[BreachExchange] Cybersecurity Trends 2017: Companies Fight Back

Audrey McNeil audrey at riskbasedsecurity.com
Tue Dec 27 19:56:44 EST 2016


http://www.datacenterjournal.com/cybersecurity-trends-2017-
companies-fight-back/


The waning days of 2016 were dominated by dark news on the IT security
front. Headlines about massive DDoS disruptions, state-sponsored hacking
and other evolving threats are unlikely to change drastically as we enter
the new year, but 2017 will have a bright spot. With cyber threats
increasing and the pool of skilled security talent failing to keep pace,
organizations are reaching a tipping point in what they can tolerate. In
the coming months, we should see companies aggressively fight back to
protect themselves and their customers.

The following are the 2017 cybersecurity trends we’ll be tracking.

1. We’ll see an increase in new vulnerabilities introduced through the
Internet of Things (IoT).

The Mirai code that was released on the Internet in mid-October aided in
deploying an unprecedented DDoS attack against service provider Dyn,
disrupting organizations such as Twitter and Spotify. It essentially takes
over “smart” devices, or devices that are connected to the Internet, to
launch denial-of-service (DoS) attacks. More than 4,800 smart devices
connect to the Internet each minute, and malware such as Mirai, offering
the capability to allow attackers to control these devices, represents an
enormous vulnerability. Like so many other pieces of malicious code before
it, Mirai will morph and undoubtedly fall into the hands of more potential
attackers as it continues to spread.

2. With more hacktivism and nation-states sponsoring cybercrime, countries
will have to consider “cyber arms treaties” to reverse the trend.

Anonymous, New World, WikiLeaks and state-sponsored hackers dominated the
news in 2016. From claiming responsibility for DDoS attacks and website
defacements on organizations as a sign of civil disobedience to stealing
highly classified data and correspondence from the securest of
organizations and politicians, hacktivism in its various forms has been
successful. The real concern for organizations and governments now is the
growing armies of state-sponsored hackers who have essentially unlimited
resources. Countries including China, Russia and the U.S. will have to get
serious about an “arms treaty” or something similar to reverse this trend.

3. The mainstream move to the cloud and mobile computing will turn up the
volume on demands for security that covers the expanding attack surface.

Applications and data are moving to the cloud and mobile devices to
increase access and productivity, as well as to reduce infrastructure and
maintenance costs for organizations. Obviously, all of these are benefits
for employees, customers, organizations and society as a whole. This
transition, however, will undoubtedly create new vulnerabilities. After
all, the “cloud” is just someone else’s computer, and by moving and sharing
information across more devices and people, the attack surface grows—and so
does the opportunity for attackers.

4. Companies will struggle to adapt, understand and adjust to updates in
privacy frameworks.

The General Data Protection Regulation (GDPR) of the EU goes into effect in
May 2018. For companies that control or process the personal data of
Europeans—regardless of whether they’re actually based in Europe—the GDPR
will impose mandatory breach reporting, the right to private-data erasure
and the adoption of privacy by design (which includes data protection in
the development of business processes). Failure to comply will come with
steep fines (4 percent of annual global revenue or 20 million euros for
violations), so businesses will spend 2017 preparing.

5. Consumers and others will lobby more aggressively for protection.

Governmental surveillance will remain under the spotlight, and human-rights
organizations will push for stronger privacy legislation. This pressure for
change will be felt in the private sector, as well, where customers will
ask for more protections in the face of major corporations suffering data
breaches without repercussion. The FTC will become increasingly active in
protecting customers, and the SEC will monitor publicly traded companies
more closely. President-elect Trump will have to choose an orientation with
regard to cybersecurity to consolidate all these regulatory interventions.

6. The security skills shortage will continue.

Defending an organization against cyber attacks takes enormous resources in
both technology and expertise. Many folks forget that the Internet wasn’t
designed to be secure; it was designed to allow people and organizations to
share information. Thus, adding security has been secondary. Most
organizations are trying to plug holes and vulnerabilities, even as new
ones are constantly surfacing. The experts who understand how to anticipate
these vulnerabilities and adequately secure the organization are scarce.
This is one trend that will persist for some time, as attackers need not be
as smart as cybersecurity experts to be successful. And let’s face it:
hackers only have to be right once. The experts have to be right every
time. Attracting new talent and training them adequately will continue to
be a challenge.

7. Companies will fight back.

There is no question that attackers, hacktivists, black hats and other
adversaries have a leg up on the good guys. But every phenomenon has a
tipping point when the pain of these attacks spurs investment and action.
The coming year represents that tipping point. In 2017, companies will get
serious about protecting their intellectual property, customer data and
business continuity. Customers are walking away from businesses that suffer
breaches, and the regulatory environment is such that businesses will need
substantial protection, whether they build it into their organizations or
outsource the responsibility.

In many ways, 2017 represents the continuation and evolution of
cybersecurity stories that began in 2016. The plot twist we can all look
for, however, will inevitably be that organizations of all shapes and sizes
are realizing the stakes of this cyberwar and are taking a firm stand to
protect their customers, employees, intellectual property and ability to
thrive amidst constant attacks from the world’s malicious actors.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161227/655d8a7d/attachment.html>


More information about the BreachExchange mailing list