The ever-growing list of cybersecurity threats looks like something out of a 21st century version of “The Wizard of Oz” — but instead of lions and tigers and bears (oh my!), today’s security professionals must contend with Internet of Things (IoT) data leaks, fragmented cloud infrastructures due to regulations, augmented intelligence (AI)-powered malware and trusted professionals creating a new type of insider threat. This is just a small sample of the emerging threats looming in the shadows of cybersecurity.

Why should you care about tomorrow’s threats today? If you have a better idea of what’s coming over the threat horizon, you can create a better incident response plan to limit or prevent these threats from affecting your data, business and customers. Luckily, forward-looking studies such as the Information Security Forum (ISF)’s “Threat Horizon 2020” report allow business leaders and chief information security officers (CISOs) to better strategize and develop a proactive security system.

Threats Are at an All-Time High

It’s not a stretch to say that we are at a breaking point in cybersecurity. In fact, the final quarter of 2017 saw threat levels at an all-time high. One reason for this surge is that the bad guys are constantly recreating the threat horizon itself, developing new tactics and upgrading strategies for old tactics.

The ISF report noted that technology is outpacing security controls and the pressure to keep up with threats is skewing security professionals’ judgment. Let’s take a closer look at how these two themes fit into the threat horizon, and explore how organizations can overcome these hurdles and improve their incident response and security control systems.

Technology Outpaces Controls

A few years ago, the average person knew nothing about the IoT, and clouds were still just fluffy white things in the sky. Now, everything in your house can be connected and controlled by an app on your smartphone through cloud computing architecture.

Many vendors are more concerned with introducing their technology into the market as quickly as possible than they are with securing those apps and devices. The bad guys know that security controls are an afterthought and take advantage of this lack of awareness to spread malware in novel ways that catch security teams off guard. Take the Mirai botnet, for example, which used IoT devices to infect networks and take down popular websites with a massive distributed denial-of-service (DDoS) attack.

Pressure Skews Judgment

All these new technologies can put a serious strain on your network. Couple this with ever-changing regulations and the growing burden on employees to be diligent about threats, and you have an environment that is filled with pressure, which can affect security professionals’ judgment. They know they have to provide good security platforms, so they may be tempted to focus on quantity and not quality — adding all the bells and whistles of a top security system but not covering the basic areas that need higher levels of protection. They may put a lot of emphasis on perimeter security, for example, when the greatest risk area is actually privileged access management.

Scoping Out the Threat Horizon

Security incidents occur largely because organizations are unprepared. Cybersecurity has long been reactive rather than proactive, focusing on response before prevention. By the time a threat is addressed, the damage is done. This is only going to get worse given the increasing sophistication of the attacks looming on the threat horizon.

“Over the coming years, the very foundations of today’s digital world will shake — violently,” said Steve Durbin, ISF’s managing director. “Innovative and determined attackers, along with seismic changes to the way organizations conduct their operations, will combine to threaten even the strongest establishments. Only those with robust preparations will stand tall.”

Yet, surprisingly few companies have robust preparations in place. A solid incident response plan requires more than just a security platform or a security operations center (SOC). It should take into consideration the scope of business operations and where the greatest risk lie. For example, what kind of incident would constitute a catastrophe for the organization versus a mere inconvenience?

If security professionals don’t understand the company’s risk tolerance, they cannot institute the right type or level of response. The response plan should also designate who is in charge and who has authorization to address potential threats. Finally, incident response requires teamwork. Business leaders must determine when the legal team should be brought in and who will act as the voice of the company in a worst-case scenario.

By keeping their eyes fixed on the threat horizon, security professionals and business leaders can develop the right incident response strategy and put the organization in a better position to fend off the lions, tigers and bears looming in the shadows of the cybersecurity landscape.

Listen to the podcast: Get Smarter About Disaster Response — 5 Resolutions for 2018 and Beyond

More from Incident Response

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything. But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today