At the annual RSA conference, there were plenty of discussions and presentations on the evolving cybersecurity threat landscape, including application security issues, the internet of things (IoT) and data analytics. While conversations circling the exhibition floor touched on all cybersecurity niches, there were a few themes that emerged as the most pressing for enterprises and their IT security teams in 2017.
According to new research conducted by Juniper, the number of IoT devices available on the market will reach more than 15 billion units by 2021. Rapid adoption is being propelled by the numerous benefits IoT devices present to enterprises, including the optimization of processes and increased business agility. That said, it’s no surprise IoT security was a popular topic at this year’s RSA Conference.
Many experts presenting at the conference predicted that IoT will become a major threat to enterprises in the year to come. There is a valid concern about IoT devices increasing the attack surface for organizations. Many individuals are now calling for more stringent Government regulations to enforce security, while others feel these ‘regulations’ should come from the industry itself. In fact, some experts think more members of the security community need to hack and test devices to help improve overall security posture.
As the debate between security and novelty rages on, it’s obvious IoT isn’t going away anytime soon, and neither will the ongoing attacks surrounding it. When looking ahead at future IoT discussions, it will be important to consider compliance and data sovereignty of the data being captured.
Blocking access to key systems or data until the victim pays a ransom is more prevalent than ever before, and as long as these attacks remain profitable, ransomware shows no sign of declining. With lower ROI on stolen patient records due to a surplus available on the black market, hackers are now seeking more profitable channels of attack. According to a recent report by the CyberEdge group, more than 60 percent of organizations suffered from some form of ransomware attack in 2016. So, what’s in store this year?
When it comes to this aggressive cyberattack, most experts agree that “you ain’t seen nothing yet.” As criminals continue to perfect this attack method and turn to ransomware to stay profitable, we can expect to see a significant increase in the number of attacks and an increase in the ransom demands— especially as cyber criminals begin to penetrate organizations at a deeper level. Overall, criminals are becoming smarter and faster than IT teams who are attempting to close the ransomware door.
There was a big push by many new vendors to position data analytics as the answer to all security problems and demonstrate ways analytics can prevent Malware and security threats. Several startups showed how they analyze and report on threats, but many struggled to show how they make sense of the volume of security threats and alerts created every day.
There was also a surprising amount of vendors claiming they could completely fix all security issues, rather than demonstrating ways they are a part of the larger, overall solution. Because cybersecurity spans across so many areas, it’s hard to believe one vendor will provide all the services your enterprise needs to keep precious data safe, secure, and out of the hands of vicious hackers.
While there were many productive, forward-thinking conversations on cybersecurity, the evolving threat-landscape, and emerging trends within the space, there were limited discussions on Big Data and artificial intelligence (AI). Given the massive amounts of data being collected through Big Data initiatives and IoT, the one thing panelists and experts alike failed to address was how AI can play a key role in securing the enterprise.
As far as data sovereignty issues the industry will face as we collect personally identifiable information (PII) and protected health information (PHI), there were hardly any sessions or conversations on best practices or ways to prepare. Upcoming regulations like the General Data Protection Regulation (GDPR) and the EU-U.S. Privacy Shield will have a major impact on U.S.-based companies doing business overseas, no matter their size or location.
From a legislative standpoint, knowing where your data resides will be critical as these new data privacy rules are implemented. The ability to control access to data and achieve regulatory compliance will heavily depend on the data’s location. This can be especially challenging for a number of organizations because most systems cannot comprehend the concept of data location being a business-related decision, especially cloud-based systems. Furthermore, the definition of ‘data location’ for regulatory compliance varies from region to region. So, companies will be need to be hyper-aware of where they’re collecting data, where their data resides and the regulations governing those geographies.
Since there was little conversation on the regulations governing data itself, it’s important enterprises not only keep both their on-premise and cloud devices protected, but they must also recognize regulations governing the areas of the world in which their data flows. Security teams will surely have their hands full throughout 2017 as they try to keep up with the changing threat and regulatory landscapes.
Daren Glenister, Field CTO, Synchronoss
