The threat landscape impacting businesses and organizations of all kinds today is constantly changing. It seems every few months a new major security risk emerges that requires firms to be on their guard. While it can sometimes be difficult to keep up with such a dynamic and uncertain environment, there are strategies company leaders can leverage to better protect their corporate data and the sensitive information of their clients.
One of the best approaches to take here is to heed the predictions of industry experts. With this in mind, let’s examine some of the forecasts for the upcoming year and how enterprises and agencies can prepare themselves.
Here are the top security risks to watch for next year:
1) An increase in costly security breaches
According to a recent PricewaterhouseCoopers survey, there was a considerable rise in the number of security-related events in 2014. Researchers found that survey respondents experienced a total of 42.8 million incidents, representing a 48 percent increase when compared to last year. This is a 66 percent compound annual growth rate, a considerable rise that outpaces both the global GDP and the number of smartphone users across the globe combined.
What’s more is that these events are not only happening more frequently, but are more costly for the victim organization as well. This year, firms noted $20 million in financial damage coming as a result of a security incident. Overall, this is a 92 percent increase in breach cost over last year.
“Cyber risks will never be completely eliminated,” PWC stated. “Today, organizations must remain vigilant and agile in the face of a continually evolving threat landscape.”
According to a recent Trend Micro report. there will be at least once major security breach each month moving forward.
“Cybercriminals will learn more from each successful incident and craft new and better means to monetize stolen data,” the report authors stated. “Information will continue to be a lucrative profit source for cybercriminals and an espionage or sabotage gold mine for threat actors.”
2) Persistent targeting of the mobile platform
Although by now BYOD is nothing new for the vast majority of enterprises, iBeta contributor Mike Stark noted that the threats to this platform aren’t going anywhere anytime soon. As more users leverage their smartphones, tablets and laptops for corporate and other sensitive purposes, mobile becomes an increasingly attractive target for cybercriminals seeking to steal privileged information for fraud.
This will continue into next year, especially as the number of devices will only grow, reaching 50 billion across the globe by 2019, according to Intel. In addition, studies show that many mobile applications and systems are not as safe as they could be. In fact, researchers from the University of California, Riverside’s Bourns College of Engineering were able to hack several popular programs including email and banking apps with an 82 to 92 percent success rate.
Furthermore, the Trend Micro report predicted that basic two-step authentication will no longer be effective to prevent certain attacks. For instance, the report noted that malware include the PERKEL sample are able to intercept mobile messages, thereby providing access to the single-use code leveraged in the two-factor authentication process. As such, Trend Micro predicts an increase in man-in-the-middle attacks carried out via the mobile platform.
Enterprise leaders will need to maintain their focus on mobile security and leverage an overarching BYOD policy that defines proper use and the consequences of failing to follow the guidelines. In addition, extra protection measures like encryption, authentication credentials and remote device wiping can also help prevent unauthorized access to the mobile platform. Gartner also suggested including antivirus and other network-level protections to ensure that BYOD devices can safely connect.
3) Continued focus on cloud security
Reporting on Gartner’s Security and Risk Management Summit, Verizon Enterprise contributor George Koroneos noted that businesses should also maintain their focus on cloud security. Similar to the mobile platform, cloud systems will continue to be a valuable target for cybercriminals. Corporations should leverage protections like cloud encryption, individual usernames and passwords and overarching network management techniques to ensure the safety of the information stored in these systems. Overall, Gartner predicted that by the end of next year, 10 percent of all enterprise security will be provided via the cloud.
4) Insider threats
Although one usually thinks of an attack coming from a malicious hacker outside of the organization, business leaders should also protect against insider threats as well. A recent Verizon report discovered a rise in security incidents involving company insiders driven mainly by an increased focus on such threats resulting in more being uncovered. Administrators should continue their watch for malicious insiders, as well as employees who may be putting information at risk without realizing it. Proper network and access management can help ensure that insider threats – whether purposeful or accidental – are mitigated and resolved.
Overall, preparing for these threats can help ensure that the business is ready for the emerging threats that make up today’s continually shifting risk landscape.