On top of natural disasters like hurricanes, earthquakes and wildfires, 2017 has seen its share of digital disasters in the form of cyber attacks across the globe. As companies store more data online, and the number of devices connected to the internet keeps increasing, cyber security will become increasingly vital to everyone’s safety. Below is a look at the challenges and innovations that IT professionals have to look forward to in 2018 and beyond.
Changes and Trends in the Threat Landscape
Two of the biggest areas that require extra attention are cloud computing and the internet of things, or IoT. The IoT includes the growing list of connected devices like smart thermostats, smart aquariums and smart light bulbs. Such electronics often come with security vulnerabilities that leave networks open to exploitation from hackers. For instance, hackers discovered a man-in-the-middle vulnerability in a smart refrigerator back in 2015 that granted them access to users’ gmail accounts.
Once an IoT device gets synced with a laptop, smartphone or tablet, all of the data on those machines can be compromised. Unfortunately, many of the IoT devices being manufactured today rely on cheap electronics that are incapable of supporting the security protocols that have become standard in other mobile devices. Even if a product is designed to meet the latest security standards, most IoT devices aren’t set up to receive automatic updates, so they remain vulnerable to new types of malware.
Most security breaches are financially motivated, but hackers could use IoT devices with cameras or GPS systems to stalk or spy on users. Cyber terrorism also poses a threat to all humanity since successful attacks on power grids could have deadly consequences if hospitals, subways and other public services get disrupted. Even malware solely intended to exploit people for money can have devastating repercussions. For example, earlier this year the WannaCry virus crippled computers at hospitals and government facilities from the U.K. to eastern Russia. Such attacks will likely become more common over the next decade as hackers find new ways to infiltrate networks.
Leading Prevention Technologies Against Cyber Attacks Targeting IoT
Improving IoT security shouldn’t be that difficult. Below are a few security solutions that devices with limited hardware capabilities can support:
- Secure boot and secure firmware updates, which use cryptographic code signing to make sure devices only run code from trusted parties
- Secure communication protocols such as TLS, DTLS, and IPSec, which add data-in-transit protection
- PKI providers, which facilitate certificate-based user authentication
- Smart firewalls and intrusion detection systems, which provide an extra layer of protection for all IoT devices on a network
In addition to securing communications with other devices, developers must also do a better job of encrypting data at rest in case devices get lost or stolen.
The Most Overlooked Area of Cyber Security
IT security skills are already in high demand, and the need for new IT professionals will continue to increase with the digital transformation. Unfortunately, there may not be enough talent to fill all of the new job openings. Various reports estimate that up to 3.5 million IT security jobs will be unfilled in 2021 due to a severe talent shortage.
Government agencies and business leaders must partner together to recruit more young IT professionals, and universities will need to expand their curricula as data governance and AI technologies become more embedded into the fabric of society. Corporations and governments around the world will vie for the top talent, so the labour shortage is great news for IT-inclined students seeking high salaries and long term job security.
Main Security Challenges in Digital Transformation
Cloud computing is paving the way for the digital transformation, but the road ahead will be bumpy. Since users are storing more and more data online, the stakes of internet security are now higher than ever. Since all IoT devices rely on cloud technology, businesses should develop policies for employees who want to sync their devices with company servers to protect client data.
Unfortunately, the research firm Gartner has identified a disturbing gap between the rise of IoT attacks and the lack of financial resources companies have dedicated to preventing and mitigating those attacks. About a quarter of enterprise attacks over the next three years will target IoT devices, yet IoT protection only makes up about 10 percent of most IT security budgets.
According to Gartner, 99 percent of cyber attacks are preventable. Once a vulnerability is discovered, hackers will keep exploiting it as long as it works, so companies need to get better at addressing known vulnerabilities. Gartner also predicts that a third of attacks on businesses over the next two years will target shadow IT resources. Since employees aren’t going to stop bringing their gadgets to work, companies should focus on encouraging workers to take precaution when using devices that aren’t supported by the in-house IT team.
By the end of 2018, Gartner projects that 20 percent of organizations will invest in data security governance programs to address cloud security issues. The cyber insurance industry is likewise posed to see a big boom next year. Passwords could soon start disappearing from the workplace as organizations continue to embrace solutions like IDaaS and biometric recognition technologies. Meanwhile, DevOps teams will increasingly embrace technologies like runtime application self-protection and interactive application security testing.
The responsibility to protect consumer data shouldn’t fall solely on businesses; cloud providers will have to step up their efforts as well. By the end of 2020, secure web gateway and web application firewall solutions should become standard in cloud-based access security broker software packages.
Just as they do today, people will continue favouring usability over security, so IT teams must remain vigilant. In the years ahead, the IT community and society as a whole needs to have more serious conversations about acceptable levels of risk. In the meantime, everyone is encouraged to beef up their security efforts.
Staying Cyber Safe Beyond 2018
Rather than maintaining a defensive approach to cyber security, the IT teams of the future
could use artificial intelligence to predict threats before they arise. Of course, that scenario would come with its own set of risks. Every technological improvement brings potential drawbacks, which is why we need more people who can comprehend the complex ins-and-outs of internet security.