The ever-growing list of cybersecurity threats looks like something out of a 21st century version of “The Wizard of Oz” — but instead of lions and tigers and bears (oh my!), today’s security professionals must contend with Internet of Things (IoT) data leaks, fragmented cloud infrastructures due to regulations, augmented intelligence (AI)-powered malware and trusted professionals creating a new type of insider threat. This is just a small sample of the emerging threats looming in the shadows of cybersecurity.

Why should you care about tomorrow’s threats today? If you have a better idea of what’s coming over the threat horizon, you can create a better incident response plan to limit or prevent these threats from affecting your data, business and customers. Luckily, forward-looking studies such as the Information Security Forum (ISF)’s “Threat Horizon 2020” report allow business leaders and chief information security officers (CISOs) to better strategize and develop a proactive security system.

Threats Are at an All-Time High

It’s not a stretch to say that we are at a breaking point in cybersecurity. In fact, the final quarter of 2017 saw threat levels at an all-time high. One reason for this surge is that the bad guys are constantly recreating the threat horizon itself, developing new tactics and upgrading strategies for old tactics.

The ISF report noted that technology is outpacing security controls and the pressure to keep up with threats is skewing security professionals’ judgment. Let’s take a closer look at how these two themes fit into the threat horizon, and explore how organizations can overcome these hurdles and improve their incident response and security control systems.

Technology Outpaces Controls

A few years ago, the average person knew nothing about the IoT, and clouds were still just fluffy white things in the sky. Now, everything in your house can be connected and controlled by an app on your smartphone through cloud computing architecture.

Many vendors are more concerned with introducing their technology into the market as quickly as possible than they are with securing those apps and devices. The bad guys know that security controls are an afterthought and take advantage of this lack of awareness to spread malware in novel ways that catch security teams off guard. Take the Mirai botnet, for example, which used IoT devices to infect networks and take down popular websites with a massive distributed denial-of-service (DDoS) attack.

Pressure Skews Judgment

All these new technologies can put a serious strain on your network. Couple this with ever-changing regulations and the growing burden on employees to be diligent about threats, and you have an environment that is filled with pressure, which can affect security professionals’ judgment. They know they have to provide good security platforms, so they may be tempted to focus on quantity and not quality — adding all the bells and whistles of a top security system but not covering the basic areas that need higher levels of protection. They may put a lot of emphasis on perimeter security, for example, when the greatest risk area is actually privileged access management.

Scoping Out the Threat Horizon

Security incidents occur largely because organizations are unprepared. Cybersecurity has long been reactive rather than proactive, focusing on response before prevention. By the time a threat is addressed, the damage is done. This is only going to get worse given the increasing sophistication of the attacks looming on the threat horizon.

“Over the coming years, the very foundations of today’s digital world will shake — violently,” said Steve Durbin, ISF’s managing director. “Innovative and determined attackers, along with seismic changes to the way organizations conduct their operations, will combine to threaten even the strongest establishments. Only those with robust preparations will stand tall.”

Yet, surprisingly few companies have robust preparations in place. A solid incident response plan requires more than just a security platform or a security operations center (SOC). It should take into consideration the scope of business operations and where the greatest risk lie. For example, what kind of incident would constitute a catastrophe for the organization versus a mere inconvenience?

If security professionals don’t understand the company’s risk tolerance, they cannot institute the right type or level of response. The response plan should also designate who is in charge and who has authorization to address potential threats. Finally, incident response requires teamwork. Business leaders must determine when the legal team should be brought in and who will act as the voice of the company in a worst-case scenario.

By keeping their eyes fixed on the threat horizon, security professionals and business leaders can develop the right incident response strategy and put the organization in a better position to fend off the lions, tigers and bears looming in the shadows of the cybersecurity landscape.

Listen to the podcast: Get Smarter About Disaster Response — 5 Resolutions for 2018 and Beyond

More from Incident Response

How Paris Olympic authorities battled cyberattacks, and won gold

3 min read - The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions.In preparation for expected attacks, authorities took several proactive measures to ensure the security of the event.Cyber vigilance programThe Paris 2024 Olympics implemented advanced threat intelligence, real-time threat monitoring and incident response expertise. This program aimed to prepare Olympic-facing organizations…

How CIRCIA is changing crisis communication

3 min read - Read the previous article in this series, PR vs cybersecurity teams: Handling disagreements in a crisis. When the Colonial Pipeline attack happened a few years ago, widespread panic and long lines at the gas pump were the result — partly due to a lack of reliable information. The attack raised the alarm about serious threats to critical infrastructure and what could happen in the aftermath. In response to this and other high-profile cyberattacks, Congress passed the Cyber Incident Reporting for Critical…

PR vs cybersecurity teams: Handling disagreements in a crisis

4 min read - Check out our first two articles in this series, Cybersecurity crisis communication: What to do and Crisis communication: What NOT to do. When a cyber incident happens inside an organization, everyone in the company has a stake in how to approach remediation. The problem is that not everyone agrees on how to handle the public response to cyber crisis communication. Typically, in any organization, the public relations team handles the relationship between the company and the media, who then decide…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today