With Cybersecurity threats evolving in complexity and extent, enterprises are seeking to continually improve the business and incident response strategies. Read this report to understand the new developments in cybersecurity and key predictions for 2017.Download a Insight
Cyber Security Regulations Will Increase
French: Despite an overall de-regulatory trend, we can expect to see greater regulation in the area of cyber security, particularly when it comes to Internet of Things (IoT) products. Currently, there is little incentive for manufacturers to ensure that their products are not vulnerable to security threats such as a DDoS attack. In fact, many connected devices like smart TVs come with default security settings that can be learned easily. But what if, instead, each device was shipped with a unique password made up of random numbers. Simple, but not easily hackable. We need industry standards and product regulations that can help enforce these practices, and prevent IoT abuse. Utilities, transportation, and health services will also need increasing cyber security regulation.
We Will Witness Bigger Cyber Attacks with Broad Geographical and Monetary Ramifications
Yo: With cyber attacks gaining prominence as a weapon of choice, 2017 will see bigger attacks on a group of facilities or upstream internet service providers, and these attacks will affect a larger geographical area or take down a number of facilities.
Security Testing Will Be Embedded Consistently across All Points of the Software Development Lifecycle
Yo: There will be a greater focus on incorporating specific security processes and assessment models such as the OWASP Software Assurance Maturity Model (SAMM) within the Software Development Lifecycle (SDLC). Security touch points will expand to each phase of the SDLC and become more development methodology agnostic.
Third and Fourth Parties May Be the Biggest Gateways for Targeted Cyber Attacks
Yo: IT vendor risk management continues to be missing from the priority lists of many large organizations. As a result, third and fourth party access to facilities and organizations will prove to be the easiest gateway for a targeted cyber attack.
Ensuring Business Continuity during a Cyber Attack Will Be the #1 Priority for CISOs and CTOs
Yo: It’s no longer a matter of if a cyber attack will occur, but when. CISOs will, therefore, need to invest in better disaster recovery and redundancy mechanisms to ensure that the business is not impacted materially by cyber attacks.
Machine-speed IT, Cyber, and Security Risk Intelligence Will Be Integrated into Human-speed Operational Risk Management
Yo: While IT, security, and cyber processes operate at machine speed, they will increasingly be integrated into the operational risk fabric of the organization through workflows, alerts, and analytics.
A Common Language Will Emerge to Support Risk Intelligence
Yo: As security and cyber processes are aligned with operational risk, business resilience, incident management, and crisis management processes, organizations will build a sustainable, common risk language. This standardized nomenclature will support meaningful dialogue, and drive high-value analytics that, when acted upon, reduce risk.