In spite of all the concern about cybersecurity, it's odd that many IT security stakeholders only take note of the noisiest of attacks and don't understand the concept of IT security as a whole. With each transformative technology, right from cloud computing to IoT, come newer IT security risks. For instance, in 2016, the Mirai IoT botnet was used to disrupt the services of several websites, resulting in significant connectivity problems across the globe.
What we explained above is just one example of how cybersecurity is changing, much at the same pace as any aspect of enterprise technology. What follows is the premise that CIOs, CISOs, data officers, and IT security experts need to be aware of all kinds of cybersecurity issues, to be able to develop and implement future ready cyber security strategies.
IT security stakeholders must be aware of every security threat
By 2020, the enterprise IT security ecosystem will witness a scenario where 99 percent of the cyberattacks will be a result of vulnerabilities that IT security experts would already be aware of for more than a year. This has two implications for CIOs and anybody associated with strategic cybersecurity planning. First, IT security experts would do well to take quick action on known vulnerabilities, to plug gaps, and prevent a massive proportion of possible breaches from occurring. Second, security experts can actually envisage this as an opportunity, because remedying known problems is easier than waiting for unknown risks to hit hard and wreak havoc with their enterprise IT systems.
Shadow IT – and the need for CIOs to embrace it
Shadow IT is increasingly becoming a reality for enterprises. Whereas concepts such as local tools, open-source solutions, online tools, and unlicensed tools on end-user devices are enabling enterprises to get more done out of their IT resources, this also leaves the enterprise more open to attacks that cybercriminals can exploit. A strategic stance that many organizations are already adopting is to become open and acknowledge shadow IT, engendering a culture of acceptance and protection, instead of detection and punishment.
Exposure of public cloud to data leaks
With so much of enterprise data residing on public clouds, cybercriminals know where to focus their attention. This risk can be mitigated by developing strong data security and data governance policies, and implementing them across the organization. By 2018, more than 20 percent of enterprises are expected to implement sophisticated data governance practices in their IT operations. Identification of data-security policy gaps, action plans to mitigate them, and entering into cyber-insurance talks with insurers - all these will gather increasing prominence as more cases of data loss from public clouds come to light.
IoT and the massive risk of DDoS attacks
The Internet of Things will be a mainstream enterprise IT component in the next five years. Whereas the productivity and enablement promise is huge, the accompanying IT security threats can't be ignored. For starters, the level and frequency of end-user interaction with IoT components will be huge, resulting in more probability of user errors and carelessness-related data breaches. Second, IoT DDoS attacks will become a menace, as rogue elements will always be on the lookout for vulnerabilities in the thousands of enterprise IoT devices, with intent on accessing enterprise networks, and manipulating the devices on the network.
Weak state of IoT device-authentication standards
Another IoT-related risk for enterprises stems from the fact that manufacturers have not been able to handle threats related to weak authentication protocols. As IoT becomes a key component of enterprise infrastructure, CIOs will need to keep an eye on evolving authentication standards, identity-assurance protocols, and will need to develop metrics that help IoT devices in terms of their security readiness and cyberattack preparedness.
Ransomware: Even small businesses are not off the radar
Ransomware is not “lesser known,” by any means. However, it deserves its place in any list of top enterprise IT security concerns for the future. That’s particularly true in the light of events witnessed throughout 2015 and 2016. Ransomware attacks on health organizations have been reported from across the globe, and new ones seem to crop up almost every week. The range, sophistication, and nature of ransomware attacks are getting larger. Recently, a ransomware called Popcorn Time gave victims the option of spreading the ransomware to two more systems as an alternative of paying up. Financial firms of all scales and sizes are increasingly in the crosshairs of ransomware. Across the globe, rogue groups are becoming a part of the ransomware nexus, which has caused billions of dollars in damage.
Understanding the changing state of ‘password-protection’
The “password” is too well-ingrained in the whole idea of IT security that it won’t be completely replaced by different forms of authentication. Enterprises would do well to be consciously on the lookout for options of embracing newer technologies in medium-risk use cases. Vendors can offer better user-recognition options based on analytics, biometrics, and multifactor authentications to deliver better user experiences and IT security around password-protected accesses.
Business email compromise is sticking around
Unfortunately, email-based ransomware, malware, and virus infections remain rampant as ever, in spite of being among the oldest methods of cyberattacks against individuals and organizations. The average payout of a successful business email compromise (BEC) attack is close to $140,000. BEC's simplicity continues to make it a lucrative cyberattack option for criminals. Specifically, BEC targets enterprises, CEOs, department directors, and high-profile individuals. It's estimated that BEC resulted in a total loss of $3 billion over the past two years.
With due diligence, insight, and the will to keep track of the latest threats from the world of cybersecurity, CIOs and IT security experts can contribute in securing the future for their organizations.