In 2017, the year of cloud security solutions and increased pressure to update legacy cyber security strategies, a change in paradigms is necessary. Cyber security has to be considered a business enabler, and no longer a cost driver.
What will be the main themes of cyber security in the next twelve months? One thing is evident: We are in the midst of an era of significant data breaches. Frank Luzsicza, EVP, Information and Communication Technology at TÜV Rheinland, is convinced that "the amount and availability of sensitive information about people and connected systems will inevitably lead to increased pressure to update legacy cyber security risk strategies to the new attack surface". The Cyber Security Trends of 2017 from TÜV Rheinland and OpenSky provides a deeper examination of these topics. They reflect the assessment of the current developments from its leading cyber security experts in North America, Europe and IMEA regions.
1. The force of the attacks is increasing. Who is responsible?
Additional waves of attack will follow, but there will be an increased strength behind these attacks. This raises central questions about the protection of networked devices, IT/OT networks, and connected infrastructures: Who is responsible when cyber security measures are not sufficient? Do organizations need to further tighten their requirements and governance controls?
2. The Internet of Things (IoT) requires mandatory security standards.
Smart devices are becoming increasingly popular – simultaneously the protection of consumer privacy is becoming more urgent. Manufacturers of networked devices will have to introduce higher security standards. Voluntary or mandatory cyber security verification and certification for IoT devices will become more likely before their market launch.
3. 2017 will be the year of cloud security solutions.
Customer sensitivity to integrated cloud services and IT network security is increasing. Security solutions that monitor the network traffic between the cloud service client and the cloud service provider are in increasingly high demand.
Furthermore, the cloud becomes increasingly the source for security solutions including real-time security analysis and the detection of anomalies by artificial intelligence (machine learning), but also for security data analytics managed services and incident response advisory services.
4. The new perfect couple: IAM and the cloud.
IAM and the cloud are becoming the new organizational perimeter. Cloud strategies will be closely interwoven with the fields of law, access and password management. The result is a consistent user and authorizations management, using roles in addition to a secure and user-friendly authentication.
5. Preferred targets: Patient records and medical devices.
Hackers will target the healthcare sector with increasing frequency in 2017. Medical facilities will need convincing answers to the questions surrounding improved protection of networked medical devices and sensitive patient data. Additionally, as data protection requirements in Europe continue to tighten, manufacturers of medical devices will continue enlisting independent third parties for security audits.
6. Managed security services: You won´t protect your organization without them.
Many organizations still view the subcontracting of cyber security to external partners with a critical eye. In light of the continuing lack of talent, trust in competent cyber security partners will become one of the most important success factors to protecting organizations, due in part to the growing number of internal offenders.
7. Industry 4.0: Integrating Functional Safety and Cyber Security
Now more than ever, the unauthorized access exposes industry systems and critical infrastructures to safety and security risks. Since IT is an essential part of manufacturing, functional safety and cyber security will have to work together to secure data exchange, and to ensure availability and reliability of networked systems. Networked industry (Industry 4.0) organizations, in particular, will have to consider the safety and security of their products across the entire life cycle and continuously monitor them for potential risks.
8. Key Factor Endpoint Security
Terminal devices, such as servers, laptops, mobile phones and tablets, desktop computers, etc. are among the easiest gateways for attackers to capture. Solutions limited to filtering suspected malicious content (i.e. Anti-Virus, Anti-Malware) at the endpoint, no matter how “intelligent”, will not suffice. Gaining visibility into real-time threats by monitoring and correlating with other events across the enterprise will offer superior protection against potential attacks.
9. The end of the silo mentality? eGRC and IT GRC are coming together.
The integrated view of IT and business risks does not only improve the regulatory reporting; it allows for an unbiased view of actual risk exposure and the protected organization’s values. Additionally, integrating eGRC and IT GRC enables management to achieve a higher decision quality within the organization. These tactics are of vital importance to organizations when considering tightened legal requirements, such as the EU data protection basic regulation, and the protection of intellectual property.
At TÜV Rheinland and OpenSky, we believe senior management plays a key role in securing their organizations from both internal and external threats. According to Tom Hazen, President at OpenSky, "Cyber security must be part of each business case and cannot be viewed only as a pure cost driver. Ideally, cyber security becomes a risk consultation and also a business enabler."
About TÜV Rheinland and OpenSky
TÜV Rheinland is a global leader in independent inspection services, founded more than 140 years ago. The group maintains a worldwide presence with 19,600 employees; annual turnover is nearly EUR 1.9 billion. For more than 15 years, TÜV Rheinland has been supporting the private and public sector with comprehensive consulting and solution expertise in IT, cyber security and telecommunications through digital transformation processes.
With more than 600 specialists around the world, TÜV Rheinland provides strategic consulting, design and process optimization through to implementation, operation, or certification of systems. A high level of technological expertise, comprehensive experience in key industries and strategic partnerships with market leaders enable them to create innovative and future-proof Information and Communication Technology (ICT) solutions.
OpenSky Corporation is part of the TUV Rheinland group and a 100% subsidiary of TÜV Rheinland. OpenSky provides information technology expertise to help corporations optimize IT platforms, protect information assets, and accelerate the adoption of strategic technologies. It specializes in transformational IT infrastructure, security, and risk consulting.
OpenSky's key differentiators include vendor independence, deep industry and technology expertise, and a holistic approach to evolving IT infrastructure platforms.
For more information about TÜV Rheinland, please visit http://www.tuv.com
For more information about OpenSky, please visit http://www.openskycorp.com