Information security is getting tougher every year. The Internet of Things, cloud infrastructure growth, widespread mobile device use, the explosion of social media, and similar factors have resulted in an environment where security breaches are not only increasing in number, but also in intensity and area of influence.
Despite this rapid growth, the United Kingdom’s Department for Culture, Media & Sport’s Cyber Security Breaches Survey 2016 surprisingly shows that only 69% of enterprise senior managers consider cyber security as high priority, and just 51% of those enterprises have acted on recommended actions against cyber risks.[1] Moreover, only 29% of enterprises surveyed had a formal cyber security policy, and only 10% possessed a formal incident management plan.
Enterprise senior managers require increased awareness of both recent security breach statistics and current trends, in order to begin understanding the IT world’s security challenges and to become more conscious of security in general and information security in particular. The following are just a few of the most relevant trends expected for 2017.
Increased connectivity and escalated risks
The Internet of Things (IoT) promises the networking of home appliances, buildings, vehicles, weapons, sensors, etc. It is estimated that around 50 billion ‘things’ will comprise IoT by 2020.[2] However, such a direct integration of the physical world and computer-based systems also results in the integration of the physical world’s insecurities with those of the digital world. Therefore, 2017 is predicted to bring a high risk of IoT breaches. As more work is done to extend IoT in developed countries, the increased connectivity will continue to expand the potential attack surface for cybercrimes.
Monetization of cyber crimes
Gone are the days when cyber criminals were operating only covertly and from constrained environments. Some modern-day criminals now bluntly sell cyber attacks as service. They have well-established organizations, structured partnerships and collaborations, and complex chains of command. They are also no longer likely to be localized offenders; instead, they are truly globalized, with the help of the same technology frequently used by the public for legal activities.
Even more dangerous than their amassed sophistication is that these criminals have no sense of honor, duty, or loyalty. Rather, they are ready to monetize any criminal act for any person or entity, meaning dire consequences for the IT world as a whole and for business enterprises in particular.
New malware and ransomware
Malware has long been a potent threat for enterprises and for home users. In recent years, with the introduction of IoT, increasing reliance on cloud services and mobile/smart devices has allowed the malware industry to target bigger and more valuable objectives.
Ransomware can affect home users, government departments, educational institutions, and the health sector, just to name a few popular targets. Home desktops and smartphones, due to less protection and lack of backups, are normally easy targets, but business enterprises represent bigger and more valuable goals, especially when subjected to denial of service for ransom.
Cyber Terrorism
A full-fledged terrorist attack launched from within cyberspace could be devastating for affected nations, if not for the world as a whole. To get an idea of such an attack, imagine hackers firing nuclear weapons, bringing down all or a major portion of Internet services around the world, or attacking some nation’s government departments. These are just some of the potential cyber terrorism avenues available due to the advent of IoT, coupled with increased reliance on connectivity.
Greater focus on improving defenses
While a 2017 cyber forecast may seem to be a bleak picture, the positive is that these potential threats also come with recommended defense strategies.
As threats go global, it is imperative that cyber protectors work together. By focusing on connectivity’s benefits, rather than threats, information security organizations can cooperate and collaborate more closely than ever. Incident reporting and response mechanisms can be coordinated globally, especially among neighboring entities.
Threat intelligence sharing should begin to reach its peak in 2017. Governments should consider creating necessary legislation to allow law enforcement agencies access to the requisite technical expertise and resources to efficiently deal with cybercrimes. The IT industry and academia should join hands in devising better-secured products with reasonable profit margins.
Conclusion
As technology grows, so too do security threats. There is no doubt that information security threats are growing each day as technology and the way people use it rapidly changes. On the other hand, careful study of current security threats, based on available data, can provide better protection against such threats, today and in the future.
[1] https://www.gov.uk/government/publications/cyber-security-breaches-survey-2016
[2] http://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf
About the Author
Abdul B. Subhani is the founder and President/CEO of Centex Technologies, an IT consulting company with offices in Central Texas, Dallas, and Atlanta. He is also an adjunct faculty member of the Texas A&M University - Central Texas computer information systems department. Abdul is a Certified Ethical Hacker, a Certified Fraud Examiner, Certified in Risk and Information Systems Control, a Texas Licensed Private Investigator, member of FBI Infragard and the recipient of multiple other advanced IT credentials. Abdul has been a frequent keynote speaker, moderator, and panelist at leading international technology conferences, and he has given speeches to thousands of students at colleges and universities.