Time to discuss upcoming cyber security industry trends for 2017. Where do top industry thought leaders see cyber security heading this year?
Top Cyber Security Trends for 2017
Cyber Security will Become a Strategic Part of Organizations
With more coverage of cyber attacks, companies are approaching cyber securitymore proactively. Noam Rosenfeld, SVP, Cyber Intelligence Solutions, Verint Systems, “In 2017, CIOs will have had enough. Cyber security defense will become more than just a series of approximations. They will demand that cyber security becomes a strategic and integral part of the greater organization.” Noam sees a trend in which companies will evaluate security solutions via ROI, where ROI in the case of cyber is calculated via how well the solution can discover, investigate and stop the most dangerous threats before they have a significant impact on the business.
More Focus on Individual User Behavior and Insider Threats
One thing everyone in the industry can agree upon is no company wants their data compromised. With loads of new technology being released, companies are looking for the latest and most user friendly features within a product to help them identify insider threats. Isaac Kohen, CEO of Teramind, states “there’s nothing conventional about insider threats so you can’t approach detecting and blocking them in a conventional way.” Teramind has recently developed a new feature, intelligent session mining, that allows a user’s entire screen to be searchable, including inside images. So for example, if you want to see which users ever saw a specific person’s social security number on their screen – then you can do it in a matter of seconds.
Increasingly, security breaches occur due to actions employees take while at work. Whether those actions are malicious and intentional or simply accidental, the consequences are profound. Additionally, as companies become more technologically integrated, they need to source out many requirements, introducing third-party vendors and more risk. Simon Townsend, Chief Technologist at Ivanti, points to the Center for Internet Security’s (CIS) first five security controls as a good guide of what to look out for. In particular he mentions dynamic whitelisting and using the trusted ownership model to prevent unauthorized code execution.
Shoring up Defenses within Financial Systems
One of the biggest upcoming issues will be securing our financial systems—both commercial and personal. The adoption of digital wallets, more connected devices (including IoT), and the spread of online payment systems all lead to broadening our exposure and risk. According Bill Ho, CEO of Biscom, “As we increasingly place our trust in electronic banking systems and financial transactions, we’re also at greater risk of having our electronic bank balances hacked.” Trends show financial companies trying to increase their security via features such as voice authentication, biometric initiatives, and more secure forms of communication between banks and customers. As more and more stories are published about customer’s private data being exposed, more customers are becoming aware, pushing financial companies to spearhead cyber security efforts in 2017.
Controlling Data in the Hands of 3rd Parties
Where yesterday’s IT security staff would work to protect the organization’s IT perimeter, today’s IT organizations must admit that such a perimeter no longer exists. Companies are increasingly turning to SaaS to leverage and implement new technology within their organization. According to Richard A. Spires, CEO of Learning Tree International, “While cloud computing and SaaS business models can enable IT organizations to lower infrastructure costs and enable more agility to support customers, it also increases the complexity in dealing with IT security. Not only is the IT organization giving up control (and visibility) into some of its IT infrastructure, to the degree it is leveraging SaaS-based applications, it is also having third parties store and control sensitive data.” Third party vendors will need to be monitored more carefully in the future and companies will need to implement the proper procedures to take this into account.
New Encryption for Websites
Developed and funded by the American Department of Defense, OpenSSL is by-far the de facto standard for encrypting data at rest and data in transit. January introduced “not secure” messages for all HTTP webpages that have a password field or collect credit card data. According to Michael Fowler, president of Comodo CA, “The importance of secure socket layer (SSL) encryption for websites, so users and small business owners that collect PII know that their sensitive info is safe and secure, will grow exponentially—especially as some key January deadlines approach. SSL is used to encrypt data, authenticate the server and verify the integrity of messages.”
Hackers Train their Sights on Small to Medium Companies
With larger enterprises and corporations investing in more tools to prevent cyber security attacks and data theft, Justin Giardina, CTO of iLand, says “While historically, it was the biggest organizations with the most attractive data that got hacked, increasing numbers of malicious attacks targets smaller, often weaker, targets. So, we’ll see medium-sized enterprises raising their security and business continuity efforts.” Based on his past experience, Giardina believes “often, they’ll turn to cloud vendors to provide that security and maintain those systems, as they represent a fast path to the latest technology.”
Collaboration and Cloud Will Dictate Data Protection Policies
More and more companies collaborate using cloud services, for example Office365, which means they need to take new security precautions. Tzach Kaufmann, CTO and founder, Covertix, suggests that “CISOs will need to study the flow and usage of data, and this visibility will dictate their data protection policies. They’ll be able to apply resources more effectively once they see what needs to be protected where.”That means doing due diligence on cloud, increasing security awareness training for IT staff and regular employees and, depending on their size, requiring the cloud partner to demonstrate that their connection to the enterprise collaboration and ERP systems does not threaten the same. Target and other companies were attacked via their less-well-protected vendors.
Disaster Recovery Solutions
Some things will never change – we never know what’s going to happen next. One thing we can do is protect our organization’s from the unpredictable “next” by implementing disaster recovery solutions. According to Paul Zeiter, President, Zerto, “In the next year we are going to see a rebalancing of spend from traditional security solutions to data protection and recovery. CIOs and CEOs are starting to recognize that millions of dollars in IT security investments, while critically important, are just not enough when a disaster such as a hack or ransomware breaks through the perimeter or a natural disaster like a hurricane floods their data center.”
So there you have it – insights from the experts about what the top cyber security trends will be in 2017!