IoT complexity to lead towards security vulnerability
According to Cisco’s Visual Networking Index (VNI), it is predicted that there will be around 26 billion network-connected IP devices by 2020. With the Internet of Things (IoT) reaching the levels of enterprise networks, government systems and the phones of general users to such a large-scale security vulnerability will continue to affect these connected devices. Due to the complexity of protocols and standards, the lack of skilled resources to manage the IoT environment, low-quality products with vulnerable security measures, and complex architectures, IoT devices have already been attacked by hackers, leading to which is projected to get worse in 2017. In fact, organizations are still not sufficiently equipped to check even their popular apps for malware, which is leading to DDoS attacks and even providing an entry point into networks of companies for APT and ransomware.
The way forward: The battle will be won by those who can secure their IoT devices with custom solutions.
Cloud security gains prominence
Cloud security breaches have prevented many organizations from adopting cloud computing for a long time. However, a reverse pattern may be seen this year and cloud security is expected to gain prominence in the IT ecosystem. Cloud security certifications such as the Certificate of Cloud Security Knowledge (CCSK), Cloud Security Alliance (CSA), and Certified Cloud Security Practitioner (CCSP) provide a sense of haven to organizations planning to join the cloud computing bandwagon. . In addition, it is observed that the industry in general shares best practices and advice on how to start integrating the cloud securely. With organizations gaining confidence in deploying the cloud, as well as their on-premises solutions, cloud adoption is expected to increase in the coming year. However, the acceleration rate would be entirely dependent on strengthening cloud security practices and reducing cloud security gaps.
The way forward: Investing in Cloud Security-as-a-Service would make sense for enterprises, as it will help minimize security breaches, while lowering the costs of purchasing and maintaining firewalls.
Ransomware and malware everywhere
Malware attacks have become sophisticated over the years as they continue to transform, going beyond the defenses offered by most antivirus products and security vendors. As companies are seen to embrace telecommuting, introduce portable devices, and connect dispersed workforces through IoT-enabled devices, attackers are also expected to use technology to gain access to enterprise networks through the devices. of the employees and hack into the system. Mobile malware could be one of the top issues in 2017 that companies need to proactively address. In fact, a mobile data breach can cost a company around $26 million, according to a study conducted by Lookout, a mobile security company, and the Ponemon Institute, an independent research firm focused on privacy, data protection and information security. Additionally, with the proliferation of 4G and 5G services and the increase in Internet bandwidth, mobile devices may experience increased vulnerability to DDoS attacks.
Along with malware, ransomware will also continue to evolve in the coming year. Ransomware attacks on the cloud and critical servers may see an increase, as hackers would keep organizations on edge to part with the extortion proceeds or risk shutting down an entire operation. However, such payments may not even guarantee companies the future security of their data or even the recovery of their current data.
The way forward: stop being kidnapped. Protect your devices and servers with custom security solutions.
Automation to circumvent the skills gap
Finding skilled IT resources will continue to be a major issue for the industry, and with it, newer methods of bridging this gap are also expected to emerge. One of the main trends expected for this year would be the use of automation to perform certain tasks, especially those that are repetitive or redundant. This would help IT professionals to focus on the important tasks at hand and businesses to get the most out of their manpower.
The way forward: Implementing the right automation solution will help IT professionals gain instant access to any malicious threats instead of manually scanning for breaches.
Secure SDLC, the way forward
Although testing is considered an important part of application security, it is often relegated to a later stage in code development. In the absence of regulations or industry standards, it is often seen that companies adopt their own methods when it comes to coding, focusing on developing code quickly rather than doing it securely.
The current process for the software development life cycle (SDLC) with its five main phases: design, development (coding), testing, deployment and maintenance, has the major shortcoming that testing is done at a later stage. Security vulnerabilities are usually verified using methods such as penetration testing at a time when the solution is almost ready to be released to the market. This could make the system susceptible to attack by any code that remains unverified. In the coming year, it is expected that the industry can go one step further by adopting Secure-SDLC (sSDLC) to circumvent such problems. With sSDLC, code changes will be automatically scanned and developers will be notified immediately in the event of any vulnerability. This will help educate developers about bugs and make them security aware. In addition, providers will also be able to prevent vulnerabilities and minimize hacking incidents.
The Way Forward: Moving to secure SDLC will help companies get the code right the first time, saving time and cost in the long run.
MSP will continue to be the need of the hour
The Managed Service Provider (MSP) was adopted to help enterprises manage their hosted applications and infrastructure, and many predicted that with cloud deployment, it could become redundant. However, over time, it has been seen that MSP is still at the core of many business services. While most companies have moved to the cloud, many companies with mission-critical applications are unable to bring their infrastructure to the cloud ecosystem due to regulatory or compliance issues. These still need to be managed and maintained.
Additionally, deploying and managing mixed environments, cloud and on-premises, require mature skill sets. MSP not only helps provide the right guidance, but even helps companies choose the right hosting, taking into account the company’s budget and prevailing industry security and compliance policies.
The way forward: MSP is expected to go beyond managing the IT environment. Such providers can become a business extension for companies to advise them on policy and process management.
Threat intelligence to become strategic and collaborative
According to the EY Global Information Security Survey, while organizations are seen to be making progress in the way they detect and resist today’s cyber attacks and threats, considerable improvement is still needed to deal with sophisticated attacks. For example, 86% of respondents said their cyber security function did not fully meet the needs of their organization. Growing threats, increased cybercrime, geopolitical upheavals, and terrorist attacks are expected to continue to drive organizations to evolve their approach to resisting cyberattacks.
Incorporating the cyber security strategy into the business process can also become an important component. Microsoft, for example, recently unveiled its billion-dollar investment plans to implement a new integrated security strategy across its entire portfolio of products and services.
The way forward: Cyber security can no longer be addressed in silos by one company. Companies must address the problem by working collaboratively by sharing best practices and creating war room programs.