Story image

The top 10 emerging risks in cybersecurity

29 Aug 16

Today’s security professionals battle threats from outside the oragnisation as well as those from their own employees.

That’s the word from Gartner’s John A. Wheeler, following his presentation at the South Africa Reserve Bank Cybersecuirty Conference in Johannesburg, where he presented Gartner’s top ten strategic predictions for security.

Wheeler says the next few years will see a variety of attacks as well as progress in the technologies and processes that prevent them.

“Our predictions focus on how organisations can prepare for future cybersecurity risk while taking appropriate action today,” he explains.

Emerging Risks in Cybersecurity: Gartner’s Top Ten Predictions

1.   Through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.

Recommended Action: Companies should focus on fixing the vulnerabilities they know exist. While these vulnerabilities are easy to ignore, they’re also easier and more inexpensive to fix than to mitigate.

2.   By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.

Recommended Action: Business units deal with the reality of the enterprise and will engage with any tool that helps them do the job. Companies should find a way to track shadow IT, and create a culture of acceptance and protection versus detection and punishment.

3.   By 2018, the need to prevent data breaches from public clouds will drive 20% of organisations to develop data security governance programs.

Recommended Action: Develop an enterprise-wide data security governance (DSG) program. Identify data security policy gaps, develop a roadmap to address the issues and seek cyberinsurance when appropriate.

4.   By 2020, 40% of enterprises engaged in DevOps will secure developed applications by adopting application security self-testing, self-diagnosing and self-protection technologies.

Recommended Action: Adopt Runtime application self protection (RASP) for DevOps. Evaluate less mature vendors and providers for potential security options.

5.   By 2020, 80% of new deals for Cloud Access Security Broker (CASB) technology will be packaged with network firewall, secure web gateway (SWG) and web application firewall (WAF) platforms.

Recommended Action: While concerns exist about customer migration to the cloud and bundling purchases, companies should assess the application deployment roadmap and decide whether investment is justified.

6.   By 2018, enterprises that leverage native mobile containment rather than third-party options will rise from 20% to 60%.

Recommended Action: Experiment and become familiar with native containment solutions. Keep in mind that enterprises with average security requirements should plan to move gradually to native containment.

7.   By 2019, 40% of IDaaS implementations will replace on-premises IAM implementations, up from 10% today.

Recommended Action: Enough limitations have disappeared on Identity as a Service (IDaaS) that companies should start experimenting on small-scale projects. While a clash of regulations could derail the increased implementation, companies should work to recognise the current limitations and benefits.

8.   By 2019, use of passwords and tokens in medium-risk use cases will drop 55%, due to the introduction of recognition technologies.

Recommended Action: Passwords are too entrenched in business practices to disappear completely, but companies should look for products that focus on development of an environment of continuous trust with good user experience. Begin by identifying use cases, and press vendors for biometric and analytic capabilities.

9.   Through 2018, over 50% of IoT device manufacturers will not be able to address threats from weak authentication practices.

Recommended Action: By changing the enterprise architecture, IoT introduces new threats. Early IoT security failures might force the industry towards authentication standards, but companies should identify authentication risks, establish identity assurance requirements, and employ metrics.

10.      By 2020, more than 25% of identified enterprise attacks will involve IoT, though IoT will account for only 10% of IT security budgets.

Recommended Action: As IoT continues to grow, vendors will favor usability over security and IT security practitioners remain unsure of the correct amount of acceptable risk. Companies should assign business ownership of IoT security, focus on vulnerable or unpatchable IoT devices, and increase IoT-focused budget.

How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."