Biggest Cybersecurity Challenges for 2017
The way people work today is fundamentally different than it used to be. The workplace is dependent on technology, and most companies store their sensitive data in locations that are vulnerable to hackers. In addition, as more devices join the Internet of Things, possible points of attack multiply quickly.
Cyber criminals have adapted to this new normal. They now have more opportunities to do what they do best, and they are taking advantage of every weakness. Even though cybersecurity tools and strategies are always improving, breaches are still occurring on a regular basis and the privacy of our information continues to be questioned.
Improving your cybersecurity isn't as hard as you think.
Threats to Cybersecurity in 2017
To protect your company's sensitive data throughout the coming year, be on the lookout for the following challenges that will characterize cybersecurity in 2017. If you want a head start on dealing with these issues, you can also download our free eBook, 10 Simple Things to Improve Your Company's Cybersecurity Posture.
1. Insider Threats and Human Error
During 2017, one of the greatest threats to security will continue to be human error, particularly with regard to passwords. Despite knowledge of best practices, many people create passwords that are far too simple, and most reuse their passwords on a regular basis. In fact, if you are like the majority, you probably use the same password for at least five different accounts.
Password reuse is an especially concerning issue for businesses, which are more appealing targets than individuals for most cyber criminals. Educating employees about the dangers of password reuse, as well as other common password mistakes, will be helpful in preventing breaches that happen in this way. However, old habits die hard, so this is likely to be an uphill battle for most companies attempting to improve their cybersecurity practices in 2017.
One way to help employees improve password security is to encourage the use of password managers, which are already poised to become more popular this year. These programs help employees to maintain strong, unique passwords for all of their accounts in order to reduce the risk of breaches. Password-strengthening strategies should be used in combination with other cybersecurity best practices.
Ransomware is a type of malicious software that holds access to a system hostage until a specific sum of money is delivered. This software was a serious issue during 2016. In fact, according to the most recent McAfee Labs Threats Report, 2016 is likely to be remembered as the "year of ransomware." Unfortunately, ransomware isn't likely to disappear anytime soon, and it may even get worse this year. As more cyber criminals recognize the benefits of this tactic, the chances of falling victim will continue to increase.
In order to protect against the threat of ransomware, it's important to backup your files regularly and keep your systems as secure as possible. Invest in advanced security technology and instruct all staff members to avoid suspicious links and emails. Although every employee is at risk, employees with high-level security clearances should exercise extra caution.
3. Attacks on IoT Devices
The Internet of Things, or IoT, is evolving continuously and rapidly. IoT devices are in your hands, your home, and your office, simplifying the way you live and work. Unfortunately, this added convenience comes with added vulnerabilities. As more everyday objects become connected the internet, cyber criminals have more ways to attack unsuspecting victims and inflict serious damage. In addition, many of these devices lack proper protection. As a result, you can expect to see more attacks on IoT devices in 2017.
One of the factors that contribute to the vulnerability of IoT devices is the absence of adequate government regulation. As the number of IoT devices continues to grow and the attacks on these devices become more common, you can also expect to see new regulations designed to increase security and protect consumers. Be ready to incorporate these regulations into your cybersecurity strategy in 2017.
4. Increased Focus on Compliance
Organizations have been dealing with the requirements of the Health Information Portability and Accountability Act (HIPAA) for years, and most are able to comply with these laws. However, the government is beginning to lock down other types of information as well. For example, any organization that handles Controlled Unclassified Information, or CUI, while working with the federal government or any of its contractors, must soon comply with the government's requirements for this type of information. NIST Special Publication 800-171 is the standard of reference for this push, and it is currently impacting various industries including public safety, education, and manufacturing.
Enforcement of these rules is already underway, with a compliance deadline of 12/31/17. Many businesses fail to realize how long it takes to understand and act upon these regulations to become fully compliant. If your business handles CUI, you should have already started working on compliance. If you haven't, starting now is better than waiting.
5. Third-party Risk Mitigation
In some cases, a company's data is compromised because of the company's relationship with a third party. For example, in 2016, Target’s customer data was compromised through a vulnerability in a third-party HVAC company. Even though Target took steps to keep its own data secure, the HVAC company's lack of adequate security resulted in a breach that affected Target. This was not an isolated incident. In fact, according to a survey conducted by the Ponemon Institute, 73 percent of companies have seen an increase in the number of cybersecurity incidents involving third parties. Furthermore, since the Target incident occurred, general concern about the possibility of a data breach among management level personnel has grown considerably.
To enhance their cybersecurity in 2017, it will be increasingly important for every organization to work with partners, vendors, and other third parties that have the same level of security as the primary organization. When these third-party companies are not compliant, they present an unknown level of risk to their partners. This issue could shake up every industry from healthcare to manufacturing. In 2017, we are likely to see some business relationships strained or severed because of one party's inadequate security practices.
6. Adoption of Two-Factor Authentication
Ongoing security concerns and overzealous hackers will lead to a more widespread adoption of two-factor authentication in 2017. As more people use mobile devices to access their accounts, vulnerability increases. Other factors leading to an increase in vulnerabilities include the rise of mobile workforces and Bring Your Own Device (BYOD) policies. All of these issues present a new type of challenge for security teams.
Two-factor authentication goes a long way to increase mobile security, and it is likely to grow in popularity in the coming year. Two-factor authentication is already standard on some devices, including Apple iPhones and iPads. Third-party authentication technologies, such as Intel True Key, are also on the rise.
Regardless of your business's size, industry, or goals, cybersecurity is one of your most important concerns. Start 2017 off on the right foot by exploring these 10 cybersecurity tips within your organization today!
We'd also recommend: How Much Does Cybersecurity Cost?