In 2017, the year of cloud security solutions and increased pressure to update legacy cyber security strategies, a change in paradigms is necessary. Cyber security has to be considered a business enabler, and no longer a cost driver.
March 7, 2017. What will be the main themes of cyber security in the next twelve months? One thing is evident: We are in the midst of an era of significant data breaches. Frank Luzsicza, EVP, Information and Communication Technology at TÜV Rheinland, is convinced that “the amount and availability of sensitive information about people and connected systems will inevitably lead to increased pressure to update legacy cyber security risk strategies to the new attack surface”. The Cyber Security Trends of 2017 from TÜV Rheinland and OpenSky provides a deeper examination of these topics. They reflect the assessment of the current developments from its leading cyber security experts in North America, Europe and IMEA regions.
The force of cyber attacks is increasing. Who is responsible?
Additional waves of attack will follow, but there will be an increased strength behind these attacks. This raises central questions about the protection of networked devices, IT/OT networks, and connected infrastructures: Who is responsible when cyber security measures are not sufficient? Do organisations need to further tighten their requirements and governance controls?
IoT requires mandatory security standards
Smart devices are becoming increasingly popular – simultaneously the protection of consumer privacy is becoming more urgent. Manufacturers of networked devices will have to introduce higher security standards. Voluntary or mandatory cyber security verification and certification for IoT devices will become more likely before their market launch.
2017 will be the year of cloud security solutions
Customer sensitivity to integrated cloud services and IT network security is increasing. Security solutions that monitor the network traffic between the cloud service client and the cloud service provider are in increasingly high demand. Furthermore, the cloud becomes increasingly the source for security solutions including real-time security analysis and the detection of anomalies by artificial intelligence (machine learning), but also for security data analytics managed services and incident response advisory services.
The new perfect couple: IAM and the cloud.
IAM and the cloud are becoming the new organizational perimeter. Cloud strategies will be closely interwoven with the fields of law, access and password management. The result is a consistent user and authorizations management, using roles in addition to a secure and user-friendly authentication.
Preferred targets: Patient records and medical devices.
Hackers will target the healthcare sector with increasing frequency in 2017. Medical facilities will need convincing answers to the questions surrounding improved protection of networked medical devices and sensitive patient data. Additionally, as data protection requirements in Europe continue to tighten, manufacturers of medical devices will continue enlisting independent third parties for security audits.
Managed security services: You won´t protect your organisation without them.
Many organisations still view the subcontracting of cyber security to external partners with a critical eye. In light of the continuing lack of talent, trust in competent cyber security partners will become one of the most important success factors to protecting organizations, due in part to the growing number of internal offenders.
Industry 4.0: Integrating functional safety and cyber security
Now more than ever, the unauthorised access exposes industry systems and critical infrastructures to safety and security risks. Since IT is an essential part of manufacturing, functional safety and cyber security will have to work together to secure data exchange, and to ensure availability and reliability of networked systems. Networked industry (Industry 4.0) organisations, in particular, will have to consider the safety and security of their products across the entire life cycle and continuously monitor them for potential risks.
Key factor endpoint security
Terminal devices, such as servers, laptops, mobile phones and tablets, desktop computers, etc. are among the easiest gateways for attackers to capture. Solutions limited to filtering suspected malicious content (i.e. Anti-Virus, Anti-Malware) at the endpoint, no matter how “intelligent”, will not suffice. Gaining visibility into real-time threats by monitoring and correlating with other events across the enterprise will offer superior protection against potential attacks.
The end of the silo mentality? eGRC and IT GRC are coming together
The integrated view of IT and business risks does not only improve the regulatory reporting; it allows for an unbiased view of actual risk exposure and the protected organisation’s values. Additionally, integrating eGRC and IT GRC enables management to achieve a higher decision quality within the organisation. These tactics are of vital importance to organisations when considering tightened legal requirements, such as the EU data protection basic regulation, and the protection of intellectual property.
At TÜV Rheinland and OpenSky, we believe senior management plays a key role in securing their organisations from both internal and external threats. According to Tom Hazen, President at OpenSky, “Cyber security must be part of each business case and cannot be viewed only as a pure cost driver. Ideally, cyber security becomes a risk consultation and also a business enabler”.
Edited for web by Jordan Platt.