As global cyber security attacks intensify and attackers continue to grow in sophistication, the industry faces increasing challenges in the years ahead. Following are some of my predictions on what we can expect to see in the cyber security protection landscape in 2017—both in terms of industry trends and rising threats:
Cyber Security Solutions:
We will see a continued move towards the convergence of platforms. Organizations want to buy platforms that offer five or six things at once rather than buying five or six different products. Particularly in endpoint security, we will see the convergence of forensics, EDR, EPP and user behavior analytics as they all tie together into one platform.
IoT & Patching: IoT will continue to be a part of the threat conversation, but fundamentally there will be a massive change in the risks associated with the devices—it won’t be about cyber security protection, it will be about patching. In 2016 we saw threats mostly from a DDoS perspective, but the real risks aren’t coming to fruition yet. The inability to quickly update something, such as your home thermostat, is where we will see the challenges. It’s not about malware getting on the devices, rather the focus will need to be on the ability to remediate the issue. Like we saw with Windows seven to 10 years ago, there will be a slew of vulnerabilities, but unlike with a computer, patching won’t be as easy with IoT devices. It’s common to be unable to perform firmware upgrades remotely, and even if the IoT manufacturer does officially support remote management, updates too often brick the device. For that reason, many IoT vendors discourage firmware updates unless they’re absolutely required. Unsurprisingly, that can lead to massive security issues.
Specialization Hurts Security: While attackers will increase in sophistication, customers will not. Security is getting more complex, as the industry is getting more specialized. Corporations are hiring IT staff who have specialized experience, but do not have broad-reaching knowledge about various security platforms, tools and threats. Thus, if an attack comes in that doesn’t fall into the staff’s area of expertise, then they will not be able to detect and prevent it against it.
Increase in Monitoring: Too often we’re seeing organizations buy technologies that block and prevent, and because they are strapped for budget and resources, they don’t have time to analyze the copious amounts of critical data. That significantly reduces the organization’s ability to lower risk and gives a false sense of security. In 2017, I hope to see a shift where organizations are building resources and skillsets internally (or outsourcing) focused on analyzing how things are happening daily (e.g. looking at incident response and analytics) not just when breached. More time and effort spent on monitoring and understanding will result in identifying more trends, anomalies, etc. and ultimately better prevent incidents before they happen.