By Sharon Florentine
Dec. 1, 2016
When a breach occurs, even with layers of security, the question of who "owns" it and who had or has power to do something about it will create intense reactions and finger-pointing, he says.
Companies can head off this blame game by ensuring open communication between IT and business leadership to understand the potential threats, options for security and safety and the challenges and constraints that exist within the organization, Dircks says.
"Part of the problem is that, as a CSO, a CISO or even a CIO -- anyone with security responsibility -- you're either invisible, if you're doing your job right, or you're on the hot seat. If you come up with great policies, procedures and security measures, then you often leave those to IT to operationalize. But if those fail because you didn't understand the business needs, the budgets, the requirements, then you're not really helping," he says.
4. Ransomware will spin out of control
Since January 1, 2016, Symantec's Security Response group has seen an average of more than 4,000 ransomware attacks per day: a 300 percent increase over 2015, according to its 2016 Internet Security Threat Report.
Most organizations rely on low-overhead prevention techniques, such as firewall and antivirus solutions or intrusion prevention to mitigate threats like these, says Cyber adAPT's Scott Millis. However, these tools are insufficient, and breach data shows that detection and incident response must be improved.
And as attackers continue to use social engineering and social networks to target sensitive roles or individuals within an organization to get to data, the need for comprehensive security education becomes even more critical, he says.
"If security policies and technologies don't take these vectors into account, ransomware will continue to seep in. There's also the issue of detection. Some attackers can reside within a company's environments for months, often moving laterally within environments, and silos between network, edge, endpoint and data security systems and processes can restrict an organization's ability to prevent, detect and respond to advanced attacks," Millis says.
Finally, new attack surfaces -- for example, IaaS, SaaS and IoT -- are still so new that organizations haven't yet figure out the best way to secure them, he says.
5. Dwell times will see no significant improvement
Dwell time, or the interval between a successful attack and its discovery by the victim, will see zero significant improvement in 2017, Millis says. In some extreme cases, dwell times can reach as high as two years and can cost a company millions per breach.
"Why so long? In my view, this is annoyingly simple -- there's little or no focus on true attack activity detection. At the advent of the 'malware era', companies, vendors and individuals were rightly concerned about 'keeping out the bad guys', and a whole industry grew quickly to focus on two basic themes: 'Defense-in-depth', which I view as layering prevention tactics in-line to make penetration from the outside more difficult; and 'Malware identification', which manifested itself as an arms race towards 100-percent-reliable identification of malware," Millis says.