5 ways you’ll see cyber security change in 2017

05/05/20175 Minute Read

Most IT security professionals agree that cyber security practices haven’t changed significantly in the last 25 years. But 2017 will see a big shake-up across the entire security industry. The hacks associated with the recent United States presidential election have brought a fresh focus on the problem.

Rather than being a topic discussed within boardrooms, cyber security will be the topic. Organisations are realising that if a breach can happen at the highest levels of government, it can happen to them, too. The big spotlight shining on security will accelerate the pace of change—probably faster than even we in the industry realise.

Here are five ways I predict cyber security will (or needs to) change in the coming year.

1. Security spending will increase at least 20 percent overall, year-over-year

Security spending was going to increase anyway. The number of incidents was already high—and growing—but the election hacks provided a wake-up call that’s forced businesses to take cyber security more seriously.

Security practices have changed so little that hackers are using old methodology, such as traditional distributed denial-of-service (DDoS) attacks and phishing schemes, because they still work. Beyond deeper encryption and more tools, our whole approach to security needs to change, which will require serious investment.

2. More focus on monitoring social engineering risk

Social engineering remains the best way to break into an organisation. All it takes is one employee to click one link to compromise your entire network, as demonstrated by the hack on John Podesta’s email while he was chairman of the 2016 Hillary Clinton campaign, which was achieved through a simple phishing campaign.

Based on that, security teams will be under extra pressure to monitor, detect, and protect within their environments. We’ll never completely get around social engineering—employees are human, and they make mistakes—so we need better ways to detect risky behaviours and quickly isolate social engineering breaches before they cause costly damage, which will trigger security investments focused on this specific risk.

2. More focus on monitoring social engineering risk

Social engineering remains the best way to break into an organisation. All it takes is one employee to click one link to compromise your entire network, as demonstrated by the hack on former chairman of the 2016 Hillary Clinton campaign John Podesta’s email, which was achieved through a simple phishing campaign.

Based on that, security teams will be under extra pressure to monitor, detect, and protect within their environments. We’ll never completely get around social engineering—employees are human, and they make mistakes—so we need better ways to detect risky behaviours and quickly isolate social engineering breaches before they cause costly damage, which will trigger security investments focused on this specific risk.

3. Education will become a key security strategy

Most companies provide some security education, but considering the growing number of security incidents—especially those around social engineering—we’re obviously not doing enough. However, the latest high-profile incidents based on simple employee mistakes will bring more urgency to the need for continuous workforce education.

Organisations will begin to realise that everyone who has access to the network should also be responsible for protecting it, not just the security team. Expect more investments in education that help employees understand why they need to be ultra-aware of security risk, so security policies can be more effective.

4. Greater demand for integration and standardisation

Enhanced scrutiny on security will mean increased responsibility for security teams, who will need more comprehensive means of monitoring and managing their networks. Most security tools require the IT departments to learn the protocols of that tool and to log into a separate view to use it.

Companies are likely to start pushing vendors to not only integrate their own tool portfolios to roll up into a single-pane view, but to also establish common standards so multi vendor tools can work together. For standardisation to evolve, vendors and customers need to engage in an industry-wide conversation to develop more effective security solutions. This may even be driven by the federal government as a result of its recent security incidents.

5. Increased need for IoT security (especially printers!)

The Internet of Things (IoT) has introduced a whole new set of entry points to the network that need to be secured—sometimes in the form of “old” devices, such as printers. During recent conversations with other high-level security professionals at an industry event, many were surprised to realise they hadn’t considered printer security before.

Printers aren’t just connected through a direct port to your computer like they used to be. They’re part of the network and they’re smart, meaning they can be hacked just like any other device. Printers can also present a physical security risk if they’re used to printing sensitive information, which points to the need for education around printer security, as well. If printer security awareness doesn’t increase under the spotlight on all the other security issues, it certainly needs to.

When it comes to securing our data, networks, and organisations, we could all do a better job. Current events have shown that we certainly need to, and we need to work more closely together across the industry to perform security more effectively and consistently. Maybe you’re a driver of change, maybe you’re waiting to see what happens, but a change in the security industry is coming. Are you ready?

As HP’s Chief Security Advisor, Michael Howard (@MichaelHowardHP) leads a global consultancy team that delivers industry-defining security and compliance solutions and services to its diverse customer base.

Drawing from extensive industry knowledge and experience, Howard mentors his cross-functional technical and business teams on how to discuss and approach security from the CXO to the implementation level, as well as develop solutions to address the complex needs of HP customers.

With a strong customer focus combined with tenacious problem solving, Howard works to keep HP’s customers secure, while driving industry change by sharing best practices and insights through thought leadership development and training.

Jasmine W. Gordon 27/09/2018 4 Minute Read

Security Leader Profile: HP’s Michael Howard talks print sec…

Michael Howard never stops moving. As the Head of Security Practice at HP, he divides his time between leading a global team of print security...

Tektonika Staff 20/09/2018 4 Minute Read

Monitor your print fleet with these three security controls

The growth of the Internet has offered businesses unprecedented opportunities in communication and commerce. But it's done the same for hackers. As the...

Tektonika Staff 13/09/2018 8 Minute Read

Expert tips on endpoint security: understand how to stay compliant

With 21 years under his belt, Jason O'Keeffe is one of the world's foremost experts in IT security. As lead HP Print Security Advisor, he has firsthand...

  1. 2

Leave a Comment

Your email address will not be published. Required fields are marked *