January 9, 2017 By Rick M Robinson 2 min read

The security landscape is constantly evolving and will continue to evolve in 2017. Long-standing security threats will take on new dimensions. Social engineering, for example, will become an output as well as an input. At the same time, the Internet of Things (IoT) continues to open new threat vectors.

Top Four Security Threats of 2017

The new year will certainly bring its share of security surprises. CIO identified four security threats that deserve particular attention as we head into 2017: the hyperconnectivity of the IoT, the role of cybercrime-as-a-service in powering global crime syndicates, the ongoing challenge of meeting regulatory and legal compliance standards and the rise of attacks aimed at brand reputation.

1. Hyperconnectivity Hazards

The first two of these challenges are broadly technology-driven. Both hyperconnectivity and the IoT arise specifically out of technology progress. With the proliferation of personal mobile devices, we are more richly cross-connected through the web than ever before, which means more potential points of entry for attackers.

This connectivity is extending into domains that were previously offline, creating new types of vulnerabilities that are still poorly understood. Pervasive threats are coming from all directions. This calls for a new and proactive way of thinking about security.

2. Cybercrime-as-a-Service

The rise of cybercrime-as-a-service is also reshaping security threats. Connectivity and computing power have made cloud-based service offerings a key component of the legitimate cyber economy.

Unfortunately, these same capabilities are being harnessed by criminal syndicates, giving rise to an ever more sophisticated cybercrime ecosystem. In effect, online burglars no longer need to painstakingly fashion their own lockpicks. Instead, they can obtain sophisticated burglary tools as a service.

3. Compliance Complications

Unlike these technology-driven changes, regulatory compliance challenges are nothing new, merely an ongoing complication of security life. But this is a blinkered view. While individual regulations can always be debated, the compliance environment broadly reflects precisely the growing connectivity that technology is driving.

Security and privacy are at risk in a growing number of ways and in a growing number of domains. Compliance requirements embody an effort to build shared protection standards, which are all the more necessary in an age of hyperconnectivity. Compliance isn’t just about rules — it’s about protection.

It’s critical for IT managers to know where their organizations store sensitive personal information at every stage of the life cycle to protect it. While noncompliance fines are getting stiffer, the cost of a data breach is rising even faster.

4. The Human Element

The term social engineering is typically applied to the input side of security threats, such as the use of phishing attacks on employees to gain access to networks. However, experts and IT professionals are beginning to apply the concept to cybercriminals’ main objective of damaging an organization’s brand or reputation.

The Sony breach of 2014 foreshadowed a world of brand targeting, and some experts expect this cybercrime incentive to come of age in 2017. This new form of mass social engineering is often powered by traditional user errors and oversights, such as hasty clicks or weak passwords. As the human factor becomes a primary target, organizations must build network environments that encourage safe behaviors and discourage risky ones.

Download the Ponemon Institute 2016 Global Cost of a Data Breach Study

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today