We are in the midst of an era of significant data breaches, but what cyber threats should organizations prepare for in 2017? A new white paper from TÜV Rheinland and OpenSky discusses what threats to anticipate over the next 12 months and how organizations can protect themselves today and safeguard for the future.
The “Cyber Security Trends of 2017” white paper reflects the assessment of current developments from cybersecurity experts in North America, Europe, and India, the Middle East, and Africa.
“The amount and availability of sensitive information about people and connected systems will inevitably lead to increased pressure to update legacy cyber security risk strategies to the new attack surface,” TÜV Rheinland Executive Vice President Information and Communication Technology Frank Luzsicza said.
Key findings from the report include:
The force of attacks is increasing. Who is responsible?
Cyber attacks are expected to occur with increased strength—which raises questions regarding the protection of networked devices, IT/OT networks, and connected infrastructures. Who is responsible when cybersecurity measures are not sufficient? Should organizations tighten their requirements and governance controls?
The Internet of Things (IoT) requires mandatory security standards
The need to protect consumer privacy is increasingly urgent as smart devices become more popular.
Manufacturers of networked devices will need to introduce higher security standards to protect consumer privacy. Voluntary or mandatory cybersecurity verification and certification for IoT devices before products are launched to the market will become more likely.
2017—the year of cloud security solutions
Customer sensitivity to integrated cloud services and IT network security is increasing. Security solutions that monitor network traffic between cloud service clients and cloud service providers are in high demand. Furthermore, the cloud increasingly becomes the source for security solutions including real-time security analysis, detection of anomalies by artificial intelligence (machine learning), and security data analytics managed services and incident response advisory services.
The perfect couple—identity access management and the cloud
Identity access management and the cloud are becoming the new organizational perimeter. Cloud strategies are expected to become closely intertwined with law, access, and password management. The result is consistent user and authorizations management, using roles in addition to a secure and user-friendly authentication.
Preferred targets: Patient records and medical devices
The healthcare sector is expected to be a main target in 2017. Medical facilities will need to address concerns surrounding strengthened protection of networked medical devices and sensitive patient data. As data protection requirements in Europe continue to tighten, medical device manufacturers will continue to enlist independent third parties for security audits.
Managed security services: You won´t protect your organization without them
Many organizations continue to view subcontracting cybersecurity to external partners with a sense of caution. In light of a continuing lack of talent, trust in competent cybersecurity partners to protect organizations will become an important factor. This can partly be attributed to the growing number of internal offenders.
Industry 4.0: Integrating functional safety and cybersecurity
Unauthorized access exposes industry systems and critical infrastructures to safety and security risks more than ever. As IT is an essential part of manufacturing, functional safety and cybersecurity will need to collaborate to secure data exchange, and ensure availability and reliability of networked systems. Networked industry (industry 4.0) organizations in particular will need to consider the safety and security of their products across the entire lifecycle, while continuously monitoring for potential risks.
Key factor endpoint security
Terminal devices—such as servers, laptops, mobile phones, tablets, and desktop computers—are some of the easiest gateways for attackers to target. Solutions limited to filtering suspected malicious content—such as anti-virus and anti-malware—at the endpoint will not suffice, regardless of how intelligent they claim to be. Gaining visibility into real-time threats by monitoring and correlating with other events across the enterprise will offer superior protection against potential attacks.
The end of the silo mentality? Enterprise governance risk and compliance (eGRC) and IT governance risk and compliance (IT GRC) are coming together
The integrated view of IT and business risks not only improves regulatory reporting—it facilitates an unbiased view of actual risk exposure and the protected organization’s values. Integrating eGRC and IT GRC enables management to achieve a higher decision quality. These tactics are vital when considering tightening legal requirements—such as the EU data protection basic regulation—and the protection of intellectual property.
TÜV Rheinland and OpenSky believe senior management have a key role to play to secure their organizations from internal and external threats.
“Cybersecurity must be part of each business case and cannot be viewed only as a pure cost driver,” OpenSky President Tom Hazen said. “Ideally, cybersecurity becomes a risk consultation and also a business enabler.”
Click here for more information about the “Cyber Security Trends 2017” white paper.