Patching and security hygiene will remain a trend for the coming years.
Speaking at the GartnerIAM conference in London, Gartner research director Peter Shoard encouraged the audience to “focus on the vulnerabilities in your environment and not on threats” that are external, as there is too much focus on zero-days and not enough on the basics.
Naming the three main threat landscape trends from 2017 as data leakage, ransomware and DDoS, Shoard said that data leakage is endemic of processing and managing large volumes of data, while ransomware is an ever growing problem, “and not one that is going to be solved.”
He claimed that what is driving it forward is unpatched systems, and there are “plenty of old patches that the bad guys can take advantage of.”
Shoard added that what affected organizations in 2017 will carry into 2018, but we are already seeing signs of change, with Gartner advising clients to understand the business risk and relate security policies and technology implementations to meet that business risk.
“Once you are solving the basic problems you can address the other problems that affect you from a revenue and a threat point of view,” he said.
He also recommended patching and prioritizing patches effectively to “solve big and easy problems first,” and configure network security tools so the output enables patch management.
He concluded by recommending having a plan “for when it all goes wrong,” saying that you cannot protect “all of the things all of the time.”
He said: “Have backups: have the ability to recover from a threat and practice that plan so those involved in it are extremely well prepared for it as it comes forward.”