We haven’t even finished the first quarter of 2017, and already one publication is calling this the worst year ever for hacks and data breaches. A Benzinga article highlighted major security incidents that have been reported so far this year, including McDonald’s Twitter account (although, oddly, the story did not mention the larger Twitter hack) and the Saks Fifth Avenue breach.
The problem is that these data breaches all show that we still tend to be reactive rather than proactive when it comes to security incidents. Even if we think we know what’s coming, we still aren’t really prepared for it. Our security systems are often built to focus on known attack methods, not for future threats.
The Information Security Forum (ISF) recently released its Threat Horizon 2019 report in order to provide a blueprint of sorts for those future threats. The report looks at nine major threats and breaks down what we can expect to see in another two years.
One thing I think we can all anticipate is an even more inter-connected world, and with that, an even higher risk of hacking incidents. That right there raises the stakes of our cybersecurity system. To address the security concerns, the ISF report emphasized three key themes:
- Disruption: From an over reliance on fragile connectivity requiring a seismic shift in the way business continuity is planned, practiced and implemented.
- Distortion: As trust in the integrity of information is lost, the monitoring of access and changes to sensitive information will become critical as will the development of complex incident management procedures.
- Deterioration: When controls are eroded by regulations and technology, bringing a heightened focus on risk assessment and management in the light of regulatory changes and the increased prevalence of artificial intelligence in everyday technology.
As Steve Durbin, managing director of ISF, said in a formal statement:
Traditional business models will certainly be disrupted over the next two years, forcing business leaders to develop cutting-edge trading models while dealing with new regulation, advanced technology and distorted information. Moving forward, organizations must prepare themselves for unprecedented levels of collaboration. Legal, compliance, audit, HR, IT, information security and other stakeholders must congregate to assess risks and inform the decision-making process.
It's clear that we need some sort of guideline to help push the way we think about security and what exactly we’re securing. That’s why I liked the proposal made by Carl Herberger in an article for The Hill. He thinks it is time for a Cybersecurity Bill of Rights that would protect our privacy as technology continues to develop and our worlds become more connected. He wrote:
The top challenge in this new time isn’t preventing data breaches, stamping out ransomware, or preventing ever-more-massive DDoS attacks, though those are all problems that need solving. The most important challenge is addressing cybersecurity problems that threaten the big questions of humanity itself.
Interesting thoughts about where we are and where we’re going in terms of security. As Durbin wisely stated:
An organization that is well informed about emerging technologies and corresponding threats will be best placed to make winning decisions. The key differentiating factor will be the degree to which organizations are prepared to meet the challenges of a fully connected society.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba