Light Dark
April 10, 2018 By Sue Poremba 3 min read
Incident Response
CISO
Risk Management

The ever-growing list of cybersecurity threats looks like something out of a 21st century version of “The Wizard of Oz” — but instead of lions and tigers and bears (oh my!), today’s security professionals must contend with Internet of Things (IoT) data leaks, fragmented cloud infrastructures due to regulations, augmented intelligence (AI)-powered malware and trusted professionals creating a new type of insider threat. This is just a small sample of the emerging threats looming in the shadows of cybersecurity.

Why should you care about tomorrow’s threats today? If you have a better idea of what’s coming over the threat horizon, you can create a better incident response plan to limit or prevent these threats from affecting your data, business and customers. Luckily, forward-looking studies such as the Information Security Forum (ISF)’s “Threat Horizon 2020” report allow business leaders and chief information security officers (CISOs) to better strategize and develop a proactive security system.

Threats Are at an All-Time High

It’s not a stretch to say that we are at a breaking point in cybersecurity. In fact, the final quarter of 2017 saw threat levels at an all-time high. One reason for this surge is that the bad guys are constantly recreating the threat horizon itself, developing new tactics and upgrading strategies for old tactics.

The ISF report noted that technology is outpacing security controls and the pressure to keep up with threats is skewing security professionals’ judgment. Let’s take a closer look at how these two themes fit into the threat horizon, and explore how organizations can overcome these hurdles and improve their incident response and security control systems.

Technology Outpaces Controls

A few years ago, the average person knew nothing about the IoT, and clouds were still just fluffy white things in the sky. Now, everything in your house can be connected and controlled by an app on your smartphone through cloud computing architecture.

Related: Operational Integrity and Incident Response for IoT Security

Many vendors are more concerned with introducing their technology into the market as quickly as possible than they are with securing those apps and devices. The bad guys know that security controls are an afterthought and take advantage of this lack of awareness to spread malware in novel ways that catch security teams off guard. Take the Mirai botnet, for example, which used IoT devices to infect networks and take down popular websites with a massive distributed denial-of-service (DDoS) attack.

Pressure Skews Judgment

All these new technologies can put a serious strain on your network. Couple this with ever-changing regulations and the growing burden on employees to be diligent about threats, and you have an environment that is filled with pressure, which can affect security professionals’ judgment. They know they have to provide good security platforms, so they may be tempted to focus on quantity and not quality — adding all the bells and whistles of a top security system but not covering the basic areas that need higher levels of protection. They may put a lot of emphasis on perimeter security, for example, when the greatest risk area is actually privileged access management.

Scoping Out the Threat Horizon

Security incidents occur largely because organizations are unprepared. Cybersecurity has long been reactive rather than proactive, focusing on response before prevention. By the time a threat is addressed, the damage is done. This is only going to get worse given the increasing sophistication of the attacks looming on the threat horizon.

“Over the coming years, the very foundations of today’s digital world will shake — violently,” said Steve Durbin, ISF’s managing director. “Innovative and determined attackers, along with seismic changes to the way organizations conduct their operations, will combine to threaten even the strongest establishments. Only those with robust preparations will stand tall.”

Yet, surprisingly few companies have robust preparations in place. A solid incident response plan requires more than just a security platform or a security operations center (SOC). It should take into consideration the scope of business operations and where the greatest risk lie. For example, what kind of incident would constitute a catastrophe for the organization versus a mere inconvenience?

If security professionals don’t understand the company’s risk tolerance, they cannot institute the right type or level of response. The response plan should also designate who is in charge and who has authorization to address potential threats. Finally, incident response requires teamwork. Business leaders must determine when the legal team should be brought in and who will act as the voice of the company in a worst-case scenario.

By keeping their eyes fixed on the threat horizon, security professionals and business leaders can develop the right incident response strategy and put the organization in a better position to fend off the lions, tigers and bears looming in the shadows of the cybersecurity landscape.

Listen to the podcast: Get Smarter About Disaster Response — 5 Resolutions for 2018 and Beyond

 |  |  |  |  |  | 
Sue Poremba

More from Incident Response
May 14, 2024

3 recommendations for adopting generative AI for cyber defense

3 min read - In the past eighteen months, generative AI (gen AI) has gone from being the source of jaw-dropping demos to a top strategic priority in nearly every industry. A majority of CEOs report feeling under pressure to invest in gen AI. Product teams are now scrambling to build gen AI into their solutions and services. The EU and US are beginning to put new regulatory frameworks in place to manage AI risks.Amid all this commotion, hackers and other cybercriminals are hardly…

May 3, 2024

What we can learn from the best collegiate cyber defenders

3 min read - This year marked the 19th season of the National Collegiate Cyber Defense Competition (NCCDC). For those unfamiliar, CCDC is a competition that puts student teams in charge of managing IT for a fictitious company as the network is undergoing a fundamental transformation. This year the challenge involved a common scenario: a merger. Ten finalist teams were tasked with managing IT infrastructure during this migrational period and, as an added bonus, the networks were simultaneously attacked by a group of red…

April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature