Digital Transformation
cancel
Showing results for 
Search instead for 
Did you mean: 

The biggest security threats of 2016: How CIOs can prepare

BI_Guest

 

BiggestSecurityThreats.jpg

Guest post by Michelle Greenlee

The number of large-scale data breaches in 2015 illustrates the potential for even more widespread offensives that could be orchestrated by determined attackers. These attacks have demonstrated an increasingly sophisticated approach, sometimes involving multiple attack vectors. 2016 will require extra vigilance and a new approach to defending organizations' target areas as security threats evolve.

Todd Inskeep, a member of the RSA Conference advisory board, believes CIOs must adopt a new perspective to deal with potential security threats in an increasingly interconnected environment. As more devices and machinery come online, they create more attack vectors. Old security protocols won't provide the best possible protection from these newer threats. CIOs should identify, locate, and protect their most important resources.

According to Inskeep, "CIOs should be worried about the continuing evolution of the threat to their critical information. Threats are getting more sophisticated while companies continue to layer on protection like peanut butter across systems. Increased sophistication on the attack side, with a continued effort to protect everything equally, is a recipe for disaster."

A new generation of IT security threats

The monetization of stolen data will continue to become a serious threat to enterprise security. "Adversaries have figured out they can monetize more than just credit cards and personal information. Corporate data is becoming subject to extortion and blackmail, a la the Sony hack, which demonstrated that companies have lots of information they would prefer to keep private. And ransomware can be as damaging to companies as individuals when important files are unavailable. CIOs need to focus on what really keeps the business operating, and protecting those most important processes and the information that drive them on the systems where those processes operate," Inskeep says.

Typical attacks will continue to evolve to include connected equipment beyond standard-issue digital office equipment. The industrial Internet will connect equipment to the same network in new ways. CIOs should consider a new approach to both the factory floor and the network. Inskeep explains, "As the idea of the connected factory or Manufacturing 4.0 takes off, it's increasingly important for CIOs and CISOs to think about two new aspects of the business—the security of the company's products themselves, and the security of the manufacturing processes and production lines that build those projects. Understanding and planning the security of operational IT systems is a new area of responsibility for many CIOs."

Intentionally manipulated data will also begin to influence unsuspecting companies in unpredictable ways. "Big Data will be affected as dashboards and insights from analytics point to interesting results. And the potential for adversarial data scientists opens up and they can think about using Big Data to target their own interests. Big Data (and the output of analytics) may also be subject to alternate attacks as hackers create misleading insights, or push companies towards unexpected (and unrepeatable) results," Inskeep warns. As the number of connected devices grows, consumer devices, industrial sensors, and other equipment will all provide even more avenues of attack.

"Bruce Schneier recently said we're really building a worldwide robot with unanticipated consequences as we connect more systems from the IoT world to the same Internet where hackers of all stripes are playing. It's worth remembering that the Morris Worm was an intentional effort by a white hat hacker to do something good—but had unintended effects that shut down large parts of the Internet at that time. Good or bad, hackers are likely to find many unintended consequences as we connect more physically moving parts to the network. It's not Skynet; it's something much less intentional with potentially unknown and unexpected impact, " Inskeep cautions.

What can enterprises do to prepare?

Inskeep's final advice to CIOs is to think and plan. It's critical that CIOs "segment networks and systems, spend time wargaming or brainstorming the effects of products you are building for your customers. Spend time considering the far-reaching impact of the products you are implementing from others. Establish a risk assessment process for implementing these technologies that considers a wide variety of impacts to the attack surface, privacy of individuals and companies, security of the company, brand trust, and other aspects of your company. Make sure you have an incident response plan that considers multiple perspectives and test it with all the stakeholders—from corporate communications to legal, to the IT shop and the business executives."

2016 will bring an onslaught of cyberattacks aimed at all aspects of business. Traditional methods of securing networks and devices against security threats must be combined with new approaches to prevent increasingly sophisticated, multi-pronged attacks.

To learn more about how to prepare for security threats, read the HPE Cyber Risk Report 2016.

0 Kudos
About the Author

BI_Guest

Labels
Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
See posts for dates
Online
HPE Webinars - 2017
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all