CyberSponse’s Cybersecurity Predictions for 2017
Each year brings new challenges for IT security professionals; we work tirelessly to remain one step ahead in the constant cat-and-mouse game of defending our data and infrastructure from cybercriminals. This year was no different. 2016 proved to be a particularly tumultuous year with many high-profile cybersecurity failures across business, government, and more:
- According to a new report published by the Office of the U.S. Director of Intelligence, Russian President Vladimir Putin ordered cyber attacks designed to defame Secretary Hillary Clinton. This attempted to swing public opinion, making the election of President-elect Donald Trump more likely.
- The hacking of popular infidelity dating website Ashley Madison made news headlines in February, with the Guardian reporting that 30 million user accounts were compromised.
- Internet juggernaut Yahoo was hacked, leading to 1 billion accounts being compromised according to the New York Times. This followed a previous disclosure stating that a separate attack had put 500 million user accounts at risk.
- Industrial Control System (ICS) attacks, such as the recent attack on Ukraine’s power grid, continue to be a problem with wide-reaching effects, often interrupting the lives of millions of people. Terrorist efforts could incorporate these in the future.
If nothing else, this year has reinforced that even many of the largest corporations are susceptible to aggressive cyber-attacks. If you want to maintain consumer confidence, it’s necessary to make new investments in IT security. Constant vigilance on the part of security professionals is also a must.
Many improvements have been made in the IT security of the average firm over the last few years, but there are a variety of issues that we’ve carried over from 2016 which will continue to cause vulnerabilities in the new year:
- Missing operational and response plans: Having an effective incident response plan is crucial to identifying and containing threats as quickly as possible, which greatly decreases the potential damages. If your organization lacks an incident response plan, head over to IncidentResponse.com to get free templates you can use to start developing one. Obviously, you’ll need to customize this to meet the unique security needs of your organization. However, it helps to have a framework to start from.
- Lack of automation: According to a study conducted by Statista in July of 2016, only 30% of North American businesses have implemented IT automation. This cannot last long. Without some degree of automation, the demands upon IT professionals will become too overwhelming, as they battle to maintain the integrity of their network and protect valuable intellectual property. While the need for automation is readily apparent, the realities of implementation can prove difficult. If you need help finding ways to implement automation and streamline your incident detection and response, contact us today.
- Password management issues: Many of the measures we take to increase security, such as requiring customers to update their password at regular intervals or requiring certain characters to be included, such as capital letters or numbers, often backfire, particularly with older or less tech-savvy staff. We’ve all seen the post-it note with a password stuck to the monitor and cringed. Instead, it’s important to take a human-centered approach to increase password security. Our recommendation? Implement a password manager such as LastPass that will allow users to have a single, secure password to access the software which will then create encrypted, randomized passwords for each website and application as needed.
- Unsecured communications: Average employees are far less concerned with information security than IT professionals, and may not realize when they are discussing sensitive intellectual property using unsecured means of communication. The popular bring-your-own-device (BYOD) philosophy has made this problem more prevalent. This results in employees instinctively defaulting to methods such as text or instant messaging. We suggest implementing an encrypted messaging system such as Wickr that employees can use on their own devices, maintaining the ease of use found in texts and instant messages while protecting internal discussions from being easily intercepted.
Looking forward: Cybersecurity predictions for 2017
As we look to 2017, there will doubtless be new, more sophisticated attacks. White hat IT professionals will have to adapt yet again to stay one step ahead of cybercriminals intent on stealing user data, intellectual property, and interrupting day-to-day operations. Here are our predictions for the upcoming year:
1. Greater collaboration
As attacks rise, costing businesses more and more over time, it’s our belief that cybersecurity professionals and law enforcement officials will be collaborating more frequently. This will be important in combatting cyber-attacks and apprehending cyber criminals. In addition, physical security measures and cybersecurity professionals will become increasingly intertwined in protecting key intellectual property assets.
2. Internet of Things introduces new vulnerabilities
One of the trends this holiday season was “smart devices” for the home, such as Amazon’s Echo and Google’s Home. Throughout and beyond 2017, more smart devices will connect to our networks, providing more potential points of vulnerability for hackers. We predict that securing these new devices will be a major focus for IT professionals in the coming years.
3. Greater automation
According to Symantec, more than 430 million unique new pieces of malware were discovered in 2015, representative of the steady increase in the volume of threats we’ve seen for years. To combat this, organizations of all sizes must move beyond the manual review of threats and implement automation for detection. Larger organizations can also benefit from automating their response to some degree. This allows us to utilize software to deploy pre-determined solutions against known threats.
As we look forward to the year ahead, it’s important to assess the threat landscape. We must do so in order to effectively combat cyber criminals and maintain the integrity of our systems. In many ways, this new year will be a natural progression from the lessons of the last. Hackers’ increasingly complex attacks will require a more advanced defense strategy.