IoT complexity leads to security vulnerabilities
According to Cisco’s Visual Networking Index (VNI), it is predicted that by 2020 there will be about 26 billion IP network-connected devices. The Internet of Things (IoT) will reach the level of enterprise networks, government systems and the handset of the average user. Largely, security vulnerabilities will continue to take away these connected devices. Due to complexity in protocols and standards, lack of skilled resources to manage the IoT environment, low quality products with poor security measures, and complex architecture, IoT devices are already under attack by hackers, which are predicted to get worse in 2017. In fact, organizations are still not equipped enough to review their popular applications for malware, which results in DDoS attacks, and lead to APTs and ransomware providing entry points into enterprise networks.
The way forward: the battle will be won by those who are able to secure their IoT devices with customized solutions.
To prioritize cloud-protection
Cloud security breaches have long prevented many organizations from adopting cloud computing. However, this year could see a reversal pattern with cloud-security expected to dominate the IT ecosystem. Cloud Security Certificates such as Cloud Security Knowledge (CCSK), Cloud Security Alliance (CSA), and Certified Cloud Security Practitioner (CCSP) provide shelter to organizations planning to join the cloud computing bandwagon. In addition, the industry is generally seen to share best practices and advice on how to safely begin integrating the cloud. Organizations have gained confidence in deploying the cloud, as well as their on-premises solutions, and it is expected that the adoption of the cloud may increase in the coming year. However, the rate of acceleration will depend entirely on strengthening security practices in the cloud and preventing cloud security breaches.
The way forward: investing in cloud security-a-service will make sense for the enterprise as it will help reduce security breaches while reducing the cost of purchasing and maintaining a firewall.
Ransomware and malware everywhere
Beyond the protections offered by most antivirus products and security vendors, malware attacks have become sophisticated over the years. As businesses are seen adopting telecommuting, introducing wearables, and connecting employees dispersed by IoT-enabled devices, attackers are also expected to use technology to access enterprise networks and hack systems through employees’ devices. Mobile malware could be one of the leading problems in 2017 that the enterprise must actively address. In fact, breaches of mobile data can cost an enterprise approximately USD 26 million, according to a study by Lookout, a mobile security company and Ponemon Institute, an independent research firm focused on privacy, data security and information security. Also, with the proliferation of 4G and 5G services and an increase in Internet bandwidth, mobile devices may witness higher vulnerabilities to DDoS attacks.
Along with malware, ransomware will continue to evolve over the next year. There could be an increase in ransomware attacks on cloud and critical servers, as hackers would risk the organizations on Tenterhook to participate in extortion money or shut down the entire operation. However, such payments do not guarantee the future security of their data or the recovery of their current data.
The way forward: stop catching on ransom. Protect your devices and servers with customized security solutions.
Automation to bridge the skill gap
The search for skilled IT resources will continue to be a major issue for the industry, and with it, new ways to fill this gap are expected to emerge. One of the main trends predicted this year will be to use automation to perform certain tasks, especially those that are repetitive or unnecessary. This will help the IT professionals to focus on the important tasks at hand and help the enterprise to make maximum use of their manpower.
The way forward: Implementing the right automation solution will help IT professionals to gain instant access to any malicious threats rather than manually searching for violations.
Secure SDLC, way forward
Although testing is seen to be an important part of application security, it is often removed at a later stage in code development. In the absence of rules or industry standards, companies are often seen adopting their own methods when it comes to coding, with a focus on safely developing code quickly.
The current process for the Software Development Life Cycle (SDLC) has major shortcomings in its subsequent testing – the five main stages – design, development (coding), testing, deployment and maintenance. Security vulnerabilities are usually checked using methods such as pen-testing when the solution is almost ready to be released on the market. This can make the system vulnerable to attacks for any code that remains unchecked. In the coming year, the industry is expected to take a step further by adopting Secure-SDLC to avoid such issues. With sSDLC, changes to the code will be automatically analyzed and developers will be notified immediately in case of any vulnerabilities. This will help developers learn about bugs and make them security conscious. In addition, vendors will be able to prevent vulnerabilities and reduce the incidence of hacking.
The way forward: Secure – Moving towards SDLC will help the enterprise get the code from scratch, saving time and cost in the long run.
MSP will still be a need of the hour
Managed service providers (MSPs) were adopted to help enterprises manage their hosted applications and infrastructure, and many predicted that with the implementation of the cloud, it could be futile. However, over time, it has been observed that MSP is still at the root of many business services. While most businesses have shifted to the cloud, many enterprises with complex applications are unable to move their infrastructure into the cloud ecosystem due to compliance or regulatory issues. This still needs to be managed and maintained.
In addition, the implementation and management of mixed environments, cloud and on-premises requires mature skills. MSP not only helps in providing proper guidance, but also helps enterprises in choosing the right hosting, taking into account the company’s budget and industry compliance and security policies.
The way forward: MSP is expected to move beyond managing the IT environment. Such providers can be a business extension to advise enterprises on policy and process management.
Intelligence threatens to be strategic and collaborative
According to the EY’s Global Information Security Survey, although organizations seem to be making progress in understanding and resisting current cyber attacks and threats, significant improvements are still needed to deal with sophisticated attacks. For example, 86 percent of respondents to the survey said that their cyber-security work does not fully meet the needs of their organization. It is expected that the growing threats, rising cybercrime, geopolitical shocks and terrorist attacks will motivate organizations to develop their approach to cyber attacks.
The inclusion of cyber security strategies in the business process can also be a key component. For example, Microsoft recently unveiled its USD 1 billion investment plan to implement a new integrated security strategy into its portfolio of products and services.
The way forward: Cyber security can no longer be solved by the company in Silo. Enterprises need to solve the problem by working collaboratively by sharing best practices and creating battlefield programs.