Not enough staff and insecure data top the list
As we enter winter 2018, the cybersecurity landscape is decidedly a mixed bag. According to a survey compiled by the Ponemon Institute, 67 percent of companies believe they are more vulnerable than in 2017. The report surveyed 612 chief information officers (CIOs) and IT security experts and found the top five threats facing the industry are lack of competent in-house IT staff (70 percent), data breaches (67 percent), cyberattacks (59 percent), inability to reduce employee negligence (54 percent), and ransomware (48 percent).
These threats are diverse, complex, and touch nearly every aspect of the modern business that’s reliant on a networked world.
Not enough cybersecurity experts
The top concern, hands down, among security professionals surveyed by Ponemon is a simple, but striking fact – there aren’t enough of them. As the number and complexity of threats continue to rise, demand for competent staff to combat them grows accordingly. But it has become increasingly difficult for HR managers to fill the pipeline with professionals who can stem the tide.
The demands facing these individuals include tackling vulnerabilities in mobile, cloud computing, and the thousands of connected devices that fall under the Internet of Things (IoT), which can include anything from your car to thermostats to the systems in an entire building. In addition, experts will need to ward off the biggest threat from within – cybersecurity negligence from an organization’s staff, who continue to fall for increasingly compelling phishing scams.
As companies struggle with this staffing shortage, the pool of cybercriminals is expected to only grow, with a plethora of off-the-shelf tools at its disposal and a lower threshold of knowledge required to carry out attacks.
All is not lost, however. According to Ponemon, 61 percent of respondents anticipate staffing improvements in the near future.
One of the many lessons from the Equifax breach of 2017 is that hackers have set their sights on increasingly ambitious targets. Not content with individual or locally-networked computers, cybercriminals are casting their gaze upward, to the cloud. Collectively, the cloud computing industry houses a near limitless store of data and its use is becoming ubiquitous for companies large and small. This affects businesses as well as consumers, who rely on the cloud for easy access to e-mail, photos, calendars, and passwords. In short, it’s where we put the record of our lives.
The biggest operators in the cloud – Amazon, IBM, and Google, to name a few – have the best and brightest digital security minds on speed dial, so their virtual armor will likely remain tougher to crack. A greater concern comes with smaller companies, where even a modest breach can mean big bucks for hackers and major headaches for users.
Another key data concern is how other companies use it. You may have your systems locked up solid, but third parties who also use your data may not. 60 percent of Ponemon respondents say their worries about a third-party data breach has increased since last year.
Cybersecurity … brick-and-mortar threats
While hackers often get into the business for financial gain, some also want to stoke fear and uncertainty. Experts predict an increase in virtual attacks on transportation networks, electrical grids, water purification systems, and other critical pieces of infrastructure. Whether the goal is to plunge an already unstable country into darkness or demand an absurd price to remove ransomware, real-world targets – particularly those that rely on outdated networks created decades ago – may prove irresistible to hackers.
An industry image problem
Alongside these immediate, concrete concerns has emerged a quieter issue that arguably may have far greater long-term implications – the security software industry has a growing image problem.
In recent years, hackers have turned their attention to this critical first line of defense used against them. They target trusted programs and the software and hardware supply chain, which allows them to control security devices and thereby manipulate the user experience. In recent years, public knowledge of these attacks has begun to erode consumer confidence in the very products on which they desperately rely for safety.
In addition to the larger, systemic issues raised above, a hodgepodge of other concerns exists, including crypto jacking, PowerShell attacks, and a potential infestation of malware-launching worms.
But, take heart
Amidst the gloom and doom of these predictions, there are developments on the horizon that hold promise, including improvements in intelligence, people, and technology, as well as a reduction in complexity, a key barrier to attracting fresh talent.
Cybersecurity is complex, and CISOs, CEOs, and IT teams need support across all fronts. Fortunately, Absolute Logic can provide just the solution your company needs to ensure top-quality security and compliance with local and federal regulations. Contact us today – and start sleeping a bit more soundly.