Organizations wanting to protect their data and users in 2018 need an understanding of the cyberthreats they’re likely to face. In a recent webinar
, Joseph Blankenship, senior analyst serving security and risk professionals at Forrester, joined us to discuss the 2017 threat landscape trends and what cybersecurity professionals should do to prepare for the new year.
Lessons Learned From 2017
- Breaches will continue to be common and consequential. Despite having stronger and smarter protections available, companies are still under attack from highly sophisticated and highly motivated hackers.
- A lack of security expertise is part of the problem. Staffing shortages in cybersecurity are only going to accelerate, and the lack of available professionals will make cybercrime even harder to defend against.
- Security automation and orchestration are essential. As the burden of cybersecurity grows, the only way to marshal the necessary resources will be through the systematic use of smart technologies.
Expectations for 2018
While 2017 offers us a blueprint for 2018, crafting the strongest and most comprehensive cybersecurity strategy possible means being aware of how the landscape has evolved. Those companies that understand the evolutions most salient to their practices will be the ones able to respond appropriately:
1. Email Risks Aren’t Going to Go Away.
Email continues to be one of the most vulnerable attack vectors because it’s relatively easy to exploit and the average inbox is overflowing with valuable information. Deflecting the threats to the inbox must be a top priority, as organizations accept the fact that a breach is likely and thus take proactive steps to make data as inaccessible as possible.
2. Internet of Things (IoT) Attacks Leading to Ransom Demands.
With the rise of IoT devices throughout offices, hospitals, and manufacturing facilities, a vast spectrum of essential equipment is now vulnerable to attack. Various forms of digital extortion are already on the rise because of this, and the increasing ubiquity and insecurity of IoT devices will make them that much more enticing a target in the coming months.
3. Solutions Creating New Problems.
Point-of-sale (PoS) solutions used to be a common hacking target because they contained credit card numbers. While it’s become more difficult to steal this information from PoS solutions and other enterprise technologies these days, that hasn’t deterred hackers who now seek to disable them and demand ransoms. This leaves companies with the lose-lose scenario of paying the ransom or keeping critical systems offline.
4. Employee Monitoring Becoming a Legal Issue.
Monitoring the digital behavior of employees is an effective way to spot early threats, correct risky behaviors, and eliminate bad actors. When monitoring is used to track performance and productivity, however, it opens companies up to lawsuits from trade unions, work councils, or the employees themselves.
Organizational Best Practices
Such a dynamic cyber landscape means that organizations have to take a number of steps that confront both external and internal threats. This approach should include solutions such as automatic email encryption platforms that are easy to use and implement; message filtering bolstered by machine learning; and defense systems built around your IoT environment that contract for some sort of DDoS service. And when it comes to monitoring and protecting employees, it’s very important to balance protection with privacy, disclosing why you’re monitoring your people and never using security monitoring to gauge performance.
While proactive steps won’t always prevent an attack, they do set an organization up to deal with one effectively and efficiently if that time comes. For a deeper dive into the evolution of cyberthreats and how Zix can help organizations bolster their defenses, watch the archived webinar New Year, New Risks: Cybersecurity Predictions for 2018