Contributor: Rick M Robinson, via securityintelligence.com
The security landscape is constantly evolving and will continue to evolve in 2017. Long-standing security threats will take on new dimensions. Social engineering, for example, will become an output as well as an input. At the same time, the Internet of Things (IoT) continues to open new threat vectors.
Top Four Security Threats of 2017
The new year will certainly bring its share of security surprises. In a recent article, 4 information security threats that will dominate 2017
CIO identified four security threats that deserve particular attention as we head into 2017: the hyperconnectivity of the IoT, the role of cybercrime-as-a-service in powering global crime syndicates, the ongoing challenge of meeting regulatory and legal compliance standards and the rise of attacks aimed at brand reputation.
1. Hyperconnectivity Hazards
The first two of these challenges are broadly technology-driven. Both hyperconnectivity and the IoT arise specifically out of technology progress. With the proliferation of personal mobile devices, we are more richly cross-connected through the web than ever before, which means more potential points of entry for attackers.
This connectivity is extending into domains that were previously offline, creating new types of vulnerabilities that are still poorly understood. Pervasive threats are coming from all directions. This calls for a new and proactive way of thinking about security.
The rise of cybercrime-as-a-service is also reshaping security threats. Connectivity and computing power have made cloud-based service offerings a key component of the legitimate cyber economy.
Unfortunately, these same capabilities are being harnessed by criminal syndicates, giving rise to an ever more sophisticated cybercrime ecosystem. In effect, online burglars no longer need to painstakingly fashion their own lockpicks. Instead, they can obtain sophisticated burglary tools as a service.
3. Compliance Complications
Unlike these technology-driven changes, regulatory compliance challenges are nothing new, merely an ongoing complication of security life. But this is a blinkered view. While individual regulations can always be debated, the compliance environment broadly reflects precisely the growing connectivity that technology is driving.
Security and privacy are at risk in a growing number of ways and in a growing number of domains. Compliance requirements embody an effort to build shared protection standards, which are all the more necessary in an age of hyperconnectivity. Compliance isn’t just about rules — it’s about protection.
It’s critical for IT managers to know where their organizations store sensitive personal information at every stage of the life cycle to protect it. While noncompliance fines are getting stiffer, the cost of a data breachis rising even faster.
4. The Human Element
The term social engineering is typically applied to the input side of security threats, such as the use of phishing attacks on employees to gain access to networks. However, experts and IT professionals are beginning to apply the concept to cybercriminals’ main objective of damaging an organization’s brand or reputation.
The Sony breach of 2014 foreshadowed a world of brand targeting, and some experts expect this cybercrime incentive to come of age in 2017. This new form of mass social engineering is often powered by traditional user errors and oversights, such as hasty clicks or weak passwords. As the human factor becomes a primary target, organizations must build network environments that encourage safe behaviors and discourage risky ones.
Schedule a consultation to learn more about how to prepare for these cybersecurity threats.
If you liked this blog, you also might like our podcast: When IT Leaders Choose Productivity Over Security
Subscribe to our newsletter:
IBM's integrated solutions harness security-relevant information from across your organization, and use analytics and automation to provide context and help you detect threats faster, identify vulnerabilities, prioritize risks, perform forensics analysis and automate compliance activities.&nbsp;
Video: Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Security teams can be overwhelmed by a sea of vulnerabilities–without the contextual data to help them focus their efforts on the weaknesses that are most likely to be exploited. Cyberthreats need to be stopped before they cause significant financial and reputation damage to an organization. You need an endpoint security platform that can detect threats, prioritize risks and respond within minutes to shut down an attack or vulnerability that could compromise your endpoints.IBM BigFix seamlessly integrates with IBM QRadar to provide closed loop vulnerability management, accelerating risk prioritization and incident response to mitigate potential attacks giving you an integrated threat protection system to keep your endpoints and data secure.For more information, please visit http://ibm.co/1oSThIF
Infographic: A survey of the cyber security landscape
Understand the threat landscape to improve your security posture. There’s very little that cyber criminals can do today that’s truly new—and yet, 2015 was filled with serious incidents across the entire industry. View our 2016 Cyber Security Intelligence infographic to learn more, and determine what you can do to improve your security posture.
Video: Endpoint Management with IBM BigFix
Discover, manage and control your endpoints–in real time. With IBM BigFix, you can find and fix problems in minutes with real-time visibility and control into all your endpoints. Our single-console, single-agent, single-server architecture helps reduce the cost, risk and effort of managing virtually any mix of endpoints—so you can focus on higher value projects for increased productivity.To learn more about IBM BigFix, please visit http://ibm.co/1Ok4bBs
Video: IBM MaaS360 Enterprise Mobility Management
IBM MaaS360 has massively redefined mobile security and productivity for enterprise management. Identity and access, malware protection and a containerized environment that feels native await inside your free 30 day trial. Start managing iOS, Android and Windows phones and tablets today https://ibm.biz/Bd4a8g
Study: 2016 Cost of Data Breach Study: Global Analysis
IBM and Ponemon Institute released the 2016 Cost of Data Breach Study: Global Analysis. According to this research, the average total cost of a data breach for the 383 companies participating in this research increased from $3.79 to $4 million. The average cost paid for each lost or stolen record containing sensitive and confidential information increased from $154 in 2015 to $158 in this year’s study.Read the complete report to learn more.
White Paper: Rewriting the rules of patch management with IBM BigFix
Learn how IBM BigFix combines the separate pieces of the patch management puzzle into an intelligent simplified solution.