Over the years, IT has played an important role in redefining business and society thanks to advancements in technology.
Parallel to the progress, the threat landscape also expanded, forcing enterprises to increase cyber security spending.
Studies suggest that the situation is set to escalate and businesses need to prepare for the unknown.
Independent information security body Information Security Forum (ISF) says there are four major information security threats, which businesses need to overlook.
These include:
# The Internet of Things (IoT) adds unmanaged risks
# Crime syndicates take a quantum leap
# Government and regulators won’t do it for you
# The role of the end user – the weakest or strongest link in the security chain
# The Internet of Things (IoT) adds unmanaged risks
We know that IoT plays a key role in global smart city projects. As IoT becomes more popular, we will see a surge in connected devices around us, which need not secure. Therefore, chances for privacy concerns and data breaches are higher.
To defend it, the forum suggests IoT device manufacturers should encourage to include some security into their products.
Crime syndicates take a quantum leap
ISF Managing Director Steve Durbin says criminal syndicates have been operating like start-ups since some years.
This year, the forum predicts that criminal syndicates will further develop complex hierarchies, partnerships and collaborations that mimic large private sector organizations.
According to ISF, organisations will struggle to keep pace with this increased sophistication and the impact will extend worldwide.
Rogue governments will continue to exploit this situation and the resulting cyber incidents in this year will be more persistent and damaging than organisations have experienced previously, leading to business disruption and loss of trust in existing security controls.
The forum also notes that emerging markets will be hit the hardest, particularly where newly connected organisations are novices with online security.
Stringent regulation
Further, ISF says that the number of data breaches will grow this year along with the volume of compromised records. Such situations will definitely be expensive for organisations of all sizes.
Public opinion will pressure governments around the world to introduce tighter data protection legislation, bringing new and unforeseen costs.
Europe has already started reform in the form of the EU General Data Protection Regulation (GDP) and the already-in-effect Network Information Security Directive.
International regulations will create new compliance headaches for organisations while doing little to deter attackers.
The end user
This year, the forum says that organisations need to shift their focus from promoting awareness of the security problem to creating solutions and embedding information security behaviours that mitigate risks.
People are end user in any business and organisations understand people as their biggest asset. Instead of merely making people aware of their information security responsibilities, and how they should respond, the answer for businesses of all sizes is to embed positive information security behaviours that will result in “stop and think” behaviour and habits that become part of an organisation’s information security culture.
Other predictions
Sophos predicts that destructive DDoS IoT attacks will rise this year and attackers will move their focus to targeted social attacks from exploitation.
Further, financial infrastructure would be at great risk of attack as the use of targeted phishing and whaling continues to grow.
Besides, Internet’s inherently insecure infrastructure will be exploited as all internet users rely on ancient foundational protocols.
Sophos also foresee an increase in complexity of cyber attacks and attacks using built-in admin languages and tools.
Security As-a-service
While ISF gave us a picture of threat landscape, Persistence Market Research predicts that global security-as-a-service market will grow at a CAGR of 17.1 percent during 2016-2026.
SaaS growth would be driven largely by telecom and IT. Besides, healthcare, retail and consumer goods, and BFSI also boost increase.
The research firm says that protection of electronic transactions has necessitated the need for amalgamating a Security-as-a-service business model.
A Gartner report showed that organisations are increasingly taking preventive approach because they understand how expensive attacks are.
But, surprisingly, organizations spend just an average of 5.6 percent of the overall IT budget on security and risk management.
According to Gartner, most companies will continue to misuse average IT security spending figures as a substitute for assessing security posture, at least until 2020.
Arya MM
