It has to be said, that it’s not going to get easier to handle IT security. We are living in the world of exploding possibilities and the IT environment is becoming increasingly complex.
In parallel, the IT security landscape is also growing. IT security departments are no longer just one more cost in a company’s finances, but are critical areas of operation with rapidly increasing budgets.
Enterprises have become aware of the importance of security. After much publicized data leaks from big organizations, it is clear to companies and their customers – not to mention hackers, that there are big money on the table.
Too many tools, too little…
Companies invest in tools that are newer and more advanced, but this alone doesn’t increase security. In fact, this approach may have a negative impact. This is because security structure can become over-complex and difficult to keep up to date.
Gartner and Forrester warn that equating higher security budgets with security and risk-management maturity may lead nowhere. Tools can fail, and to really secure an organization its security tools must be made more resilient and the structure more transparent. Otherwise it just gives a false sense of security.
Endpoint complexity increases the risk. If a device has too many end-point agents (encryption, patch/client management options, and anti-virus or anti-malware), it is impossible to test and update everything properly.
Ransomware is getting smarter
Ransomware attacks can defeat even the most complex email security solutions. Today’s security solutions usually start detecting an attack hours after they occur, which means ransomware has enough time to do damage.
Emotet, for example uses a specific shortlist of targets, so even reputable defenses need more time to detect it. In addition, attacks constantly change IOCs (Indicator of compromise), which makes it even more complicated for traditional security solutions to cope. Attacks occur in cycles, even once a week. Attackers create a new sample base, then produce new permutations and distribute them.
Phishing is the number one threat
Phishing is thought to be more dangerous than malware, as this type of attack is often successful due to its large scale and the human factor involved. Phishing attacks are becoming more sophisticated, and can fool humans (including professionals aware of potential threats) and email security mechanisms which should block them.
Consequences of a phishing attack are serious for businesses, and also make further attacks easier as the criminals can use leaked data (compromised logins and passwords, for example). Technologies that can detect and block phishing attacks are urgently needed by organizations of all sizes. According to Gartner, the vast majority of threats begin with an email.
We have to detect threats faster
How many times have we heard of an attack detected weeks after they took place? The danger is greatest in the period between an attack being attempted and detected, and the first few hours can be a crucial period in which attackers can devastate an organization. Security professionals and organizations should see rapid reaction as a priority challenge to be addressed in the coming year.
Collaboration platforms are common gateways to attack
Messengers and collaboration platforms such as One Drive, Google Drive and Skype are popular and valued by many professionals as they make co-working easier. Usually, they are also trusted by users. These things are also reasons why such platforms are commonly chosen by hackers as potential gateways into an organization.
Small businesses are the target
According to a Verizon report, in 2019 43% of security breach victims were small businesses. These attacks do not make headlines, but are easier to perform by hackers and more difficult to detect by an organization which does not have the latest tools, a consistent security policy, and security professionals who can keep an watchful eye on the IT infrastructure.
Security requires more creativity than ever. In this unpredictable area, this one prediction should be taken for granted.