The security landscape is constantly evolving and will continue to evolve in 2017. Long-standing security threats will take on new dimensions. Social engineering, for example, will become an output as well as an input. At the same time, the Internet of Things (IoT) continues to open new threat vectors.
Top Four Security Threats of 2017
The new year will certainly bring its share of security surprises. CIO identified four security threats that deserve particular attention as we head into 2017: the hyperconnectivity of the IoT, the role of cybercrime-as-a-service in powering global crime syndicates, the ongoing challenge of meeting regulatory and legal compliance standards and the rise of attacks aimed at brand reputation.
1. Hyperconnectivity Hazards
The first two of these challenges are broadly technology-driven. Both hyperconnectivity and the IoT arise specifically out of technology progress. With the proliferation of personal mobile devices, we are more richly cross-connected through the web than ever before, which means more potential points of entry for attackers.
This connectivity is extending into domains that were previously offline, creating new types of vulnerabilities that are still poorly understood. Pervasive threats are coming from all directions. This calls for a new and proactive way of thinking about security.
The rise of cybercrime-as-a-service is also reshaping security threats. Connectivity and computing power have made cloud-based service offerings a key component of the legitimate cyber economy.
Unfortunately, these same capabilities are being harnessed by criminal syndicates, giving rise to an ever more sophisticated cybercrime ecosystem. In effect, online burglars no longer need to painstakingly fashion their own lockpicks. Instead, they can obtain sophisticated burglary tools as a service.
3. Compliance Complications
Unlike these technology-driven changes, regulatory compliance challenges are nothing new, merely an ongoing complication of security life. But this is a blinkered view. While individual regulations can always be debated, the compliance environment broadly reflects precisely the growing connectivity that technology is driving.
Security and privacy are at risk in a growing number of ways and in a growing number of domains. Compliance requirements embody an effort to build shared protection standards, which are all the more necessary in an age of hyperconnectivity. Compliance isn’t just about rules — it’s about protection.
It’s critical for IT managers to know where their organizations store sensitive personal information at every stage of the life cycle to protect it. While noncompliance fines are getting stiffer, the cost of a data breach is rising even faster.
4. The Human Element
The term social engineering is typically applied to the input side of security threats, such as the use of phishing attacks on employees to gain access to networks. However, experts and IT professionals are beginning to apply the concept to cybercriminals’ main objective of damaging an organization’s brand or reputation.
The Sony breach of 2014 foreshadowed a world of brand targeting, and some experts expect this cybercrime incentive to come of age in 2017. This new form of mass social engineering is often powered by traditional user errors and oversights, such as hasty clicks or weak passwords. As the human factor becomes a primary target, organizations must build network environments that encourage safe behaviors and discourage risky ones.