Information security threats to watch through 2018
The Information Security Forum (ISF), a nonprofit association that researches and analyzes security and risk management issues, recently published its ‘Threat Horizon’ report. Outlined below are some of the major information security threats that organizations need to be aware of in 2018, along with some tips for mitigating the risks.
1) Technology adoption dramatically expands the threat landscape
Technology already forms an integral part of everyday modern society – both at a professional and a personal level. The ISF predicts our dependence on tech is set to increase further over the next two years. Steve Durbin, managing director of the ISF explains that while technological devices improve and streamline workflows for organizations through increased connectivity, the threat landscape becomes even more complex.
● IoT and sensitive information – Cutting edge technologies and IoT devices speed up, streamline, and improve workflows but they are inherently insecure in their design, creating opportunity for attackers to infiltrate an organization’s systems and any personal data stored within them. Before deploying any new technologies in 2018, organizations must first consider what information is being collected and shared, and be sure to implement robust security policies and processes before adding any new IoT devices to their network.
● Cyber attacks – Persistent cybersecurity incidents can cause significant business disruption, as well as reduce the effectiveness of existing security controls. Now is the time to adapt risk management processes, ensuring to account for new and developing capabilities and technology.
2) Ability to protect is progressively compromised
The Threat Horizon report suggests that already established risk management and protection strategies are frequently eroded or compromised by a variety of internal or external (usually non-malicious) actors.
● Cyber insurance safety net is pulled away – The ISF predicts that an increasing number of large scale data breaches will result in significant financial losses for the insurance companies that have miscalculated the level of risk and undersold cyber polices. Organizations will be left faced with increased premiums, more stringent requirements, and fewer options to choose from, so it’s vital to reassess existing risk management strategies and policies, particularly if relying on a cyber insurance safety net.
3) Governments become increasingly interventionist
The ISF believes governments will take greater interest in scrutinizing technology by adopting a more intrusive approach in dealing with organizations that use mobile devices for handling personal information.
● Criminal capabilities expand gaps in international policing – Cyber-criminals are becoming increasingly sophisticated in their approach. The ISF believes that their capabilities will extend beyond those of their victims, diminishing many of the existing risk management abilities that organizations have in place. Organizations should adapt accordingly, implementing robust system controls, conducting regular risk assessments, and training staff.
● Regulations fragment the cloud – Regulatory and legislative changes may force new restrictions on the ways that personal data is handled. The report suggests that this is likely to have a direct impact on the deployment of cloud services. Organizations should be proactive and ensure they are well prepared for such changes.
With information security threats only set to intensify over the next two years, organizations risk becoming vulnerable targets unless they take prompt action to defend themselves when dealing with increasingly complex technologies. Failure to respond to the recommendations in this report may only make matters worse.
The ISF concludes that “Many organizations will struggle to survive as the pace of change deepens. Therefore, at least until a conscious decision is taken to the contrary, these themes should appear on the radar of every organization, regardless of their size.”
The full Threat Horizon Report can be downloaded using the following link https://www.securityforum.org/research/threat-horizon-2e-of-uncertainty/