyber security assessment

Importance of end user cyber security awareness webinar

Data protection training in Ireland for the GDPR

Subscribe for more!

Like our tips and tricks? Like to get your hands our latest keyboard shortcut cheat sheets? Or want to make sure you never miss our webinars and resources? Well subscribe to our Newsletter now!

Subscribe now

View all Security Courses here

Categories: Cybersecurity
Rate this article:

Please login or register to post comments.


Subscribe to our Newsletter

Subscribe to our Newsletter for all the latest cheat sheets and resources.