Latin America. As this year ends, it would be satisfying to look back and see all the successes organizations have had in fighting the rising tide of risks and attacks on corporate information, but sadly, that tide continues to rise. Data breaches in 2016 rose 31% from 2015 figures, surpassing 35 million records, a figure that would rise to 1.35 billion records breached with the recent news of the massive attack on Yahoo. In fact, we are closing 2016 with the largest data breach in history, although it even took three years to find out.
In late 2015, we predicted that the attack surface would continue to expand, that "Shadow IT" would grow, and that people would continue to be the main target of violations. Our predictions came true. Although we also forecast that the participation of "C-Suite" executives would increase for the use of security intelligence, these changes have been gradual and this problem of increasing security risks still needs to be controlled.
The data security landscape continues to change and become increasingly complex. In 2015, we talked a lot about data protection on the device. In 2016, we recognized that the endpoint is only part of the growing attack surface, complicated by the progressive use of highly insecure Internet of Things (IoT) devices amplified by the use of the Cloud. The terminal is now an access point to corporate data in the cloud, as well as to the corporate network and the device itself.
Going into 2017, everything will be changing again. Richard Henderson, Global Security Strategist at Absolute Software presented the top security predictions for the coming year.
Top 5 Security Predictions for 2017
1. Home devices will be the source of a major breach – IoT devices are very vulnerable to security breaches so we anticipate a massive breach associated with an unknown, infected or compromised device, for the IT teams that monitor the corporate network.
2. Companies will ban IoT devices in the business network – Although banning the technology is never an effective long-term solution, the current lack of integrated security architecture in IoT devices, as well as the different options provided by third parties, will lead to a ban on such devices in corporate spaces and scenarios.
3. Fake apps will feed databases on the black market – These types of apps, while not new, are growing and evolving rapidly. They are sources of adware and spyware, especially prevalent in the Android universe. What about all the information on the devices? "Imposter" applications can divert the entire flow of information to sources with criminal intentions.
4. A major political scandal will come to light over a stolen device – 2016 saw a lot of controversy surrounding political scandals over emails, hacked servers, and file leaks, so we anticipate this has defined the interest of cybercriminals to increase their attempts to infiltrate political infrastructure. While a lot of attention is being paid to protecting the back-end, it forgets to secure and educate users of endpoint devices, i.e. the politicians themselves, which can cause information to be breached directly from the user's device.
5. Security breaches in 2017 will eclipse those that occurred in 2016 – Although data breaches, such as the mega breach Yahoo experienced, will grow exponentially in the coming years, the number of breaches has increased only year after year. We firmly believe that 2017 will overshadow 2016, largely due to the adoption of cloud services, third-party data processing, and the huge attack surface.
Data security is a big challenge today. As Richard Henderson noted in his predictions, "Defense is a seemingly titanic feat: Defenders have to get it right 100 percent of the time. Attackers only need to be right once."
The solution is not simple. Education, clear policies, and the implementation of different layers of technology are important to provide a defense strategy deep enough to combat as many threats as possible, with redundancies in high-risk areas as the endpoint. As many reports have pointed out in 2016, security is not a "set and forget" situation, but a process that requires continuous updates and monitoring. Automating as much as possible and simplifying your monitoring will be key to ensuring that your data security program remains manageable and successful.
*By Jorge Hurtado, Regional Sales Director for Latin America at Absolute Software
Leave your comment