Cybercrime Likely Will Worsen in 2018

By Aaron Hightower January 2, 2018
Cybercrime Likely Will Worsen in 2018

​Experts tell SHRM Online that businesses should expect cybercrime to rise this year and that combating the problem will require a stay-the-course attitude.

More than 1,050 organizations have publicly disclosed that they were hacked in the first seven months of 2017, leaving more than a billion records compromised, according to Gemalto, a Belcamp, Md.-based digital security company. Gemalto predicts that hacking last year is on pace to match 2016, during which there were 1,985 data breaches.

Experts say companies from Arby's to Uber became vulnerable to hacking because they neglected cybersecurity initiatives in their race to increase business.

"Really, the root of the problem is companies are [moving] so quickly—getting connected to social media, getting more connected to more places, expanding their footprint—that companies are losing track of their critical assets," said Anthony Dagostino, global head of cyber risk at Willis Towers Watson, a global advisory, insurance brokerage and risk management company based in New York City.

Dagostino also told SHRM Online that employee and consumer data is always vulnerable to sophisticated hacking software. The lack of worldwide anti-hacking regulations isn't helping either.

Combating Cybercrime in 2018

Concentrating on tried-and-true anti-hacking methods—such as employee training, educating consumers on phishing software and beefing up IT security—will remain the best way to combat cybercrime in 2018.

"Consumers can be your biggest ally," said Gregory Kuhn, director of technologies at GYMGUYZ, a Plainview, N.Y.-based in-house personal training company. "Have you ever heard of 'see something, say something?' Your consumers can be educated to operate the same way." He said companies should empower their customers to alert them if they suspect a breach.

So Much Crime, Too Few Employees

Another issue facing HR departments is finding enough people skilled to combat cybercrime.

As SHRM Online reported recently, according to Hacking the Skills Shortage, a global report outlining the talent shortage crisis affecting the cybersecurity industry across companies and nations, 82 percent of IT professionals said there is a shortage of people with cybersecurity skills.

In a new report, The Life and Times of Cybersecurity Professionals, by IT researchers at the Enterprise Strategy Group and the Information Systems Security Association, 70 percent of cybersecurity professionals say their companies have been affected by a shortage of employees with cybersecurity skills or training. Unfortunately, the gap between demand and supply of cybersecurity professionals is expected to grow, as the prevalence of cybersecurity attacks continues to rise.

By 2019 there will be a global shortage of 2 million cybersecurity professionals, states ISACA, a nonprofit information security advocacy group based in Rolling Meadows, Ill.

Demand for cybersecurity talent "significantly outstrips the supply of available workers" in every U.S. state, SHRM Online reported. U.S. employers advertised 285,681 cybersecurity job openings during the 12-month period that ended in September 2017. Nationwide, over 746,000 people work as cybersecurity professionals, according to CyberSeek, a project of the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.S. Department of Commerce.

[SHRM members-only HR Q&A: How to Safeguard Employee Information]

New Global Law Governing Security

Perhaps the biggest weapon against cybercrime is coming in May 2018: The European Union's General Data Protection Regulation (GDPR), which streamlines privacy laws across Europe and imposes fines of up to 20 million euros for foreign and domestic companies whose cybersecurity systems allow breaches of European citizens' data.
The regulation took about two years to craft and was approved by the EU Parliament in April 2016. Regulations in the U.S. are on a state-by-state basis.

New anti-hacking technologies are expected to appear on the market in the coming year; but time will tell if they exceed proven procedures already in place, experts say.

"There are new technologies that intend to identify subtle signals in the way users behave on a network and escalate those for investigation," said Michael Hamilton, founder and president of Seattle-based Critical Infomatics, a cybersecurity detection and retention company.

"These include artificial intelligence and machine learning. However, humans need to remain in that loop. Qualified practitioners are in short supply, expensive and difficult to retain—and this continues to be rate-limiting with respect to getting firmly in front of the problem," he said.

But experts say all is not lost.

"It is inevitable that hacking will continue. Attackers are well-organized and well-funded. Despite this, we should be optimistic about the future of global IT," said Mike Bousquet, co-founder and CEO of Austin, Texas-based identity management company

"New technologies emerge every day along with new companies to bring them to market. There are real people behind these technologies and companies, and good will prevail over evil."

Was this article useful? SHRM offers thousands of tools, templates and other exclusive member benefits, including compliance updates, sample policies, HR expert advice, education discounts, a growing online member community and much more. Join/Renew Now and let SHRM help you work smarter.



Hire the best HR talent or advance your own career.

Member Benefit: Ask-An-Advisor Service

SHRM's HR Knowledge Advisors offer guidance and resources to assist members with their HR inquiries.

SHRM's HR Knowledge Advisors offer guidance and resources to assist members with their HR inquiries.



HR Daily Newsletter

News, trends and analysis, as well as breaking news alerts, to help HR professionals do their jobs better each business day.