January 9, 2017 By Rick M Robinson 2 min read

The security landscape is constantly evolving and will continue to evolve in 2017. Long-standing security threats will take on new dimensions. Social engineering, for example, will become an output as well as an input. At the same time, the Internet of Things (IoT) continues to open new threat vectors.

Top Four Security Threats of 2017

The new year will certainly bring its share of security surprises. CIO identified four security threats that deserve particular attention as we head into 2017: the hyperconnectivity of the IoT, the role of cybercrime-as-a-service in powering global crime syndicates, the ongoing challenge of meeting regulatory and legal compliance standards and the rise of attacks aimed at brand reputation.

1. Hyperconnectivity Hazards

The first two of these challenges are broadly technology-driven. Both hyperconnectivity and the IoT arise specifically out of technology progress. With the proliferation of personal mobile devices, we are more richly cross-connected through the web than ever before, which means more potential points of entry for attackers.

This connectivity is extending into domains that were previously offline, creating new types of vulnerabilities that are still poorly understood. Pervasive threats are coming from all directions. This calls for a new and proactive way of thinking about security.

2. Cybercrime-as-a-Service

The rise of cybercrime-as-a-service is also reshaping security threats. Connectivity and computing power have made cloud-based service offerings a key component of the legitimate cyber economy.

Unfortunately, these same capabilities are being harnessed by criminal syndicates, giving rise to an ever more sophisticated cybercrime ecosystem. In effect, online burglars no longer need to painstakingly fashion their own lockpicks. Instead, they can obtain sophisticated burglary tools as a service.

3. Compliance Complications

Unlike these technology-driven changes, regulatory compliance challenges are nothing new, merely an ongoing complication of security life. But this is a blinkered view. While individual regulations can always be debated, the compliance environment broadly reflects precisely the growing connectivity that technology is driving.

Security and privacy are at risk in a growing number of ways and in a growing number of domains. Compliance requirements embody an effort to build shared protection standards, which are all the more necessary in an age of hyperconnectivity. Compliance isn’t just about rules — it’s about protection.

It’s critical for IT managers to know where their organizations store sensitive personal information at every stage of the life cycle to protect it. While noncompliance fines are getting stiffer, the cost of a data breach is rising even faster.

4. The Human Element

The term social engineering is typically applied to the input side of security threats, such as the use of phishing attacks on employees to gain access to networks. However, experts and IT professionals are beginning to apply the concept to cybercriminals’ main objective of damaging an organization’s brand or reputation.

The Sony breach of 2014 foreshadowed a world of brand targeting, and some experts expect this cybercrime incentive to come of age in 2017. This new form of mass social engineering is often powered by traditional user errors and oversights, such as hasty clicks or weak passwords. As the human factor becomes a primary target, organizations must build network environments that encourage safe behaviors and discourage risky ones.

Download the Ponemon Institute 2016 Global Cost of a Data Breach Study

More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today