Hyperconnectivity driven by the rise of the digital-everything economy and the internet of things (IoT) will soon disrupt the cybersecurity landscape in a way that hasn’t been seen in the past—and organizations should act now to be prepared. That’s the assessment from The Information Security Forum (ISF)’s Threat Horizon 2019 report, which frames this year’s trends as setting the stage for much worse scenarios down the road. The rest of 2017, the report noted, will see the rise of more and more connected things, increasing sophistication in crime syndicates, an over-dependence on critical infrastructure and weaponized systemic vulnerabilities, all against a backdrop of crumbling legacy technology and global consolidation. All of that will mean that the impact of data breaches increases dramatically. “How an organization responds to today’s increasing cybersecurity threats will vary based on a number of factors, including its unique blend of people and skills, products and services offered and approach to risk management,” said Steve Durbin, managing director of the ISF. “However, an organization that is well-informed about emerging technologies and corresponding threats will be best placed to make winning decisions. The key differentiating factor will be the degree to which organizations are prepared to meet the challenges of a fully connected society.” That will be critical given the ISF’s expectations for next year. The report predicts that the IoT will continue to leak sensitive information, while opaque algorithms compromise integrity. Also, rogue governments will start to use terrorist groups to launch cyber-attacks, as criminal capabilities expand gaps in international policing. And, researchers will be silenced to hide security vulnerabilities while the cyber-insurance safety net is pulled away. Regulations will fragment the cloud. By 2019, organizations will be faced with a hyper-connected world where the pace and scale of change—particularly in terms of technology—will have accelerated substantially. ISF said that we’ll see premeditated internet outages bringing trade to its knees; ransomware hijacking the IoT; privileged insiders coerced into giving up the crown jewels; automated misinformation and falsified information that compromises performance; subverted blockchains that shatter trust; surveillance laws exposing corporate secrets; privacy regulations impeding the monitoring of insider threats; and a headlong rush to deploy artificial intelligence that will lead to unexpected outcomes. Navigating this calls for a strong collaborative culture with the right people congregating at the right time to play their part in ensuring success, the report postulates. In all, the document highlights nine major threats, broken down into three challenging themes that organizations can expect to face over the next two years as a result of increasing developments in technology: 1. Disruption: From an over reliance on fragile connectivity requiring a seismic shift in the way business continuity is planned, practiced and implemented. 2. Distortion: As trust in the integrity of information is lost, the monitoring of access and changes to sensitive information will become critical as will the development of complex incident management procedures. 3. Deterioration: When controls are eroded by regulations and technology bringing a heightened focus on risk assessment and management in the light of regulatory changes and the increased prevalence of artificial intelligence in everyday technology. “Traditional business models will certainly be disrupted over the next two years, forcing business leaders to develop cutting-edge trading models while dealing with new regulation, advanced technology and distorted information,” said Durbin. “With established controls rendered ineffective by the latest security threats, new and innovative ways must be found to protect an organization’s most critical information assets.” Some of the recommendations include changing up existing business continuity plans to engage with internal and external stakeholders to agree alternative methods of communication (e.g. telex, satellite, microwave); and lobbying for minimum security standards for IoT devices via regulation. Having a clear sense of who has access to which critical assets and how to manage that will be crucial; as will monitoring access and changes made to sensitive information, using tools such as a Federated Identity and Access Management (FIAM) systems and Content Management Systems (CMS). The ISF also recommends building collaboration across the organization, and conducting a risk assessment to understand the impact of metadata being lost by a communications provider. Businesses should also hire AI specialists now. “Moving forward, organizations must prepare themselves for unprecedented levels of collaboration,” said Durbin. “Legal, compliance, audit, HR, IT, information security and other stakeholders must congregate to assess risks and inform the decision-making process. This collaboration should be extended to partners, manufacturers, vendors and regulators to ensure information security requirements are met.”
Carriers’ 5G plans are Rooted in SDN/NFV, Says Ixia Survey
A new survey sponsored by Ixia reinforces the impression that telecommunications companies around the world...
Fortinet a Gartner Enterprise Network Firewall Magic Quadrant LeaderRead the Report
Other content in this Stream
CenturyLink says SD-WAN is just one part of the edge network
CenturyLink says SD-WAN is part of a wider variety of virtual business services it can deliver via its implementation of SDN and NFV.
Ambitious Amsterdam Makes ONAP's Case | Light Reading
First software release fully merges OpenECOMP and OPEN-O into modular architecture, pieces of which are already being put to use and in PoCs.
How Digital Transformation is Impacting Managed Security Service Providers
Learn about the resulting business potential
How to Create Sandbox-as-a-Service for MSSPs
Learn a three-step approach that provides MSSPs intuitive and effective security solutions for their customers and how offering a sandbox-as-a-service will increase revenue and profit margins.
Creating SIEM as a Service
Learn how MSSP can monetize and deliver FortiSIEM as a Service to their customers.
Trustwave a Global Powerhouse Partners with Fortinet
Trustwave leverages the Fortinet Security Fabric for their large, enterprise-scale FortiGate deployments, to deliver Managed Security Services efficiently and effectively around the world.
Fortinet MSSP Webinar Series MSSP 201
AT&T Summit: A Call for Tech-Optimists
AT&T's John Donovan addressed cultural and technological challenges facing the operator and its enterprise customers.
AT&T enhances Amazon Web Services relationship to further cloud bond with enterprise customers
AT&T has expanded its business cloud network solution partnership with Amazon Web Services (AWS).
AT&T, CenturyLink say they’re safe from KRACK Wi-Fi vulnerability
AT&T and CenturyLink have not reported any broadband customers affected by the KRACK (or Key Reinstallation Attack) Wi-Fi vulnerability.
Securing Your Enterprise’s Expansion into the Cloud
Expansion into the cloud requires securing those environments and the data traveling through them, which can also be extremely challenging.
Partnering with an MSSP for a More Secure Digital Business
MSSP teams are experts at building consistent security implementations between traditional, private cloud and public cloud networks.
Today’s Best Practices for Protecting the Distributed Network
Sophisticated threats and distributed networks require cross-referencing data from a variety of tools to detect and respond to threats.
A Checklist for Securing the Internet of Things
IoT devices promise endless benefits, but they also come with serious security issues. Use this checklist to make sure your company stays safe.
Cable Networks Seem Pretty Darn Hard to Virtualize
Cable networks have a much more complicated access network architecture, making it more difficult to deploy software-defined networking.
Why Fortinet for MSSP?
ETSI addresses cybersecurity risk management in new report
ETSI is taking on the growing cybersecurity risk issue by releasing its ETSI TR 103 456 report.
Best practice: Security operations automation before orchestration
Based on numerous conversations with CISOs, I've learned there is widespread interest in automating and orchestrating security operations. In fact, lots of enterprises are already doing so....
MegaPath adds Fortinet security to its SD-WAN portfolio
MegaPath has integrated Fortinet cybersecurity technology into its SD-WAN portfolio.
CSO: KRACK: Researcher discovers flaws in WPA2 authentication