Cybersecurity risks — driven by foreign actors, a proliferation of exploits and poorly secured legacy infrastructure in an increasingly connected world — are intensifying, research and advisory firm Forrester reported as part of a much larger 2017 predictions guide.
The Democratic National Committee email breach saw Forrester’s previous prediction that cybersecurity would impact the presidential election become reality. There should be significant concern that nation states and hacktivists will attempt to undermine government integrity within the first 100 days of the new administration. The research group says geopolitical concerns must be factored into any firm with government business as ideologies could look to disrupt entities and exfiltrate information related to political and diplomatic operations.
In general, the internet of things, machine learning and artificial intelligence are fueling an explosion of data collection by companies, and as more and more personally identifiable information is conglomerated there is even more of a need for security and risk professionals to escalate security hygiene, say company officials in 2017 cybersecurity predictions.
Broader connectivity, including cloud and bring-your-own-device adoption, creates the potential for more vulnerabilities, whether from targeted espionage, ransomware, IP theft, denial of service or privacy breaches. Forrester believes this opens the possibility of a Fortune 1000 company failing through bankruptcy, acquisition or regulatory enforcement due to a cyberattack unless proper time is spent protecting critical assets and systems.
The merger, acquisition and partnership arrangements of healthcare providers are also creating an irresistible target full of unique, permanent information, such as genetic markers and biometric data, and these conglomerates need to spend more than a quarter of their IT budget on security at a minimum.
In addition, the increase in internet of things devices opens up vulnerabilities in fleet management in transportation, security and surveillance apps in government, inventory and warehouse management apps in retail and industrial asset management in primary manufacturing. Quick remediation, including over-the-air patching, and fully automated scripted security testing should be a must from the beginning of development, suggests Forrester.
Finally, a lack of internal resources can force CISOs to turn to external services, so combining 75-percent human decision-making with 25-percent automation will reinforce the rules of engagement and improve mitigation in the case of a genuine threat.
The volume and complexity of concerns is growing, cautions the firm, so the key is to assume failure, focus on developing resilience skills and strategic resources and constantly optimize detection, prevention and response synergism.
The entire predictions guide can be downloaded from Forrester’s website.