1. The force of the attacks is increasing. Who is responsible?
Additional waves of attack will follow, but there will be an increased strength behind these attacks. This raises central questions about the protection of networked devices, IT/OT networks, and connected infrastructures: Who is responsible when cyber security measures are not sufficient? Do organizations need to further tighten their requirements and governance controls?
2. The Internet of Things (IoT) requires mandatory security standards.
Smart devices are becoming increasingly popular – simultaneously the protection of consumer privacy is becoming more urgent. Manufacturers of networked devices will have to introduce higher security standards. Voluntary or mandatory cyber security verification and certification for IoT devices will become more likely before their market launch.
3. 2017 will be the year of cloud security solutions.
Customer sensitivity to integrated cloud services and IT network security is increasing. Security solutions that monitor the network traffic between the cloud service client and the cloud service provider are in increasingly high demand. Furthermore, the cloud becomes increasingly the source for security solutions including real-time security analysis and the detection of anomalies by artificial intelligence (machine learning), but also for security data analytics managed services and incident response advisory services.
4. The new perfect couple: IAM and the cloud.
IAM and the cloud are becoming the new organizational perimeter. Cloud strategies will be closely interwoven with the fields of law, access and password management. The result is a consistent user and authorizations management, using roles in addition to a secure and user-friendly authentication.
5. Preferred targets: Patient records and medical devices.
Hackers will target the healthcare sector with increasing frequency in 2017. Medical facilities will need convincing answers to the questions surrounding improved protection of networked medical devices and sensitive patient data. Additionally, as data protection requirements in Europe continue to tighten, manufacturers of medical devices will continue enlisting independent third parties for security audits.
6. Managed security services: You won´t protect your organization without them.
Many organizations still view the subcontracting of cyber security to external partners with a critical eye. In light of the continuing lack of talent, trust in competent cyber security partners will become one of the most important success factors to protecting organizations, due in part to the growing number of internal offenders.
7. Industry 4.0: Integrating Functional Safety and Cyber Security
Now more than ever, the unauthorized access exposes industry systems and critical infrastructures to safety and security risks. Since IT is an essential part of manufacturing, functional safety and cyber security will have to work together to secure data exchange, and to ensure availability and reliability of networked systems. Networked industry (Industry 4.0) organizations, in particular, will have to consider the safety and security of their products across the entire life cycle and continuously monitor them for potential risks.
8. Key Factor Endpoint Security
Terminal devices, such as servers, laptops, mobile phones and tablets, desktop computers, etc. are among the easiest gateways for attackers to capture. Solutions limited to filtering suspected malicious content (i.e. Anti-Virus, Anti-Malware) at the endpoint, no matter how “intelligent”, will not suffice. Gaining visibility into real-time threats by monitoring and correlating with other events across the enterprise will offer superior protection against potential attacks.
9. The end of the silo mentality? eGRC and IT GRC are coming together.
The integrated view of IT and business risks does not only improve the regulatory reporting; it allows for an unbiased view of actual risk exposure and the protected organization’s values. Additionally, integrating eGRC and IT GRC enables management to achieve a higher decision quality within the organization. These tactics are of vital importance to organizations when considering tightened legal requirements, such as the EU data protection basic regulation, and the protection of intellectual property.
At TÜV Rheinland and OpenSky, we believe senior management plays a key role in securing their organizations from both internal and external threats. According to Tom Hazen, President at OpenSky, "Cyber security must be part of each business case and cannot be viewed only as a pure cost driver. Ideally, cyber security becomes a risk consultation and also a business enabler".
Whitepaper of the Cyber Security Trends 2017 from TÜV Rheinland and OpenSky under www.tuv.com/en/cybersecuritytrends2017 for download.